The Work That Makes Civilized Life Possible (and finding the people to do it)


“So what exactly would you say you do here?”

I’ve flown out to remote locations and been on-site for the build-out and spin-up of three new production data centers within the last 10 months. I’ve been present for load tests and at public launches of new video games’ online services and product and feature launches to predict and solve system load issues from rushes of new customers hitting new code, networks, and servers. And yes, I’ve spent my share of all-nighters in war rooms and in server rooms troubleshooting incidents and complicated failure events that have taken parts of web sites, or entire online properties offline. I wasn’t personally involved in fixing healthcare.gov late last year, but that team was made up of people I would consider my peers, and some people that have specifically have been co-workers of mine in the past.

Do you use the internet? Ever buy anything online? Use Facebook? Have a Netflix account? Ever do a search on Duck Duck Go or use Google? Do you have a bank account? Do you have a criminal record, or not? Ever been pulled over? Have you made a phone call in the past 10 years? Is your metadata being collected by the NSA? Have you ever been to the hospital, doctor’s office, or pharmacy? Do you play video games? If you’ve answered yes to any of the above questions, then a portion of your life (and livelihood) depend on a particular group of professional engineers that do what I do. No, we are not a secret society of illuminati or lizard people. We do, however, work mostly in the background, away from the spotlight, and ensure the correct operation of many parts of our modern, digital world.

So what do we call ourselves? That’s often the first challenge I face when someone asks me what I do for a living. My job titles, and the titles of my peers, have changed over the years. Some of us were called “operators” back in the early days of room-sized computers and massive tape drives. When I graduated college and got my first job I was referred to as a “systems administrator” or “sysadmin” for short. These days, the skill sets required to keep increasingly varied and complex digital infrastructure functioning properly have become specialized enough that this is almost universally considered a distinct field of engineering rather than just “administration” or “operations”. We often refer to ourselves now as “systems engineers,” “systems architects,” “production engineers,” or to use a term coined at Google but now used more widely, “site reliability engineers.”

What does my job entail specifically? There are scripting languages, automated configuration and server deployment packages, common technology standards, and large amounts of monitoring and metrics feedback from the complex systems that we create and work on. These are the tools we need to scale to handle growing populations of customers and increased traffic every day. This is a somewhat unique skill set and engineering field. Many of us have computer science degrees (I happen to), but many of us don’t. Most of the skills and techniques I use to do my job were not learned in school, but through my years of experience and an informal system of mentorship and apprenticeship in this odd guild. I wouldn’t consider myself a software engineer, but I know how to program in several languages. I didn’t write any of the code or design any of our website, but my team and teams like it are responsible for deploying that code and services, monitoring function, making sure the underlying servers, network and operating systems function properly, and maintaining operations through growth and evolution of the product, spikes in traffic, and any other unusual things.

“Skill shortage”

Back in 2001, I was working for the University of Illiniois at Urbana-Champaign for the campus information services department (then known as CCSO) as a primary engineer of the campus email and file storage systems. Both were rather large by 2001 standards, with over 60,000 accounts and about a terabyte (omg a whole terabyte!) of storage. This was still in the early part of the exponential growth of the internet and digital services. I remember a presentation by Sun Microsystems in which they stated that given the current growth rates and server/admin ratios, by 2015 about ⅓ of the U.S. Population would need to be sysadmins of some sort. They were probably right, but the good news is that since then our job has shifted mostly to finding efficiencies and making the management of systems and services of ever-growing scales and complexity possible without actual manual administration or operation — so the server/admin ratio has gone down dramatically since then. Back then it was around 1 admin for every 25 servers in an academic environment like UIUC. Today, the common ratios in industry range from a few hundred to a few thousand servers per engineer. I don’t think I’m allowed to say publicly what the specific numbers are here at TripAdvisor, but it is within that range. But, we still need new engineers every day to meet needs as the internet scales, and as we need to find even more efficiencies to continue to crank that ratio up.

Where do the production operations engineers come from? Many of us are ex-military, went to trade schools, or came to the career through a desire to tinker unrelated to college training. As I stated earlier, while a degree in computer science helps a lot understanding the foundations of what I do, many of the best engineers I’ve had the pleasure of working with are art, philosophy, or rhetoric majors. In hiring, we look for people who have strong problem solving desires and abilities, people who handle pressure well, who sometimes like to break things or take them apart to see how they work, and people who are flexible and open to changing requirements and environments. I believe that, because for a while computers just “worked” for people, a whole generation of young people in college, or just graduating college, never had the need or interest to look under the hood at how systems and networks work. In contrast, while I was in college, we had to compile our own linux kernels to get video support working, and do endless troubleshooting on our own computers just to make them usable for coding and, in some cases, daily operation on the campus network.

So generally speaking, recent college graduates trained in computer science have tended to gravitate towards the more “glamorous” software engineering and design positions, and continue to. How do we attract more interest in our open positions, and in the career as an option as early as college? I don’t have a good answer for that. I’ve asked my peers, and many of them don’t know either. I was thrilled to go to the 2014 SREcon in Santa Clara earlier this month (https://www.usenix.org/conference/srecon14), and for the most part the discussion panels there and the engineers and managers there from all the big Silicon Valley outfits (Facebook, Google, Twitter, Dropbox, etc.) face the same problem. It’s admittedly even worse for us at TripAdvisor as an east coast company fighting against the inexorable pull of Silicon Valley on the talent pool here.

One thing I’ve come to strongly believe, and which I think is becoming the norm in industry operations groups, is that we need to broaden our hiring windows more. We need to attract young talent and bring in the young engineers, who may not even be strictly sure that they want an operations or devops career, and show them how awesome and cool it really is (ok, at least I think it is). To this end, I gave a talk at MIT a little over a year ago on this subject — check out the slides and notes here. I didn’t know that this is what I wanted to do for sure until about a week before I graduated from MIT in 2000. I had two post-graduation job offers on the table, and I chose a position as an entry-level UNIX systems administrator at Massachusetts General Hospital (radiation oncology department, to be more specific) over the higher paying Java software engineering job at some outfit named Lava Stream (which as far as I can tell does not exist anymore). Turns out I made the right decision. The rest of my career history is in my LinkedIn profile (https://www.linkedin.com/profile/view?id=8091411) if anyone is curious. No, I’m not looking for a new job.

“Now (and forever) Hiring”

So, if anyone reading this is entering college, or just leaving college, or thinking of a career change, give operations some consideration. Maybe teach yourself some Linux skills. Take some online classes if you have time or think you need to. Brush up your python and shell scripting skills. At least become a hobbyist at home and figure out some of those skills you see in our open job positions (nagios, Apache, puppet, Hadoop, redis, whatever). Who knows, you might like it, and find yourself in a career where recruiters call you every other day and you can pretty much name your own salary and company you want to work for.

And specifically for my group at TripAdvisor? We manage the world’s largest travel site’s production infrastructure. It’s a fast-moving speed-wins type of place (see my previous blog post) and we are hiring. Any of this sound interesting to you? Even if you don’t think you fit any of the descriptions below but might be up for some mentoring/training and maybe an internship or more entry-level position, tweet at me or drop me an email and we’ll see what we can do. See you out there on the internets.

Job Opening: Technical Operations Engineer

TripAdvisor is seeking a senior-level production operations engineer to
join our technical operations team. The primary focus of the technical
operations team is the build-out and ongoing management of Tripadvisor’s
production systems and infrastructure.

You will be designing, implementing, maintaining, and troubleshooting
systems that run the world's largest travel site across several
datacenters and continents. TripAdvisor is a very fast growing and
innovative site, and our technical operations engineers require the
flexibility, and knowledge to adapt to and respond to challenging and
novel situations every day.

A successful candidate for this role must have strong system and network
troubleshooting skills, a desire for automation, and a willingness to
tackle problems quickly and at scale all the way from the hardware and
kernel level, up the stack to our database, backend, web services and
code.

Some Responsibilities:
- Monitoring/trending of production systems and network
- General linux systems administration
- Troubleshooting performance issues
- DNS and Authentication administration
- Datacenter, network build-outs to support continued growth
- Network management and administration
- Part of a 24x7 emergency response team

Some Desired Qualifications:
- Deep knowledge of Linux
- Experienced in use of scripting and programming languages 
- Experience with high traffic, internet-facing services
- Experience with alerting and trending packages like Nagios, Cacti
- Experience with environment automation tools (puppet, kickstart, etc.)
- Experience with virtualization technology (KVM preferred)
- Experience with network switches, routers and firewalls

Job Opening:  Information Security Engineer

TripAdvisor is seeking an Information Security Engineer to join our 
operations team. You will be charged with the responsibilities for 
overall information security for all the systems powering our sites, the 
information workflow for the sites and operational procedures, as well 
as the access of information from offices and remotes work locations.

Do you have the talent to not only design, but actually implement and 
potentially automate firewall, IDS/IPS configuration changes and manage 
day-to-day operations? Can you implement and manage vulnerability scans, 
penetration tests and audit security infrastructure?

You will be collaborating with product owners, product engineers, 
operations engineers to understand business priorities and goals, company 
culture, development processes, operational processes to identify risks 
and then work with teams on designing and implementing solutions or 
mitigations. You will be the information security expert in the company 
that track and monitor new/emerging vulnerabilities, exploitation 
techniques and attack vectors, as well as evaluate their impacts on 
services in production and under development. You will provide support 
for audit and remediation activities. You will be working hands-on on our 
production systems and network equipment to enact policy and maintain a 
secure and scalable environment.

Desired Skills and Experience

* BSc or higher degree in Computing Science or equivalent desired
* Relevant work experience (10+ yrs) in securing systemsand infrastructure
* Prior experience in penetration testing, vulnerability management, forensics
* Require prior experience in the area of IDS/IPS, firewall config/management
* Experience with high traffic, Internet-facing services
* Ability to understand and integrate business drivers and priorities into design
* Strong problem solving and analytical skills
* Strong communication skills with both product management and engineering
* Familiar with OWASP Top-10
* Relevant certifications (CISSP, GIAC Gold/Platinum, and CISM) a plus
  1. #1 by Ekim on June 27, 2014 - 5:36 pm

    When I’m hiring now (and, as you can guess, we are always hiring), I talk about the differences between the fields as different preferences. Most of the differences that existed between “programmer” and “sysadmin” years ago have faded away. In current “DevOps”-y collaborative environments, most good production ops engineers code, and most development engineers are on-call at some point, so you can’t fall back on a simple categorization.

    You can code respectably in both. Do you only want to code, or do you want to tinker, explore, and fix? Do you want to concentrate on one system, knowing it intimately, and work with a tight team of peers that sticks to product management (or whoever sets) priorities? Or do you want to know the whole system, work end-to-end from the customer-facing front-ends through to the deepest parts of systems and network? Admittedly, my questioning is skewed, because I am generally trying to win someone over to Production Operations, but I think the idea of presenting both fields as an educated preference makes sense.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: