Scheduled for: Interviews/ Category:
Creating, engaging and giving back to developer communities is key to developer outreach and growth.
Simon Maple is the Director of Developer Relations at Snyk.io, a Java Champion since 2014, JavaOne Rockstar speaker in 2014, Duke’s Choice award winner, Virtual JUG founder and organiser, and London Java Community co-leader. He is an experienced speaker, having presented at JavaOne, JavaZone, Jfokus, DevoxxUK, DevoxxFR, JavaLand, JMaghreb and many more including many JUG tours. His passion is around user groups and communities. When not traveling, Simon enjoys spending quality time with his family, cooking and eating great food.
Kim: Hello good afternoon and thank you for joining us once again on DojoLive! today which is Monday the 18th of March 2019 where we’re basically talking about the future directly from those who are creating it. My name is Kim Lantis, broadcasting live from one of Nearsoft’s offices in Hermosillo, Sonora, Mexico. Joining me are my co-hosts and coworkers Carlos Ponce and also Axel Becerril, hi guys, good this Axel’s first time on DojoLive! Folks he’s one of our developers cut him some slack so today we’re going to be discussing the importance of developer engagement and here’s tell us how he’s helping developers basically create engage and give back to the developer community is Simon maple the director of developer relations at Snyk or Sneak.io even them that they themselves have this ongoing discussion right tomato tomahto in Korean, welcome to DojoLive Simon
Simon: Thank you very much, it’s my pleasure to be here. thank you for inviting me.
Kim: Our pleasure, so to get us started Simon could you please just tell us a bit about yourself as well as your backgrounds?
Simon: Sure, yeah my pleasure too, so yeah I’ve been at developer relations or in technical evangelism or developer advocacy whatever you want to call it this this month I’ve been in that kind of role for a round probably around seven or eight years now and before then I was a developer for approximately another ten to twelve years as well I started off my career at IBM on a mainframe mayer software called WebSphere application server based really firfer Java applications and Java EE applications specifically and so yeah I did I did a lot of time in the kind of more enterprise traditional style development techniques and practices and I did as well as development I was obviously going out you know talking to customers doing on sites doing a lot of conference work as well and some community work and I felt like I really enjoyed that kind of interaction with other people as well as that technical background technical development I did definitely enjoy that going to conferences speaking I love the thrill and the rush of being on stage as well as as well as just you know helping and teaching other people with with you know some of the things that I’ve learned in my time as well so yeah I decided to bite the bullet actually I’ve tried to do a half develop relations half development software development and ended up just doing two jobs and it wasn’t it wasn’t worth it so I decided I had to pick one or the other so I moved over to developer relations at IBM I joined a company called zero turn around five years actually no six years ago so and I was a director of develop relations there for for about five years and I’d literally just moved to Snyk around one year ago and I’ve literally just celebrated my one-year my one-year there today and sorry in the last couple of weeks and yeah I run the dev rel team here as well at Snyk.
Kim: Well congratulations so now that you brought up a Snyk for us why don’t you please tell us real quickly what it is that snaked us what’s your product what problem are you solving.
Simon: Sure, yeah, so actually I really right hate when I was lifting at my moved to my previous move to one of the couple one were on another company I saw snyk and the thing that the thing that really invited me of with with Snyk is the is the fact that their what they actually do is they’re trying to solve a real problem that affects a lot of people and it’s a problem that genuinely helps software engineering and software development today so the role though the role that snylk has in the ecosystem is to is to to find and fix software vulnerabilities that exist in third-party code so we have a whole bunch of developers obviously just writing code and they’re going to have a number of dependencies in their application and it’s really interesting to see sometimes how when a developer writes a small piece of code how much extra code that will pull in and when you actually deploy an application you actually deployed this massive beast of an application and you’ve only actually wrote a small amount of code so what snyk does is it looks at your dependencies which is thing of the vast size of this of this application rather than just the code you’ve written and we try and find known vulnerabilities in those in those dependencies and we will not just tell you about where the vulnerabilities exist that will provide you with an automated remediation about about how you can go about fixing those to the extent that will actually create pull requests into your into your repositories and things like that so we’re we’re we’re finding and fixing known security vulnerabilities in your in your open source libraries we like to say we help people use open source securely.
Kim: Okay very good very good very interesting I understood I think personally about like 10-15 percent of what you just said much more than I would have understand about 3 years ago.
Simon: I was gonna say I’m not doing my job well enough [INAUDIBLE]
Kim: [INAUDIBLE] Axel, I’m sure that you have something, what do you think?
Axel: Yeah, that’s a really common and be problem right now the thing is that we as developers want to deliver as fast as we can so we are relying in other people work to accomplish that but the problem there is that there is a lot of libraries there and it’s easy just to pull them to your to your project in order to to move forward but there are you cannot be so sure about what’s going on with all that code that it’s just been added to the project but you don’t actually see directly to it so get help and get lapped does have some analysis in the dependencies of their of your or your project but what I see that your company does is those automatic fixes you we have we already have BOTS performing some pull requests right.
Simon: Yeah, so we have we have a whole bunch of you know if you if you’re automatically monitoring and things like that will automatically send you pull requests with how to remediate your your vulnerabilities as well so yeah we can do that.
Axel: Yeah because that kind of things are a little tedious to deal with.
Simon: Yeah and you know what I think I think the the things like the github and get labs support you mentioned I think it’s really really great particularly things like NPM audit as well you know they’re the more the more and more these kind of things are built into a lot of the platforms it really gives developers and other people that understanding about this problem is here so for example when you mentioned about you know developers not knowing you know what code they have what dependencies they have when I go to speaker conferences I ask you know put my hand up and say who knows how many direct dependencies you have how knows how many transitive dependencies you have and virtually no one no one and is put in their hands up and it’s because no one actually knows what’s in their application what they’re playing in and it’s a real one serious issue yeah exactly and and the other the other issues you know people want to deliver more and more like you know we hear the term terms like digital transformation right and you know the idea of DevOps which you know as developers we want to write code and we want to push it to production quickly sometimes people think people hear about this happening several times a day maybe every week every couple of weeks every sprint maybe but there are real issues around that if we don’t have other things in place like security testing and so you know one of our big one of our big goals I mean we’re we’re we consider ourselves a developer focused company so we try and we try and dig into where developers are interacting so I des github you know these automatic pull requests as we do testing on pull requests as well so if someone was to raise a pull request we’ll test on the pull request so which we try really interact at that level and by doing that it’s the only way you will be able to release safely because everything a developer does or everything someone does in that workflow you’re constantly testing there’s never like you know the old traditional style when I’m we know when I was at IBM and we have you know big being a huge clients that used to deliver every however many years this isn’t years ago the traditional style and and you know you used to have audits every year or every couple of years and it was scary even back then when when you only had to release every year but you know when when you think about development now where you’re pushing to the where you’re pushing to production daily and you think of a six monthly order that’s scary because then you think you know a six months worth of code that hasn’t been ordered to or hasn’t been tested and it’s it’s a real problem.
Axelim: Yeah, it’is it’s it’s only related with open source dependencies.
Simon: So Snyk, the products Snyk is I have focused on open source dependencies yeah I think it’s good that in my opinion anyway from what I’ve experienced I’ve had with developer tools do they are the best developer tools have a very very significant focus as to what they do and there are different things you have to see you have security testing of your source code and you have open source dependencies there are right tools for both of those jobs and so you know you should use you should create us a set of tools that work for you as an organization and so Snik focuses on third-party dependencies and we focus on doing that well.
Kim: So allowing basically you allow the organization’s to control what they can control and then you help them to control what they can.
Simon: Yeah, you know it’s a lot of the time it’s also helping organizations – almost like opening up developers eyes to what they’re actually doing in the organization because sometimes you know developers even that they’re doing more and more and more and the pressures on a developer is greater than ever you know we have project managers we have managers we have security teams performance teams testing teams and so much of that functionalities come on to the developer and so much that precious comments in the developer the developer just wants to release their code some of them some of them you know want to do it well others are you know I’m a nine-to-five develop I just wanna push this code out so it’s increasingly important that we provide developers with those tools you know whatever the tools so that they can do that job better and you know from the organization’s point of view it’s it’s gonna benefit them hugely.
Kim: So there’s tools like applications but then there’s also tools like yourself correct.
Kim: So what are you as a developer relations like what exactly is that for and what for you personally took you to that crossroad okay.
Simon: It’s a great question yeah, and you know what actually developer relations or developer advocacy is is a it’s one of those things that actually means different things to different people so for me personally I see a developer relations role as someone who empowers developers someone who actually helps educate developers and enables developers to to work quicker and faster and better on a specific platform so if I take my case for an example and snyk you know we have this we have this freemium model so people can just become users of snyk without paying a penny and so what I want to do is I want I want to help developers understand first of all the need of some kind of security testing so I want to educate developers so I want to help developers understand why they need certain things I also want to make sure that you know should they choose snyk as their as their solution of course there are other tools and other products and I when I try and educate around security if I educate you know is around a developer on security and then they go choose another tool or whatever rather than snake and then some come to snyk you know this dad prefers come to me but if they do either I’m still helping developers I’m still doing you know I still feel like it’s part of my role to do this for the for the ecosystem for the you know the the the software the software world comforting so so education is a huge part of that and then and then when it comes to making sure that snyk is as a company is very consumable from her from a user or a developer it’s it’s very key to me that you know we have the kind of tutorials we have the the the like how to’s the to do kind of style of how do I get up and running with something so that there’s there’s an amount of that as well and a lot of this both the content of Education and content of you know the using snyk or any kind of tool for me that you know,that can be blogs, reports, webinars, podcast, like you know like this one or the webinar like this one also a whole bunch of outreach face to face so conferences face to face at customer sites there’s a whole different way there’s a whole different you know number of ways in which this kind of this kind of interaction can happen and and then one of the bigger ones which is which is a really important thing for me as well as developer communities and developer communities I think they can they can exist naturally and they can exist because we can make them happen and both that both are just as important sometimes when they happen naturally they don’t necessarily let you know they’re not they happen naturally because I have a need there’s a need there which will developers are trying to gravitate to you when they happen because you know someone’s trying to you know create a place where developers can come that’s just as good as well because so long as you know if the needs there then that kind of community will succeed if it needs not there then developers just playing my enjoying it and and also it’s about creating that value it’s not about oh you know it’s like that great JFK quote which he said once when he was talking about developer communities I’m sure JFK famously said it’s don’t think about what your community your developer community can be for you so what can you do for your developer community it’s really about that it’s not about what you can take from the community it’s about what you you know what you what value you give them what you can also the development [INAUDIBLE].
Kim: Great, as I was preparing for it today is time I came across a quote that really kind of made me laugh and he said engineers have finely honed if not overly developed bullshit detectors right, so how would you as developer relations how do you make life better for developers and not just make money for a platform like how do you get over this this idea of I’m not self-serving this is this is genuine what are the steps that you take.
Simon: So I think I think there are a number of different ways that people come to the developer advocacy others one of the questions I didn’t ask actually last set but there are a lot number of different ways in which you can go into a develop relations role and one of the ways myself actually in a number of people on my team as well came through into a developer relations role is from actually being a developer ourselves and the benefit of being a developer and then coming into a developer relations role is that we ourselves have a very finely tuned and honed bullshit detector as a result you know we we know what is bullshit and what is not bullshit and as a result when we talk to someone you know we’re not going to try and we’re not just gonna try and you know sell them crap they don’t need we want to make sure that what we are actually doing is providing value and we can do that because we know what is valuable and what it’s not valuable and I know there are a number of people who equally come into the developer relations role who are who are not technical or who are not developers themselves and and I think you know there’s there’s nothing so there’s nothing to say that they couldn’t equally you know have a very finely tuned bullshit detector because you know it’s it’s more of a mindset thing and I think I think you know once once you either get it or you don’t and if you if you don’t get it you’re gonna be a bad dev real person because you’re just gonna annoy people and you know developers just that this is this is another thing I hate doing saying developers because it’s like you know developers of people to write they just judge people and so it’s like you know calling you know sets of developers developers or whatever you know trying to say trying to segregate that group that they’re just people they’re just people who have trying to do something right so you know I think I think to get that well they don’t and you know if you get it and you understand you try and provide value to you know fellow developers then then people will people will react well to you and they all will they’ll they’ll trust you they’ll they’ll learn from you they’ll will learn from them as well which is absolutely kina Dev role to make sure that particularly from a product dev role role and a platform Dev role to understand what works and what doesn’t feed that back because you know we are a resource for developers in the community as well as the other way around developers can learn from us we can learn from developers and feed that back into the product so it’s this kind of you know reciprocal reciprocal kind of thing and so yeah you know if basically if my bullshit detector goes off I don’t I don’t post it I don’t I don’t I don’t talk about it like that so yeah and it you know happens when I’m at conferences how far do I go talking about snyk versus talking about something else luckily we’re not luckily I tend to work for companies that that you know due respect developers and have freemium versions and these kind of things for developers so we have a freemium version for developers open-source developers in a limited number of tests per month so you know this is this is an amazing way in which developers can come join our platform and I can talk about that at conferences so I’m not saying oh yeah first of all you need to pay for this then you need to sign your life away here then you need to give us your firstborn and only then can you use our product right this is this is the bullshit detector where we then start talking about some some amazing so amazing product in an ivory tower and and and you’re really really not relevant to developers at their level.
Kim: So that’s one way to kind of encourage that symbiotic.
Simon: Hundred percent.
Carlos: Simon I have a question for you real quick and of course as I clearly stated at the beginning of before we go before we went on the air is from the non engineers standpoint and my question is more in the in how can I say this from the engagement point of view the engagement itself point of view because we’re talking about the importance of what sort of what did what can you say to our audience that drove you to create them wait a minute let me rephrase this please bear with me I understand you created that you created that Java users group right so.
Simon: Yeah, a virtual job use, virtual drawing, that’s about six years ago.
Carlos: Exactly, the virtual Java users didn’t actually someone from our guys brought it to my attention so what did any did you notice any lack of engagement in the industry that drove you to create the virtual Java users group or does it be ours is it related to your endeavors as the founder of the virtual travel users group what you notice about engagement how is it connected.
Simon: So the reason I created the virtual job user for this was back in 2013 I think was because I mean ultimately I I used to go into London a fair amount for the for the London Java user group which is a user group that I’m one of the co-leaders off and I live around now I live around two hours hour and a half outside of London and at the time in 2012 we had our first child and as a developer relations person you know traveling anyway and then having to go to work and then having to go into London or have an evening and so forth that got pretty straining pretty quickly and it’s it was I was crazy tired anyway just from just from all the family stuff as well as the work stuff and things like that and I thought there’s got to be a better way whereby we can have a community whereby we can learn we can network with people but we don’t have to travel two hours either way you know four hours either way just to do that kind of thing and I was trying to work out how we can and there’s a lot of resources there was stuff on YouTube there was stuff on there was a very know content available online but that’s just content that’s not a community that’s just there’s just information and I thought well you know why don’t I create a community oh I don’t know create a virtual job virtual job user group and it so it came out of a need it really came out of a need first and I thought well if I need it maybe other people do maybe there are people who don’t live near a job user group or people whose Java user groups don’t meet up that regularly so I created this it was a very simple – crappy actually very similar to what we’re doing now is it’s a you know a number of hangouts that we recorded that people all over the world where she got some of the best speakers around the world and as I know you have because well Carlos here in, in some of the some of your previous sessions as well the ability to get speakers and for that we know travel cost very limited time and for the you know to basically just say come used to come in have an hour of your time or 30 minutes of your time and yes so it came out of a need and as a result when there’s a need and other people have that need a communities born it’s just simpler.
Simon: And yeah actually thank you now we have over well over 16,000 members of the of the user group already so it’s it’s it’s really cute and and we created another one in a similar vein actually this was that the Java user group that virtual Java user group is an independent user group this one this new one that we created only about a month ago that she was called the secure developer and this one’s actually as a snyk powered secure developer but their community but we’re keeping it as a vendor neutral educational resource for developers you just want to understand a little bit more about security have that basic understanding so that when they actually write code and develop code they have some basic practices they can follow and some and some good learn and good material so yeah that’s that’s another thing that we just created over a thousand people already on that one as well so yeah weather where there’s a need people will come.
Kim: So I have the question of going back to this idea of open open source which is the main focus for first sneak snyk, [INAUDIBLE] and I think actually you could probably kind of have some insight here too like I’m wondering how it is that you for how products can encourage their kind of ideal developer profiles I guess to actually be the ones who are utilizing or contributing to their own code like is is there kind of like a way that you as developer relations or anyone kind of can sort of gear that toward the people that you are actually prefer to be working on your code I mean my understanding is a lot of time I mean I guess I envision the people who are participating more in OpenSocial to be kind of less um perhaps less experienced because they’re more excited they need to garner this experience there it’s available to them right but then of course the not always the case but then the more seasons developers the more what I would assume to be the more quality code perhaps now they’re more focused on other things their own companies their own products just older life is busier like you just said family time in whatever so how do you strike that balance or is there a balance to be struck.
Kim: With it whereas in within maintainer so have a balance of yeah I think you know there’s there’s a number of things which you couldn’t show from it from a junior developer tough for me there are a couple of real easy ways that this kind of thing can be fixed to level up a junior developer almost instantly one of which is and not just lip tooling but any kind of tooling there there are there are a number of different tools out there from things like fine bugs for example or check marks or yeah code star for example or snyk as well right so that they can be used in a way where by you know bugs or you know a number of issues can be taken out of the code that a developer will contribute before that actually you know gets sent across to the to the to the main repository so there’s there’s a level of all kind of you know eliminating those some of the more basic mistakes that can be put into code before yet someone actually pushes that I’m but the big thing for me really whenever we talk about any of this is is mentoring and I think you know people learn everyone’s always learns no matter what level you are you’re always learning and you’re there’s always someone better than you and there’s always something you can learn from that person so you know I I’m a big fan of mentoring groups I know I know there’s a there’s a lady actually in security called Tonya let me find her name her name is Tania Janca, T-A-N-I-A J-A-N-C-A, she has purple on Twitter and she’s I’ve noticed she’s been running she’s been calling for mentees and mentors in and around security in and around open source and you know trying to pair people who literally you know are calling out for help and calling out for you know someone to someone to hold their hand and kind of take them to the next step.
Kim: I imagine it’s easier to find mentees and mentors so how do you encourage people to mentor others.
Simon: It is, it is you know, because of all the time it’s the mentees that have more of the time more of the need for that for the mentee for the mentor whereas the mentor very often doesn’t have a lot of the time and there are fewer of them so I think I think first of all we you know we can work in groups anyway and you know communities will help us ask questions of each other and in that respect you actually don’t have a direct one-to-one mentee mentor relationship you have a you have a group relationship whereby someone asks the question the group responds that’s how communities work and that’s that’s crazy important there are other groups as well so Tania it asks for mentors mentees and I’m sure she’ll get I’m sure she’ll get more mentees than mentor kind of you know being picked through a lot of mentors they do have a number of mentees so I’m actually a member of a community called MAM which is neat a mentor in London it’s so it’s a it’s a community which is created by a company called rep works and they they have they’ve had some great success by pairing people who you know want to be in a certain position and someone else who has been in that position or or knows how to you know the qualities or the requirements that you have to be you know you have to have achieved to get into that position and they and people help each other joining that and I think it’s great for mentors as well I mean I learn a lot by talking to people about what worked for me what didn’t and it’s very it’s very easy to then self reflect when you’re when you’re talking to someone about your journey as well.
Kim: Well, can you believe it Simon we’re actually coming up to the end of our half hour okay time flies when you’re having fun so I wanted to the Axel if you perhaps had any one final question from the developer perspective for Simon and then once that question wraps up any final words of wisdom that you might have for us please.
Axel: Okay, yeah, question we are having this meeting remotely and a lot of developers will be remotely and you create the virtual user group, but do you think there’s still a need for us developers to look at each other faces directly in this community building importance I don’t know.
Simon: Yeah 100% I think what you can what you can get an a face-to-face meeting over a coffee or water a beer whatever we know what however you wherever you’re meeting whatever you’re meeting over I think I think it’s you get more quality discussion quality time with that person you actually create more of a relationship with that person as well I think you know a lot of companies so for example snyk as an example we have a London office of tel-aviv up as a Boston office and we have a whole bunch of people all over the world working remotely we still have every six months the whole company comes together and we talk all face to face and we’re in the same location Tel Aviv and then London every six months and it’s great to speak to each other we find that when we when we’re there speaking to each other when we then go remotely we actually have better working relationships remotely as well and also at the speed at which we’re growing it’s great because when I was six months ago seven months notes about eight months ago when we when we all met in Tel Aviv so when we all met in London the company had almost a double treble by the time we actually then that in in in Tel Aviv after that so it’s great it’s great that face to face you cannot be too and what are the things I said when I create the virtual group is that I don’t ever want this virtual community to replace a physical community it’s there to complement that that it’s almost like a fortify or you know to to be there in addition to a face to face but but yeah you know as a developer advocate as well I do an incredible amount of online content and the whole team works really hard to create that online content but we don’t just say you know what we’re going to sit at home we’re going to write content we make sure we’re out talking to customers out talking at conferences and meeting people afterwards and talking to them and that’s that’s really one of the best ways of creating that the best relationships.
Kim: It mirrors a lot of I think what we do here at Nearsoft as well we have our annual team-building week’s for a couple years it was twice a year but now it’s just once, did you hear that Roberto? Alright very good, I was going to ask you to kind of end and some final words of wisdom but I think that naturally sort of ended on its final words of wisdom that technology doesn’t replace humanity right.
Simon: Anything more we play now will just ruin that right so we better we better not.
Carlos: Before we go, before we go Simon, it’s anything specifically about Snyk that you would like to tell our audience care can you elaborate a little bit but that or anything you want to mention about snyk maybe you know that’s up to you so we’re inviting you to talk to us about a snyk or to the public to the to the audience.
Simon: Yeah sure so I mean I’ll say a couple of things we won one thing I want to say is how important is that you as a developer or you as a company when you deliver and create your applications it’s incredibly important you actually know what your application is rather than just the code that someone’s writing and the number of people out there you know we hear stories of event stream and and yes Lynn and you know left pad all these developers that are writing content and writing writing code and putting into these code repositories and we just pull them out whether either directly or through through through transitive or indirect dependencies and the applications that we create it’s its almost important to the business that we understand that what we deploy we are responsible for and as a result the responsibility of that application as it gets created from the developer up is everyone’s responsibility but the developers you know first and foremost so education of of the team’s the the business to understand what is in the application and what you deployed is is critical particularly in security and so I you know one of the things that I would encourage is for is for you know developers and all the way up people you know up to you know ceases and CTOs to understand what your advocate how your application is actually built in terms of you know what although all the model all the parts all the libraries that you’re using of course you can use you can use some tools like snyk to do that and i’d encourage you to try snyk for free but you know the greater thing is just to want to just to change your mindset so to think about it like that and one of the other things that i’d like to mention is that I mentioned the secure developer which is like another online community that we do it’s to increase your your education there is a huge number of a huge number month you know knowledge places that you can go to increase your education Ohwasp is a great one the securedeveloper.com is another one that you can sign up and you actually get every two weeks there are there are we do webinars and things like that in which we in which we’re able to educate and share knowledge across the community so so understanding understanding you know as a business what you’re actually producing is an app what you are representing and that that represents you so it’s important to know what that is and having increasing the basic understanding of security throughout your throughout your development teams those those two things I think I will finish.
Kim: Thank you so much for your time today Simon, I know that is the end of the day over there so have a great dinner, glass of wine and enjoy your family.
Simon: Thank you very much.
Kim: Goodnight, thank you Carlos, Axel for your time as well.
Carlos: Absolutely and also thank you Simon for having agreed to be with us and the only thing left for me to do is mentioned that we’re all the contact info for you or for the synk [INAUDIBLE] sorry website is gonna be right there on the DojoLive! website so keep an eye on that folks that’s that’s going to be the best way to contact Simon all his public info is going to be in there with that being said Kim again thank you and we’re gonna be in touch thank you so much and thank you Axel and thank you Kim.