Hello Thomas Zhang, Software Engineer at Time by Ping
Thomas Zhang, our longest-tenured software engineer at Time by Ping, has been responsible for helping build nearly every aspect of the product — frontend, backend, database, ML, cloud deployment, security, CI, and more. He’s seen our arc from scrappy startup to growth-stage company, and we are lucky to have him with us on this journey.
This conversation has been edited for length and clarity.
What’s your superpower?
I think my superpower is being able to teach and mentor. I started my first official teaching gig in college as a teaching assistant for CS61A, the computer science intro course.
In the years following, I’ve continued to teach through various outlets, whether that’s speaking about password security at the Silicon Valley Code Camp conference, teaching intro databases courses to high school students through Splash or mentoring new grads within and outside of Code2040.
How did we get to this point today in your career?
I’ve never wavered about wanting to be a software engineer ever since I could remember. To be fair, a lot of that influence comes from my parents, who are also both software engineers. They were the ones who got me interested by teaching me some of the basics early on and guided me when I built my first HTML website. This was before any of those fancy web frameworks existed.
I went to UC Berkeley for computer science. I interned for Time by Ping in the summer of 2017 to help build an MVP that would save time for lawyers and attract investors. After my graduation in 2018, I joined Time by Ping full time, right around the time that the seed round had closed. I became one of the first few full time engineers at the company. Now, I’ve been here full time for almost three years, continually building and improving our product.
Considering you’re the most tenured software engineer at Time by Ping, starting off with us in the early days, you are essentially responsible for building almost every aspect of the product. What’s that been like?
I’m very proud of what we built and even happier that this product is in the hands of users whose time we can legitimately save.
As can be expected with startups, there have been many ups and downs. I think the biggest lesson we learned on the engineering side was how to manage and temper external deadlines. In the early days, there were moments where we wanted to satisfy everyone at any cost. Given that there were so few engineers, it was rare, but there were cases when we stayed up even past midnight to deliver features, or woke up at 4am to support clients in other time zones.
On the other hand, we are continuously improving that process. The engineering team now for the most part gets a nice cozy schedule, shielded by our processes, team leads and our very amazing customer success directors. I’m very proud of what we built and even happier that this product is in the hands of users whose time we can legitimately save.
How have you felt supported in such an expansive, hands-on role? Does this make it easier to work with various teams within the company?
I’ve always felt supported, whether that’s talking to coworkers, or talking to mentors, there are always people there to help.
The common misconception is that we’re inventing the wheel, but we’re not. Rather, we’re solving a puzzle. We’re figuring out which pieces to use to ultimately build an amazing timekeeping experience for our users. There’s no piece that we have to invent, so there’s always someone to ask for help. Having touched a lot of the pieces, it absolutely does make it easier to work with various teams within the company — I often have high context when I go into these conversations.
What’s your relationship to cybersecurity?
This is something that I have an interest in and potentially where I want to take my career next. It’s plain cool.
Another coworker and I were talking about password security and I was able to show him his LinkedIn password, because of the database leak in 2012. They didn’t use best password hashing practices in the database which resulted in everyone’s passwords being essentially public on the internet as soon as the database was leaked.
Things like that, where there are real world implications, gives cybersecurity a cool factor. There’s a lot of information that is on the internet and a lot we can do to protect that information. Many people blindly trust those systems, so I think there’s a lot of high risk, high reward items that come with cybersecurity.
Patrick Gardner is also passionate about cybersecurity, having built his career at Symantec. How would you describe your working partnership with Patrick towards that shared interest?
Patrick is an amazing character at Time by Ping and I’m very grateful that he’s been taking me under his wing. Everytime we have a penetration test (pentest), I’ve been able to get time allocated to be a part of it; liaising with our pentesting partners on vulnerabilities, editing SOW documents, etc. If there’s ever a cool cybersecurity conference coming up, I’ll know about it because Patrick thought it was interesting and shared it with me. I can only dream of being in his shoes sometime in the future!
Since starting with us as an intern, Time by Ping is the first and only job that you have known. What’s it like to begin your career at Time by Ping and what keeps you here?
It was hectic to start, but what kept me here was really because of two things: the opportunities at a startup, and the people. Which other engineers can say they’ve visited law firms to give technical presentations to CIOs? Which engineer can say they’ve worked on the frontend, backend, database, ML, cloud deployment, security, CI, and so on? As far as the people, everyone pours their heart into a shared goal of building a great product, and no one is disingenuous. They put others and the shared goal ahead of themselves.
You’ve seen more Time by Ping than almost anyone else. What are some of the biggest differences at Time by Ping now vs. when you started? What’s remained unchanged?
We are much more structured now. Who was my manager a year or two ago? I have no clue. We’re still moving fast, but the structure has shifted, so there’s less pressure on engineers to rapidly respond to changes.
What do you think about when you’re building Time by Ping with relation to cybersecurity, and data privacy?
I have taken security courses like penetration testing. A lot of times I’m building the product, and I want to make sure we are defensible from these attacks. For example, are we storing passwords correctly? Obviously, we’re not storing the password in plaintext. Just thinking through all the different attack vectors as someone who’s trying to attack the product, because having people do external pen tests is great. If you’re building the product, it’s even better when you know it really well to also find those flaws within it.
What are Penetration tests, exactly?
Once a year, we’ll hire external security contractors and they’ll imitate a potential attacker and use a bunch of methods to try to hack into our systems. This ensures our product is safe and secure for our clients.
This is like spy stuff.
Yeah, exactly. It’s awesome!
So do you love watching Jason Bourne and James Bond, where people are hacking into the database? Is that how you view cybersecurity?
Yes, except without the running and physical exercise — that’s where I’ll have to throw in the towel. But it’s the same concept right there.
What would you say is Time by Ping’s superpower?
We’re building this new, modern product for an industry that’s historically had really bad products.
I think we’ve made a historically unsexy industry like legal tech become slightly sexier. If you look at all the programs out there for law firms, they are super, super old. Some of them only run in Internet Explorer. We’re building this new, modern product for an industry that’s historically had really bad products. It’s pretty exciting.
Thanks for the time, Thomas.
Stay tuned for more interviews from Time by Ping’s team. Head here to learn more or join our team.
