In search of work less traveled
Why I joined Shape Security
Three weeks ago I announced I was joining Shape Security. And by “announced”, I mean, wrote a tweet that maybe 30 or so people saw.
Shape’s a pretty new company, and most people have no idea who they are, or what they do. (“Isn’t that the startup Ariya joined?” is the most frequent response I get.) The gist is that they’re developing a product that automatically protects websites against automated attacks from bots. They have a really good video that explains how; I recommend taking a few minutes to watch it.
There’s a few reasons why I decided to join them.
The first reason is that I have a non-trivial interest in web security. I read the material for fun. I’ve written about common mistakes that lead to XSS vulnerabilities. I’ve spoken at a few conferences about CSP. And I pursued and implemented some security initiatives at Disqus.
What my meager knowledge of web security has taught me is that … security on the web barely exists. It relies on all software developers in the ecosystem — front-end engineers, back-end engineers, vendors, cloud providers — operating without fail. If the security debacles of 2014 indicate anything, it’s that we’re not even close.
Shape is trying to build products that automate security. And while their offering may be commercial, I believe that their work has the potential to lead to a safer web for everybody. A goal I’m proud to work towards.
The second reason is that I want to work on something new.
For many people, new is the chance to work on a new greenfield project and finally write things “your way”. Or to work at a company who uses the tools you’ve only been able to play around with in your spare time. Or to develop a new product because you’ve grown tired of the last.
At the core of it, though, this is all still very much the same work. We’re still just fundamentally storing stuff in databases and rendering it on the DOM. We’re just changing the way we get there.
Shape isn’t building a traditional web product. The problems they’re tackling aren’t “how elegant can I write this view layer?” or “what’s the best approach for A/B testing our users?”. It’s “how can I make this thing that’s never been done before, fundamentally work?”
When the gang at Shape went over some of the challenges they’re facing, including some of the ones they’ve already solved, I was blown away. It was the kind of stuff I’d never really had to think about before. And I didn’t want them solving the rest of it without me; I wanted to be a part the team that pulled it off.
So, those are two big reasons. The other reasons need less explanation, but are no less important: an impressive team, a suite of big-time investors, a baller logo, massages three-times daily*, etc. You know, the usual stuff.
I can’t say for sure whether Shape will be everything I hope it to be. In the future, I may have regrets. But one thing I’m completely confident in, are my reasons for joining them.
Wish us luck.
*Not a real perk.
Shape Security is hiring. It’s a unique opportunity to work on a really compelling, difficult problem with some really talented people . If you want a reprieve from showing and hiding DOM elements, you should take a look at our jobs page.
