Thoughts On The Dream Job

23 Jul 2021

In Feburary 2020, I interviewed was hired at Sophos, a global cyber-security company. Sophos develops products for network security, email security, encryption, mobile securiy, and communications endpoints. The company has 3,500 employees. It is an institution.

Company industry is not the job

I have been guilty of conflating the project(s) I work on with the prestiege of the job. For instance, I’ve always felt that contributing to open source as a job is glamorous. Cyber security, also glamorous. Working close to hardware feels glamorous. These things are generally admired and often sought out. These fields look good on a resume, and the work feels important.

However, I don’t believe it lives up to the hype. It is likely your work will feel distant from the company’s mission. Are you really working in cyber-security if your backend API project returns threat detection models rather than a customer’s shopping cart? What’s the difference? Either way, you fetch data from the datastore and return that data serialized. Does the content of the payload matter?

It feels like it should matter, but I don’t think it does.

Java isn’t bad

I succesfully avoided Java for over a decade. At Sophos I had the rite of passage: work on an Enterprise Java app. The project is at least 15 years old. It’s the biggest application I have ever seen. It has > 10,000 classes. It requires an enormous amount of domain knowledge due to the abstractions on top of almost everything. I actually kind of like it. I was intimidated at first, but I am proud to say I was succesful in working on the Enterprise Java application.

I still prefer Ruby because it allows more creatitivty.

Communication is important

I was in a unique position at Sophos. I worked on the Darkbytes team. [My team had previously been its own company. Sophos had just announced the acquisition.] ( Our Ruby projects leveraged the Sinatra framework. We used Sinatra at Rackspace as well.

The applications that I worked on were internal mechanisms to track managed threat detection and response (MTD/MTR). The internal ReactJS and customer-face Angular frontends displayed case data and detection data.

Six or seven months into the position, we began to integrate our platform into the Enterprise Java application for the purposes of showing MTD/MTR analysis to the customers on the customer-facing Sophos portal. The frontend used Angular 1.x as we migrated to Angular5+.

Our team used Slack, Sophos used Teams. This made it harder to communicate changes, plan accordingly, and ask questions. We did not have project managers, QA, or scrum masters for a year after I joined the team. We were scrappy and still got things done. We filled in those roles as 2020 turned into 2021.

Reflecting on the work

I spent a year working between both teams / organizations. It was challenging but I was succesful in my role. I created Ruby Sinatra JSON endpoints that returns serialized threat detection data. We store the analytics in ElasticSearch and case data in regionalized Postgres instances.

Using Sinatra with ActiveRecord, we created an abstraction on top the database layer with a customized database.yml. The abstraction layer is passed a customer object which contains region data and calls the appropriate datastore. This system was used to fetch threat detection analysis from ElasticSearch and case-specific threat data from regionalized Postgres. All returned via JSON using

Then I would context switch to the Java side. I would add the new Darkbytes API service method, consume the Ruby endpoint, write integration tests, and open a pull request. This fed the customer-facing portal with MTR/MTD aggregation queries and case data.

It was interesting, involved work. I’m proud to have done it.

But, it is time to move on.

I now think Java has an undeserved bad reputation. I believe there is too much ceremony, but it is ultimately a great tool for the role that it fills in software development. Enterprise Java Spring applications are rightly opinionated. This is useful when there are 500+ people working on the same application. It forces a common dialong between employees that will likely never meet. That said, I’d like to focus on growing in the areas that interest me. And Java is not what interests me.


I am excited to begin my new position at with a higher education company. They are a Rails + Angular shop. The team looks great, the projects are interesting, and I am looking forward to this happy change.

I hope all is well to you, reader, whoever you are.