Telegram's founder Pavel Durov says his company only employs around 30 engineers. Security experts say that raises serious questions about the company's cybersecurity.
To be fair, in a large company, there is usually only about 30 people who are actually good and know what is going on, and hundred of others who are checking in trash.
It’s not even about the quality of individual people. The organizational structure of large companies encourages pointless work.
Internal mobility and cross department collaboration are frowned upon. So you get many people doing duplicate work, new ideas don’t propagate, and even if someone has an idea it’s quickly shut down.
The only way to achieve anything substantial is to be both: 1. assertive and energetic, and 2. at the correct level of hierarchy. And make no mistake even if you pull a miracle there will be no reward. Maybe a 3% raise at the yearly review.
Sorry for the rant, I currently work in a company like this.
Yeah. The most secure companies I’ve worked at actually only had a small group, of very competent people, who were paid well, treated with respect, and not presented with a lot of organizational or infrastructural red tape.
I’ve worked with teams of 10 that had shit locked down tight, and teams of hundreds who had software that was exploding and getting exploited left and right.
If someone tells you more head count = security, I would not consider them an expert.
Maybe I’m just lucky in where I am in a FAANG company, because I’ve only been offered mobility in my job, even directly after a promotion! We encourage work across the organization, but we have like 500 devs in this org.
The wrong way to to do it is: moving to another team requires you to go through the full hiring process.
Any lateral movement, for example backend engineer -> fronted engineer is treated as if you’re a junior starting a completely new career.
30? Sometimes very less, 2 or 3. It’s incredible that some piece of software used by milions/billions of people, have been written and sometimes maintained by 2 or 3 guys.
Even if every employee was equally competent, decision making needs to be consolidated enough that it can be decisive and shared throughout large companies. Complex systems that need to change rapidly gain no benefit from having too many people wanting to make decisions, you only need most of them to be competent enough to complete the work based on the decisions of a small group or the work will end up getting too convoluted and unmaintainable.
There really isn’t a benefit to have everyone understand all of the parts of a large and complex system, if they only have time to work on a portion or to facilitate decisions that take into account the knowledge of the people in the different parts.
I see this parroted now and then. Often the people I’ve heard it from are the type of folks who would drastically underestimate the complexity and effort needed to make things. I’ve also seen and worked on codebases made by such folks and usually it ain’t pretty, or maintainable, or extensible, or secure, or [insert fav cut corners here].
To be fair, in a large company, there is usually only about 30 people who are actually good and know what is going on, and hundred of others who are checking in trash.
It’s not even about the quality of individual people. The organizational structure of large companies encourages pointless work.
Internal mobility and cross department collaboration are frowned upon. So you get many people doing duplicate work, new ideas don’t propagate, and even if someone has an idea it’s quickly shut down.
The only way to achieve anything substantial is to be both: 1. assertive and energetic, and 2. at the correct level of hierarchy. And make no mistake even if you pull a miracle there will be no reward. Maybe a 3% raise at the yearly review.
Sorry for the rant, I currently work in a company like this.
Yeah. The most secure companies I’ve worked at actually only had a small group, of very competent people, who were paid well, treated with respect, and not presented with a lot of organizational or infrastructural red tape.
I’ve worked with teams of 10 that had shit locked down tight, and teams of hundreds who had software that was exploding and getting exploited left and right.
If someone tells you more head count = security, I would not consider them an expert.
Maybe I’m just lucky in where I am in a FAANG company, because I’ve only been offered mobility in my job, even directly after a promotion! We encourage work across the organization, but we have like 500 devs in this org.
That’s the correct way to do it.
The wrong way to to do it is: moving to another team requires you to go through the full hiring process. Any lateral movement, for example backend engineer -> fronted engineer is treated as if you’re a junior starting a completely new career.
There’s an aphorism, “give me 10 engineers and I’ll build it in a year, give me a hundred engineers and I can get that down to just five years.”
30? Sometimes very less, 2 or 3. It’s incredible that some piece of software used by milions/billions of people, have been written and sometimes maintained by 2 or 3 guys.
https://xkcd.com/2347/
Even if every employee was equally competent, decision making needs to be consolidated enough that it can be decisive and shared throughout large companies. Complex systems that need to change rapidly gain no benefit from having too many people wanting to make decisions, you only need most of them to be competent enough to complete the work based on the decisions of a small group or the work will end up getting too convoluted and unmaintainable.
There really isn’t a benefit to have everyone understand all of the parts of a large and complex system, if they only have time to work on a portion or to facilitate decisions that take into account the knowledge of the people in the different parts.
I see this parroted now and then. Often the people I’ve heard it from are the type of folks who would drastically underestimate the complexity and effort needed to make things. I’ve also seen and worked on codebases made by such folks and usually it ain’t pretty, or maintainable, or extensible, or secure, or [insert fav cut corners here].