The Full-Stack Apprenticeship Technical Standard
--
We are coming into 2019, and more people are exploring software engineering as a career than ever. For most people, the economy hasn’t changed much over the last few years. If you were working in a low-wage service job 3 years ago, chances are you’re still around the same income level. How is it that, as a society, we have failed to create a pathway of opportunity for our people to prosper?
For thousands of years, humans have not been taught at accredited four-year universities — they received knowledge passed down through years of experience in apprenticeship. If someone wanted to transition into engineering in 2019, they are bombarded with options. Learn this language! This framework! Specialize here!
How do we extract the signal, and forget about the noise?
The Full-Stack Apprenticeship Standard presents the following as a set of baseline competencies for the next generation of full-stack engineers, as well as some recommended tools for implementation:
- JavaScript, ES2016 and beyond
- Cloud (AWS) Infrastructure
- React, React-Native
- Monolithic & Serverless Architectures
- SQL & NoSQL
- Security-centric design
JavaScript, ES2016 and beyond
JavaScript is the most popular programming language in the world today, enabling practitioners to build everything from mobile applications to desktop experiences. With ES2016 and subsequent releases the language has received much needed attention to include rich new features and become even more powerful. Still largely not taught in university programs, JavaScript expertise is the most direct path to employment.
AWS Infrastructure
When creating a standard, it is crucial to benchmark against the best-in-class your industry has to offer. For engineers who identify foremost as builders, AWS offers the best platform on the marketplace. Microsoft & Google target large corporate work-forces & data-dependent organizations — not necessarily builders. Their suite of products is unparalleled and growing fast, from Cognito authentication and API gateway for “serverless” computing with Lambda, to containerized deployments with ECS, relational and NoSQL databases and limitless storage in S3. AWS offers a very generous free-tier. They also provide numerous tools for data, video, and photo analysis and just about anything you could dream up.
For those looking to create the products of the future, AWS offers $1000 credit towards server-costs. The ‘Builders Tier’ — the name says it all. While Google’s cloud tools may not have the range of AWS, their Firebase products are a complete set of back-end services to support rapid development of business-logic light applications. Their GSuite family of products are excellent.
React & React Native
One of the interesting aspects of software development is that there are almost infinite ways to get the job done. This can be painful, especially for those looking to learn and become productive — analysis by paralysis of options. React.js & React Native are the perfect answer for less-experienced engineers seeking to build experiences for the web & mobile platforms, and will only continue to improve.
The benefits of this cross-platform functionality are staggering. Using a state-management library like Rehttps://redux.js.org/dux, it is possible to re-use 75% of the code-base between the web & mobile. The entire React Open-Source community has contributed components to solve almost every challenge, including ‘Create-React-App’ — a quick-start module that helps you get productive fast and bundles your JavaScript code using webpack for optimal production speeds.
Monolithic & Serverless Architecture
The most important aspect towards delivering a product to market is delivering a product that works. ‘If it clicks, it ships’ is not necessarily the best philosophy, but it helps you launch & get market feedback faster. Nobody wants to spend a bunch of time on an idea that turns out to be a bust.
Accordingly, learning basic application architecture should be focused on creating the product that is secure, stable, and scalable. Everything else is noise. A combination of monolithic & serverless infrastructure gives you the best of both worlds — maintainability, ease of development, low-cost & speed. For creating monolithic applications, one option is Express.js, or one can push it further by using it’s successor Koa.js, written by the same team and an improvement on Express.
For serverless architecture, we recommend the Serverless framework & platform. They provide an an intuitive command line utility to help you provision your API endpoints, and deploy code in seconds. Setting up your infrastructure is a breeze, coming down to editing a YAML file.
SQL & NoSQL
Relational databases, such as PostgreSQL, help you create more complex customer experiences — being able to create relationships between your data helps ensure you can display what your users care about, without waiting forever for multiple API calls to return and be filtered in their browser.
NoSQL (NoStandardQueryLanguage) databases are incredibly helpful for those looking to build simpler functionality, independent features, or complementary services based on your user behavior, and pair incredibly well with serverless functions. Quick to prototype, a NoSQL database such as DynamoDB can more adequately be described as a ‘key-value’ store. You enter a key, it has a corresponding value — build out a messaging or notification system.
When designing a relational database, one might consider an Object Relational Mapper (ORM) such as Sequelize to assist. Essentially, you can declare your database’s schema & write queries entirely in JavaScript. It is still helpful to understand the capabilities of SQL, including how to alter, query & post with a database table.
Security Centric Design
Something that really struck me the deeper I got into development was how frighteningly insecure the internet is. Cross-Site-Scripting is a joy — basically, you can inject your own JavaScript code into anyone’s unprotected web page. Whether you get any pushback, depends on whether the author bothered to secure their website. Most don’t — you are the exception.
If selling a product or service, storing information users information, it is unacceptable to not consider the security of their information. They are handing you their trust and you must do your best to not disappoint them. Cross-Site-Request Forgery (CSRF) is a concern, and you should definitely sanitize your SQL input if you are using a relational database. That’s where ORM’s could come in handy. Security doesn’t have to be hard, but should be baked into your product from the start. There are easy wins to be had using modules like `helmet` and modern authentication providers like Okta, Auth0 or AWS Cognito.
Recap
A professional needs to have a set of tools to get the job done. These tools are a proposal for the skills a new full-stack engineer acquires. To learn this, does not require going to college. It doesn’t cost a lot money. It takes time, and a few people usually help along the way.
Is a standard necessary? I would argue that having one is valuable for a few reasons. First, to reduce the cognitive load on new engineers. Providing a practical, profitable skillset will give them the confidence they need to move forward. Second, if trying to wrangle a team of apprentices towards working on projects, scaling up from 1, to 2, to 5, to 10 — having that same underlying foundational knowledge will be very helpful for helping people move past roadblocks. Additionally, having a shared infrastructure through AWS makes everyone responsible for devops at a certain level. Specialists will arise, whether through interest or necessity, but having that shared base will greatly decrease learning curves for taking on new projects, codebases & new teammates.
Full-Stack Apprenticeship
Visit our website or email us at fullstackapprentice@gmail.com if you are interested in expanding your technical skills in the Seattle area. We will try to connect both, and have some exciting things coming soon to help facilitate that & expand opportunity all over the world.
