JUL 25, 2016

If I Were the Boss

I’ve got just over 2 months of experience working with Punchmark. The company has operated for nearly a decade with only a handful of full-time employees. Furthermore, the three owners are the only ones who deal with the code on a daily basis.
I’m choosing to write about what I would do differently if I were in charge. Punchmark’s current strategy for development has worked well for them now. However, once more full-time developers join the team their strategy needs to change. Here are three things I would do in preparation of adding more employees to my team if I was CEO of Punchmark.

Implement Deployment Strategy

Punchmark’s current strategy is a sort of autonomous continuous deployment scramble to fix bugs and add features while developing on live code or using a small shared testing client. Again, this has worked for them. However, new employees need a strict development process to conform to. Punchmark could benefit from release automation and a dedicated development server. Operating on live code is dangerous and more than once during my time there has led to a complete crash of all client sites. Albeit for only a few seconds. There are tools for testing code before release and preventing releases that would break pages.
Security
I would hire security specialists to do a complete audit of Punchmark’s system. In my time working there, I’ve seen XSS vulnerabilities and weak password hashing algorithms. I don’t even know that much about security. Who knows what else is lurking in that codebase? Beyond emails and passwords, Punchmark stores API tokens for their clients that could be used to control a client’s social media accounts if they were leaked or revealed through SQL injection. These security threats have the potential to incur lawsuits and ruin the company’s reputation. Squashing these threats would be first priority if I were in charge.
Documentation
Punchmark has an in-house wiki. But I would enforce keeping it up to date and detailed. Before making new hires, I would revamp the wiki with the big picture essentials and instruct new recruits to add to the wiki as they learn. They will have the best vocabulary to describe a problem to someone new to the codebase.
I think that Punchmark fears becoming a strict company and longs to hold on to that startup feel. They can still do this while implementing some structure and safeguards to their system. While customer acquisition is a priority for them right now and it is the driving force behind their cash flow, these changes above will ensure a more long-term success and provide room for scaling to meet the needs and concerns of a growing client base.

Fin