I mentioned in my introductory post that I’m about to finish up a bachelor’s program at UMaryland-UC in software development and security and that, despite nearing the end of such a degree, I still don’t feel job ready. Nevertheless, I want to try to place my programming skills and comfort with technology into context before I dive any deeper into this blog’s purpose (which is to chronicle my progress through self-directed programming education outside of this degree). So that’s where I’ll begin.
Perhaps the biggest problem I have when it comes to “what I know about programming” is that I don’t really know the degree to which I know things relative to what is considered industry standard. For instance, my degree program at UMaryland requires two courses on Java SE8 (introductory programming and intermediate programming, sequentially). These courses covered what you would probably expect from courses so named: primitive data types, operators, conditionals, loops, arrays, functions, recursion, GUIs, input-output, exception handling, inheritance, polymorphism, classes, and so on, all done in Java SE8 using the NetBeans IDE. I also took an additional course called “Advanced Programming in Java” because it offered me my first glimpse into Java EE7 and Java-based web development using JSF, servlets, and JDBC <—(at the time, these technologies seemed easy; looking back at the projects I built in that class makes me realize I’ve pretty much forgotten everything, JSF coding in particular).
After looking through what I’ve learned, I feel comfortable claiming to know quite a bit about Java and OOP. So, with that thought in my head, I ventured out to the web looking for opportunities to apply these skills to the real world in open source projects and discovered that my Java skills are nowhere near where they should be for such projects. My first experience with this was actually in conversation with a friend of mine who works as a program manager at a robotics R&D facility in the DC area. I forget the particulars of the conversation, but remember him asking about which design patterns took me the longest to learn. I asked what he meant. He sort of looked at me baffled. So, he says to me, you’ve gone through three progressively challenging courses on Java/Object-oriented programming and you still haven’t been taught design patterns?
Off to Udemy I go, looking for courses on design patterns. What I discover isn’t necessarily that I need them, but that they would make what I’ve already learned easier to apply to real projects and make it easier for other programmers to work with my code. I’m not actually claiming to know design patterns yet; at this point I’m just aware that they’re a thing. This will likely be a part of my upcoming code challenges. But it’s a valid argument: why haven’t I been taught design patterns? I went digging through the curriculum at UMUC within the software development program as compared to the computer science program. The CS degree does require courses on data structures, algorithm design, and even more advanced Java (mainly on concurrency, multithreading, etc.). The CS program also requires 2 semesters of calculus and a course on discrete mathematics, which the SDEV program does not.
I am aware that these two degree programs target different groups of developers and that the degree I chose isn’t for those who want to get a job at a robotics company writing embedded C++. I knew this going in. Despite the name of the degree being “Software” development, the truth is this degree more closely resembles a degree in “Web” development with a heavy touch of cybersecurity mixed in; half the required courses focus on maintaining security-mindedness during the development life cycle. I feel lucky for having recognized this early on because I opted to take 3 extra courses specifically in web development in order to strengthen the skillset I knew I’d stand the best chance of getting hired to utilize after graduation. That said, I still wish I’d have taken a few more advanced programming courses to learn how to be a better programmer (I also wish, in retrospect, that I had just pursued the CS degree. Fear of calculus can be blamed for that). Now I’m left having to seek out challenges, tutorials, and open projects to try to work through as a way to enhance what I have.
Here is a summary of the skills I’ve developed and technologies I’ve learned so far in the 13 courses I’ve taken (my next few posts will explore some of this a little deeper):
Course 1 (Intro to Algorithms): Basically, I learned about flow-charts and designing solutions to basic programming challenges in pseudocode.
Course 2 (Introductory Programming—Java): I learned about primitive data types, functions, conditionals, loops, arrays, I/O, and how to work within the NetBeans IDE. We also covered a few built-in libraries like java.util, java.io, java.nio, java.math, and java.lang.
Course 3 (Intermediate Programming—Java): This course focused mostly on building GUIs with the Java swing library. It also taught the basics of recursion.
Course 4 (Relational Databases): Here is where I learned about entity-relationship diagrams, relational database concepts, database table normalization, and SQL using Oracle’s SQL*Plus interface.
Course 5 (Web Design and Tech I): This course pretty much just covered the basics of HTML, CSS, web accessibility, browsers, HTTP, internet protocols, and basic web design principles. Here is where I built my first static website.
Course 6 (Building Secure Web Apps): I took this course concurrently with Course 5. This course taught the LAMP stack (Linux, Apache, MySQL, PHP). We used an Oracle VirtualBox client to host a Linux environment where all of our development would take place. This was my first exposure to Linux, the Linux terminal, Apache web servers, PHP and databases built with MySQL. The final project also required us to conduct automated penetration tests of our application, and an app the professor built, using OWASP’s Zed Attack Proxy (ZAP) tool, and then attempt to fix any vulnerability we found. The final project we had to build was a full-scale e-commerce site selling a product, accepting payment, and allowing users to login/logout in order to maintain a shopping cart (all done in PHP).
Course 8 (Advanced Programming in Java): This course was focused on teaching Java Enterprise Edition (EE) 7. We were required to set up a Glassfish server to host our applications and we had to build small-scale apps using different Java EE7 technologies to demonstrate their differences. The Java EE7 tech we used was JavaServer Faces (JSF), servlets, and JDBC.
We did not learn, as is common for Java-based web development, JavaServer Pages (JSP) under the argument from our professor that JSP is deprecated and JSF is now preferred. I don’t know how true that is because most tutorials I come across for Java EE development is done in JSP, not JSF. Can anyone comment on this? Which one is preferred these days?
Course 9 (Secure Software Engineering): This course covered the basics of the software development life cycle (SDLC), different SDLC methodologies, security-mindedness during each phase of the SDLC, and a few exercises in understanding how security is evaluated at different stages.
Course 11 (Database Security): This course reviewed everything learned in my relational database course, but really dove deep into Oracle 12c EE and various security features like database auditing, virtual private database policies in PL/SQL, user permission settings, and other monitoring techniques. Easily the most “documentation reading”-heavy course I’ve taken so far. So. Much. Reading. And I’m speaking as someone who’s completed a Master’s degree in history and written a 90-page thesis!
Course 12 (Detecting Software Vulnerabilities): This course didn’t teach me much of anything I didn’t already learn from the other courses, but it put specific items under a single heading, namely: software vulnerabilities. We had to build 16 small-scale applications, 8 that demonstrated a particular vulnerability on MITRE Corp.’s Top 25 Common Weaknesses Enumeration (CWE) list, and 8 that presented that same application but with the vulnerability successfully removed. This was a fun course because it wasn’t tied to any particular language. I built little apps in Java, PHP, and even a little tiny one in C++, which was a first for me.
Course 13 (Secure Programming in the Cloud): Here is where I learned about Amazon Web Services (AWS). In particular, we covered cloud service models (SaaS, PaaS, IaaS), AWS’s EC2 servers (both in Linux and Windows) and how to instantiate them, S3 buckets and how to use them, Elastic Beanstalk’s ability to combine these things into a web-hosted application, Route 53’s ways of providing fast routing to our apps, and account roles, permissions, security, and resource monitoring. I loved this course! So many cool things to learn that tied a lot of my previous learnings together. I highly recommend web developers take the time to explore AWS and its various offerings. It has so many fun things that would probably make everyone’s lives easier if they learned how to incorporate this stuff into their lives (not that I do, but I can still recognize its value).
So, in summary (TL;DR), above is a list of courses I’ve taken so far (officially, that is. Maybe later I’ll get around to posting a similar list of what I’ve done using free online resources) and what technologies I’ve learned. I still think of myself as a coding newbie, though I probably am better at it than I think. I aced every course listed above (I would say “easily,” but a few of the early courses on programming likely caused a few gray hairs to sprout).
If you were bored by this post, sorry. But know that this post is mostly for me. It’s a way for me to show myself that I actually have accomplished something substantive on this journey and that I shouldn’t let myself get down for not feeling adequate or job ready just yet. The truth is, I probably am job ready, but for me it’s a matter of confidence. I don’t feel confident enough in this domain to begin applying to jobs. I hope to get there soon.
Until then, I’ll keep on learning and coding.