Become a good defender

Recently, I discovered a security vulnerability. What it was isn’t important but what is important is that it existed, undiscovered, for almost 2 years 🤯!

Over the next few days, I was able to reduce the surface area of exposure, eventually sealing this issue nice and tight.

The whole process of this security fix made me think about being a good defender.

Huh? Let me explain.

I played football throughout primary, intermediate, and high school, even creeping into university.

I wasn’t great at dribbling, passing, or scoring goals, so I naturally defaulted to the position of a defender, where I spent most of my “years”.

In team trials, when everyone would be asked to separate out into their positions, being a defender wasn’t so popular.

Why is that?

It’s simple. Forwards score the goals and get the glory.

Their success is tangible. It’s visible on the score sheet.

Contrast this to a well thought out and constructed tackle. Only if you peered into an alternate reality when this tackle wasn’t made and a goal was scored do you see the effectiveness of the defender’s work.

What about mistakes? When a forward makes a mistake, it’s usually a missed shot on goal. Better luck next time.

For a defender, it’s a worse penalty, conceding a goal and losing the game. You suck.

It’s often said: forwards bring in the tickets, while defenders win the games.

That’s the analogy.

Thankfully, this vulnerability wasn’t exploited. And it wasn’t discovered by anyone outside the development team. Nor will I be shouting this from the rooftops. A boring ol’ tackle in the harmless part of the pitch.

While this fix was taking place, the others were building cool features that are visible and tangible for the fans to adore. They were scoring goals.

It can be painful that my efforts will go in the dark. But what I can learn from this?

I learnt to be a team player and asset. I love validation. It exciting showing cool new features to stakeholders, and that they pat you on the back for doing a good job.

In this situation, I and only a few people will know that I go the unsung hero.

I need to be proud of myself - I discovered and stopped a security vulnerability. I learnt more about a particular service that I did not originally set up. I now know how to secure it.

My mentor said to me: there is always someone taking the spotlight, and if you aren’t seeing someone else get the spotlight, then it’s probably you.

In this case, I’m not in the spotlight despite my high impact effort. And that’s okay, because you aren’t the only one who has gone through this.

My time will come. But for now, I am just going to be grateful that things weren’t worse. Become a good defender.