This is part 1 of 2.
I met Tony Perez at WPCampus back in July. Given how I discuss WPScan ( a tool sponsored by Sucuri) in my presentation, he had a vested interest in seeing what I had to say. Luckily for me, he was impressed and we discussed in length the state of security on the web and the challenges HigherEd faces in trying to secure their online assets. Tony and I met up again at HighEdWeb 2016 where I was honored to win Best-of-Conference for my presentation. Again, we discussed the need for more security education among developers, especially in the WordPress community. Shortly after HighEdWeb Tony contacted me and asked if I’d be willing to go to WordCamp US and help spread the word about web app security. Considering I’d never had an opportunity to attend a WordCamp, I enthusiastically accepted the invitation.
I arrived in Philadelphia on Thursday and hooked up with Dre Armeda and Krystle Herbrandson from the Sucuri team. Later that evening I had the pleasure to meet WarHammer (who has no online presence; and i thought *I* was paranoid!) and Kiko. The next morning, I met Renu Hermon, Alycia Mitchell and Val Vesa (the powerhouse from Romania!), which rounded out the rest of the Sucuri team. With everyone together, we headed over to WordCamp.
The first session I attended was Cory Miller’s Managing Your Iceberg with Renu, Krystle and Alycia. Not at all what I was expecting; he discussed his depression and how everyone only shows the 5% of themselves, the successful, happy PR-side of your life. He advocated that depression and loneliness in our industry is a big challenge that needs to be acknowledged and addressed. That everyone has insecurities, everyone has the same problems, just different names and that ego, pride and shame hold us back from living the human experience at max level. You need to surround yourself with WYSIWYG people. We all agreed we didn’t know we were going to begin WordCamp crying.
From there I went to A Dash Through a WordPress Release and Code Review: Keeping Things Secure, Clean, and Performant. My big take away from these two sessions is that even people working on WordPress use Git. Someone asked the question I wanted to ask: if even the WordPress core team (and Automattic employees) use Git, will WordPress finally move away from subversion over to Git? The short answer: no, subversion is to integrated into the workflow for WordPress. I had a difficult time with this answer. Just because something is currently integrated, and you have time invested, doesn’t mean it’s the best or most efficient solution. You should always reevaluate your processes and see if there are new technique/tools that can make your work more efficient. I hope the WordPress team reconsiders in the future.
Next up was Answers By Pippin. It was focused on those people who are developing plugins/themes for a fee, which isn’t necessarily relevant to my situation. However, I did still come away with a couple of things: If you are a plugin developer, you have a responsibility to build your plugin with an API that other devs can use. To be honest, I had never thought about that when developing either wpDirAuth or MizzouMVC. I’m now dedicated to building in hooks for other developers to extend and adapt my plugins. The second take-away was: have a passion project, preferably something that isn’t the same as work. Don’t burn yourself out working 24/7/365. This was a common refrain at WordCamp, to take a break and not work yourself to death. It was at this point I realized the conference was heavy on the human-side of WordPress and much less on the technology side. Not that the human-side is bad, I had just anticipated a WordCamp to be more tech-focused.
I want to mention how incredibly inclusive WordCamp was. From gender-neutral restrooms, to nursing pods, to live transcriptions in the presentations, to their code-of-conduct, WordCamp staff went above and beyond to make sure all attendees felt welcome.
After lunch I went to check out the Contributor panel. It was interesting to get a glimpse into how contribution works for WordPress core. The big take-away was that the accessibility team needs more accessibility advocates on every team. I started to wonder if the same things could be said about security. Having now contributed to the Training team (which I’ll discuss in part 2), I can confirm that there is definitely a need for more security advocates on the other teams.
From there I went over to The Back End Is Dead: A New Paradigm for Assessing Talent & Creating Great Applications since I consider myself a back-end dev and figured I better find out why the back-end is dev. Mostly it had to do with no longer thinking of hiring in terms of back, front and full-stack developers but instead hire for the data layer, business layer, presentation layer and operations layer.
After that I went to Lessons in New User Experience and then to How to Speak “Conversational Developer”. Both excellent presentations and I wish I had taken better notes. User Experience was about the VIP team at Automattic had tested variations in the UI/UX for new users and getting them to set up their first team. They discovered that if you do the hard parts for people (in this case, pre-populating and setting up the initial parts of a site), they’re more likely to come back. Conversational Developer revolved around terms that developers commonly use and explaining them in an easy-to-understand way for non-techies. It has inspired me to come up with a new presentation for HighEdWeb 2017. 😉
I finished up the day with Finding your voice by blogging. WOW. If you ever have an opportunity to see Chris Lema speak, do not miss it. Seriously. He is a fantastic speaker. And funny. Absolutely love this quote:
“How many of you in here are punctuation nazis? Raise your hands because I’m going to pray for you right now.” — @chrislema
I work with a bunch of punctuation nazis which made me think of them. But Chris’ presentation was truly inspirational. A big chunk of why I’m writing this post is because of his presentation. I hung on every word of his presentation so I don’t really have any additional quotes, but the gist was that you should just start writing, and keep writing. Don’t listen to that inner voice that tells you you can’t do it. Ignore the haters and trolls. Don’t hesitate to delete negative comments; it’s your website, you don’t have to put up with that. Just keep writing until you find your voice.
That’s it for day one. Check out part 2.