End of month 2 at Pushpay - the difference is ? and ☀️

It's been a very quick 2 months since I left ANZ goMoney and started at Pushpay. The time has gone by in a bit of a blur, but a good blur. I was talking to one of the mobile developers over a Friday beer, and I said "it's great, but I know it's still the honeymoon phase". The reply: "I'm 7 months in, and it still feels like that".

So I think that's a win.

Pushpay Logo

So what happened? ANZ decided it didn't need my services anymore (I was a contractor, and that's how it goes sometimes), along with one of the other senior developers. There were reasons given, none of which made much sense at the time (and still don't), but that's the risk with contracting, and they did the service of giving both of us 4 weeks notice, which is double what they were required to.[1]

ANZ had been both fun and frustrating at the same time. So many things which were broken which I couldn't change, or didn't feel I had the authority or mandate to change, but also so many awesome people I got to work with, not to mention a very widely used and pretty decent app. I enjoyed my time there, overall.

Pushpay, however, is a whole different animal.

From a tech stack point of view, I'm back to doing C# again, with a totally non-mobile focus. I forgot how much I like the language and framework, even if I find Windows 10 to be a visual abomination[2]. Hell, I forgot how much I like (dev)ops/infrastructure, too.

On a personal level, I get to work with people I've known and wanted to work with for anywhere up to 15 years, not to mention the other awesome people who I didn't know before.

It's absolutely exceeded my expectations.

While I was glad to see the back of C# and Visual Studio 3 years ago, I'm now quite happy to be using it again. I'm more open minded and a bit better rounded then I was, too, after using Java, Objective-C and Swift for a while. Even tho it's "a .NET shop", Pushpay is definitely a place where the most sensible thing is used - not always the most sexy or newest, but the thing which will get us the most value over time. Re:dash over Postgres? Sure. Mongo or Raven 'cos NoSql is "cool". Yeah nah.

Two of things at the core of Pushpay Engineering, tho, are the company culture of "blamelessness" and continuous delivery.

The blameless culture is a whole new thing to me. The idea isn't just "yeah, move fast and break some shit and ... whatevs!". It comes from the concept that people are not intentionally trying to screw up, so if something does go wrong, let's look at what happened, address it, then work out what we can do in the future to prevent this from happening again.

Josh Robb (VP Engineering) was interviewed about it on Channel 9. It's not a long interview, and well worth a look.

It encourages innovation without the usual dramatic consequences of failure (i.e., being fired) - it creates a safe space for everyone, rather than the usual mindset of "cover your own arse at all costs".

The "safe space to screw up" or even just talk openly extends to other things too:

I don't think I've even heard of a work place where people got together over lunch to talk about something as touchy-feely as Imposter Syndrome. But it happened, and it was awesome. For me, it totally broke the usual "OMG it must be me 'cos everyone else looks like they know what they are doing" thought loop - because everyone else feels the same way, apparently, especially in a startup with insane growth.

If something does go wrong, rolling back isn't on the table[3] - it's "roll forward to victory", and there are processes and systems in place to support that.

For example, if I screwed up a deployment and brought down the live environment - which is unlikely given the processes in place, but possible - it would be easier to put a fix in place as a new patch/delta than it would be rolling back the problem version. Sure, we do revert commits, but thats more to keep the deployment train moving forward than a panic response of "shit, I broke something".

It's a massive change in mindset, and I see now, after 2 months of doing it, why the on-boarding process is like it is: it's designed to get me used to the process of rolling out small, low risk changes which are often hidden behind a feature flag, with focus on the process of pushing out the change with the minimum risk of failure.

So when I come to doing something more substantial, there is zero temptation to batch it all up and push out a big (risky) change - it's all about the small delta.

So yeah - continuous delivery[4] (we deploy 5-6x per day). It's a whole different game. I suspect it's been a lot of work getting to this point - and it'd be even worse for a legacy app - but the end result is so worth it.

Something is very different is security and how it's communicated internally. Pushpay are subject to the same rules are ANZ was - PCI-DSS, the industry standard for handling credit cards and similar highly sensitive information.

The critical difference is that security at Pushpay is everyone's job, not just the security / risk people. It's like "see something, report it" without the "telling on your workmates" aspect.

With that comes an openness about pretty much everything[5]. We had an audit, and the results were publicly (within the company) shared, so when a new piece of work comes down saying "you need to fix this", you know why rather than "just do it 'cos reasons".

Openness and communication: it goes a hell of a long way.

Another thing I've been really enjoying is the security training from Laura Bell at SafeStack, who is also the (virtual) VP Security at Pushpay (she has many, many hats).

She's been covering various aspects of application security like SQL injection, cross-site scripting and request forgery, as well as robust discussions around current events in the InfoSec space. It's a requirement for everyone to do, in some capacity (eg Product Analysts and designers have a slightly different course). But most of all, it's fun.

It's really bought security into focus for me - it's not an after thought, it's something I'm actively looking for and considering. Given what we do, I think thats a fantastic thing.

And of course, there is a good chance we are hiring people like you.

  1. Out of the 4 of us, there is 1 developer left now, and another one has left in the other office. So thats about 40% or so gone in 3 months. Or 80% of the iOS developers. ↩︎

  2. I'm told that Windows 10 in VMWare on OSX 10.11 has performance issues, so I think my problems might be there. I've found some tweaks, which appear to be working - more info here. ↩︎

  3. Mostly. ↩︎

  4. CD can mean Continuous Delivery or Continuous Deployment - but the philosophy behind them is different. Continuous Deployment means you push something out constantly. Continuous Delivery means you deliver value to the business or customer constantly. We strive for the latter. ↩︎

  5. I think HR and "health" things are not openly shared by the company, which is fair enough, as those are extremely personal. ↩︎