this post was submitted on 12 Jul 2025
125 points (90.3% liked)

Technology

72764 readers
1417 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

My take on how a decade (or more) of using cloud services for everything has seemingly deskilled the workforce.

Just recently I found myself interviewing senior security engineers just to realize that in many cases they had absolutely no idea about how the stuff they supposedly worked with, actually worked.

This all made me wonder, is it possible that over-reliance on cloud services for everything has massively deskilled the engineering workforce? And if it is so, who is going to be the European clouds, so necessary for EU's digital sovereignty?

I did not copy-paste the post in here because of the different writing style, but I get no benefit whatsoever from website visits.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 2 hours ago (1 children)

That has been my experience with security people, too. They are button pushers and copy pasters. But I don't think it's cloud computing causing it. They were like that before clouds.

[–] [email protected] 1 points 17 minutes ago

Yeah, they are frequently just parroting things like CVE notices as highlighted by a fairly stupid scanning tool.

The security ecosystem has been long diluted because no one wants to doubt a "security" person and be wrong, and over time that has made a pretty soft context for people to get credibility as a security person.

[–] [email protected] 97 points 1 day ago (1 children)

I think its actually that most people generally don't really understand most things beyond the minimal level necessary to get by. Now that the tech industry isn't just a bunch of nerds you're increasingly more likely to encounter people who are temperamentally disinclined to seek understanding of those details.

[–] [email protected] 6 points 6 hours ago (2 children)

That and also - humans not knowing something can man up and learn it. When they need, they'll learn.

And OP's question about European clouds - it depends really. A lot of what this endeavor needs is just advanced use of OpenStack. I'm confident there are plenty of people with such skills in the EU countries.

As for the post content - I dunno, my experience with Kubernetes consists of using it, but not trying to understand or touch it too closely, because it stinks. Maybe those engineers were like that too.

[–] [email protected] 1 points 2 hours ago

When they need, they'll learn.

100% agree. But. If you are a principal engineer claiming to have experience hardening the thing, you would expect that learning to have already happened. Also, I would be absolutely fine with "I never had a chance to dig into this specifically, I just know it at a high level" answer. Why coming up with bs?

Maybe those engineers were like that too.

I mean, we are talking about people whose whole career was around Kubernetes, so I don't think so?

[–] [email protected] 1 points 4 hours ago

I like to understand what I work with, but I also like to keep my tools (like: Docker container images) as close to "stock" as possible, because that way they benefit the most from security testing and patching that others do, and make as little work for me as possible when I install upgrades.

Having said that, some tech (especially Bluetooth) is best "reinvented locally" IMO, simply because so much effort is being put into breaking Bluetooth security, and nobody really cares to break our products, but if we use Bluetooth we will be slapped with CVEs to patch constantly. So, yeah, use the Bluetooth supporting hardware, but roll your own reasonable security appropriate for your applications and get the hell out of the firehose of whack-a-mole security patches.

[–] [email protected] 60 points 1 day ago (5 children)

I went through hiring several times at several companies, being on the interviewer side.

Typically it's not the talent pool as much as what the company has to offer and how much they're willing to pay. I referred top notch engineer friends, and they never made it past HR. A couple were rejected without interview because they asked too high of a salary, despite asking under market average. The rest didn't pass HR on personnality or not having all the "requirements", because the really good engineers are socially awkward and demand flexibility and are honest on the résumé/CV, or are self taught and barely have high-school graduation on there (just like me).

I've literally seen the case of: they want to hire another me, but ended up in a situation where: I wouldn't apply for the position myself, and even if I did, I wouldn't make it to the interview stage where I'd talk to myself and hire myself.

Naturally the candidates that did make it to me weren't great. Those are the people that do the bare minimum, have studied every test question (without understanding), vibe code everything, typically on the younger and very junior side. They're very good at passing HR, and very bad at their actual job.

It's not the technology, it's the companies that hire that ultimately steers the market and what people study for. Job requirements are ridiculous, HR hires engineers on personnality like they're shopping for yet another sales associate, now it takes 6 rounds of interviews for an entry level position at a startup. VC startups continue to pay wildly inflated wages to snatch all the top talent while established companies are laying off as much IT staff as possible to maximize profits.

[–] [email protected] 1 points 3 hours ago

now it takes 6 rounds of interviews for an entry level position at a startup.

I think it was 1996 vs 2002... 1996 we advertised in the Miami Herald for an engineer and got about a dozen applicants, 3 worth interviewing, none worth hiring and had to continue to search through personal networking to fill the role. 2002 we placed a nearly identical ad in the same classified section of the same paper, but by this time the Miami Herald was "online." We even added the line "only local candidates will be considered." Within the first week I had over 300 resumes on my desk, half of them from far afield - even overseas, so they were easy to sort... Still, plowing through the remainder, after about 50 quick scans I found one former employee of a company we did regular business with for over a decade, the question to his ex-manager was "if you had the chance, would you rehire him?" That yes shot down the rest of the applications dead - we just didn't have the resources to even read all the applications, much less sort or answer or interview them.

I can only imagine the flood of candidates applying for every opening today. Take your resume, e-mail it to 30 recruiters, they each apply to 30 positions for you...

[–] [email protected] 5 points 7 hours ago (1 children)

I'm here from /all so I can confirm this is happening in non-tech too. Not too long ago, I interviewed to be a product photographer for an industrial manufacturer, and the people who were interviewing me knew nothing about the job I was interviewing for.

They couldn't tell me what camera they used in house, they couldn't tell me what editing software they used, they couldn't tell me about the lights, they couldn't tell me anything. It's like if the interviewers said you'd use 'computers' but couldn't tell you which OS they were running.

[–] [email protected] 3 points 3 hours ago (1 children)

You were at screening level #1. When I applied for work in Manhattan in 1988 it was like that: 9/10 jobs you applied to weren't the actual employer, they were agents building a pool of candidates to be able to present to the actual employers at a moment's notice if the employer should ever actually call asking for candidates.

Today I bet it's rare to get hired without at least 3 screenings before you actually meet the people you might be working with.

[–] [email protected] 1 points 1 hour ago

Maybe, but that doesn't quite track with what I experienced. It was for a fairly well known company that builds industrial tools and machines, and I interviewed at their HQ, so I don't think it was an agency building a pool.

The screening part sounds right, but I think these guys were doing it in-house.

[–] [email protected] 1 points 6 hours ago (1 children)

Isn't the solution to train people to get past HR? I know it would infuriate me to have to do this but HR needs to be treated as an obstacle. Remember when personality tests first started appearing. There were people teaching how to give the answers HR wanted.

[–] [email protected] 1 points 3 hours ago

That's what's happening, and it's diminishing the quality of candidates - dramatically. Getting past HR isn't a valuable skill except for getting hired.

[–] [email protected] 4 points 1 day ago (2 children)

I have the opposite experience, when I was doing interviews I just skipped the very obviously underskilled people (which, IIRC were in the single digits) and interviewed pretty much everyone.

For context, I'm the main architect and dev of the company I was hiring for. Most of the candidates were horrible.

[–] [email protected] 1 points 3 hours ago

In 2006 I had a hard time finding C++ programmers in a university town. 9/10 who responded to the ads were just clueless. Of the remainder, we had a simple test - here's sample code in an IDE that draws a straight line on the screen (you'll be doing graphics programming in the role) - take that code and turn it into a program that draws a sine-wave in the same space... Everyone put computer graphic on their resume's, expressed confidence in their ability to perform in the role, deep former experience, but 5/6 who passed the clueless test couldn't manage that, given unlimited time and resources - the computer has internet access and a browser window open right there beside the IDE- USE IT!!!

Sadly, today we'd probably have to shut off the internet access aspect, or make the test much more difficult. Even AI can draw a sine wave.

[–] [email protected] 1 points 9 hours ago (1 children)

A lot of this has to do with recruiters. I've been interviewing for a few years at my company such with as many different sets of recruiters, from recruiting firms to our corporate recruiters, to ones we hired ourselves. Our corporate recruiters handed over garbage candidates who we could often tell wouldn't work out after the first 10 min of the interview, whereas the other two groups of recruiters would do a good job filtering so we'd get than a 50% hit rate on our first round. Unfortunately, we promoted our recruiters once the need for talent dropped (or they moved on to a recruiter firm), and now they're unwilling to go back to recruiting.

The quality of your recruiter matters quite a bit, so you'll want to find someone who is experienced hiring a certain type of person so they know what to look for.

[–] [email protected] 1 points 3 hours ago

The quality of your recruiter matters quite a bit

Absolutely, but in a big company you don't get to choose which recruiters you use - corporate just sends you candidates.

load more comments (1 replies)
[–] [email protected] 19 points 1 day ago (3 children)

The main factor, IMO, is that everyone wants good engineers but good engineers don't change jobs that often.

Meaning most of the candidates you interview will suck in one way or another.

And everyone calls themselves "senior" nowadays.

[–] [email protected] 1 points 3 hours ago

I think 4 years experience gets the "Senior" title in our company now. I can understand having 3 years experience and being frustrated when you can see how much better you are at your job than your "more senior" middle managers, but... there are plenty of things that you continue to learn in your first 10-20 years of experience, and having diversity of experience brings even more value that's rarely acknowledged in any ranking scales - actually the ranking scales usually reward stay-put loyalty over diverse in depth experience, and that's just backwards in my experience. Although, I have also known plenty of "job hoppers" who got around from place to place every year or two and it was clear after working with them that was because they didn't really contribute adequate value anywhere they went.

[–] [email protected] 2 points 9 hours ago

Exactly. We don't hire "junior" positions, because all the midlevels are juniors, all seniors are mid-level, and seniors don't apply. I'm a senior and a recruiter found me, I didn't apply (at least not to this company).

[–] [email protected] 7 points 12 hours ago (1 children)

Everyone calls themselves senior because that's the only type of position recruiters look for.

I'm a mid level dev, but I'm encouraged by recruiters to apply for senior positions because their clients are actually looking for a range of levels

[–] [email protected] 1 points 10 hours ago

Yeah, that's true, everyone thinks they want a senior where usually someone who's not a straight up junior is more than enough. And a fast learning and motivated junior is the best you can get, IMO, though those are pretty rare as well.

[–] [email protected] 32 points 1 day ago (4 children)

I'm reminded of when my boss asked me whether our entry test was too hard after getting several submissions that wouldn't even run.

Sometimes prospective employees are just shit.

[–] [email protected] 1 points 3 hours ago

Our entry test should have been dead simple for anyone applying to the position. Position: C++ computer graphics programmer, 1-2 years experience implementing technical graphics displays in C++ language. All resumes submitted, of course, claimed this and more. All interviewees, of course, professed great confidence in their abilities. 9/10 candidates, when presented with "the test" failed spectacularly. The ones who passed, generally, did it in less than 10 minutes - with a couple of interesting quirks which revealed their attention to and/or willingness to follow directions. The failures ranged from rage-quit and stomping out without a word, to hours of pleading for more time to work on it - which, in principle, we granted freely, but after 30 minutes if they didn't have it they never got it.

[–] [email protected] 4 points 9 hours ago

Ours is really simple, like something any somewhat competent engineer could complete in half the time we provide after going through the tutorial on the framework's website. Yet so many people fail, even when they claim to have years of experience with the framework.

There are a ton of terrible applicants out there.

[–] [email protected] 19 points 1 day ago (1 children)

I got asked the same. I simply pointed out the test is a reproduction of last week's bug that took down prod at 2am and got paged to fix, and is therefore as realistic as it gets of what they'll need to be able to handle.

It's always DNS, everyone should know that.

[–] [email protected] 24 points 1 day ago (1 children)

It’s always DNS, everyone should know that.

It's not DNS. There's no way it is DNS. It's not technically possible for it to be DNS.

And it's always DNS.

[–] [email protected] 8 points 1 day ago

Ahaha yes, that might be the case, but I started to lose hope if the top of the applicants (out of hundreds of rejected!) all exhibits this behavior. I can't help but feel that now we are looking for people with a mindset and skillset that is simply disappearing in the industry.

And as I said in another post, I perfectly acknowledge that if I stopped reading and investigating stuff on my own, I could absolutely keep my job by just mindlessly administering a few services and rephrasing CIS benchmarks...

[–] [email protected] 20 points 1 day ago (3 children)

That is technically correct in a way, but I'll argue very wrong in a meaningful way.

Cloud services are meant to let you focus less on the plumbing, so naturally many skills in that will not be developed, and skills adjacent to it will be less developed.

Buttttt you must assume effort remains constant!

So you get to focus more on other things now. E.g. functional programming, product thinking, rapid prototyping, API stuff, breadth of languages, etc. I bet the seniors you are missing X and Y in have bigger Zs and also some Qs that you may not be used to consider, or have the experience to spot and evaluate.

[–] [email protected] 3 points 8 hours ago (2 children)

I disagree. On paper that sounds good, but I firmly believe good engineers are curious, so they'll learn a lot more than necessary to do the job.

For example, when I worked at a company that designed antennas as a software engineer (built something tangentially related), I didn't need to know anything about electrical engineering, but I was curious so I asked a ton of questions and now I know a fair amount about EE. These days I work in a very different domain and still ask a ton of questions to our domain experts. In my own field, I look into all kinds of random things tangentially related to the tools I use. In each case, that curiosity has come in handy at some point or another.

In each role, I can tell who's there to clock in and clock out vs who is genuinely curious and looking to improve, and it's the latter group who tend to produce the best work and go on to great roles after leaving our company, while the 9-5 warriors who just focus on the requirements tend to do pretty mediocre when it comes to advancement.

When I hire, I look for that curiosity because you never know what you'll need to know to fix a prod issue quickly. My esoteric knowledge about SSH helped keep my team productive for a few days when IT was being slow revolving our issue, and likewise we've had quick resolution to prod bugs because someone on the team knew something random that ended up being relevant. That's what I mean when I say I look for a diverse team, I want people with different strengths who all actively seek to improve so we'll have a good shot at handling whatever comes down the pipe (and we get a lot of random stuff, from urgently needing to embed 3D modeling tools into our reporting app to needing to embed complex C++ simulation code or rewrite Fortran code into our largely CRUD Python app).

Most of these cases of "focus on one niche" are often symptoms of lacking curiosity and just wanting to tick boxes to quality for a role. I'd much rather someone miss a few important boxes but tick a lot of random ones because they're curious; they'll take longer to on-board, but they'll likely be more useful long term.

I don't work in the security space, but I think the same applies to most technical fields. Breadth of knowledge in an individual provides depth of knowledge in a team.

[–] [email protected] 1 points 3 hours ago

now I know a fair amount about EE

But, did you ever use a Smith's chart to assist in antenna design / analysis?

[–] [email protected] 1 points 7 hours ago (1 children)

Yeah I don't think we actually disagree much here. :)

I think my angle is just slightly different? I see that ease of access (eg cloud) make it possible for a lot more uncurious and clock-out people to enter the field and pass as competent. To be honest, even the modest introduction of auto-formatting editors are easy to see as good and useful, but I also feel that they allowed shoddy work to look passable at first glance. AI will make this a lot worse.

But as for the actual people who have it in them to be competent, people that were always there and still are, cloud is not going to make them worse.

[–] [email protected] 3 points 7 hours ago

I guess my point is that it's harder to suss out the actually competent people if they're able to build a good portfolio using tools. AI makes this harder, since they can sound more competent than they are, and them a few months down the line we need to discuss them leaving the org.

[–] [email protected] 8 points 1 day ago (5 children)

Mind you that my take and experience is specifically in the context of security.

I struggle to make the parallel that you suggest (which might work for some areas) with a security engineer.

Say, a person learned to brainlessly parrot that pods need to have setting x or z. If they don't understand them, they can't offer meaningful insight in cases where that's not possibile (which might be specific), they can't provide a solid risk analysis etc.

What is the counterpart to this gap? Because I struggle to see it. Breadth of areas where this superficial knowledge is available is useless, IMHO.

[–] Scipitie 13 points 1 day ago (2 children)

Because a security engineer focused on cloud would rightfully say "pod security is not my issue, I'm focused on protecting the rest of our world from each pod itself.". With AWS as example: If they then analyze the IAM role structures and to deep into where the pod runs (e.g. shared ec2 vs eks) etc. then it would just be a matter of different focus.

Cloud security is focused on the infrastructure - looks like you're looking for a security engineer focused on the dev side.

If they bring neither to the table then I'm with you - but I don't see how "the cloud" is at fault here... especially for security the world as full of "following the script" people long before cloud was a thing.

load more comments (2 replies)
load more comments (4 replies)
load more comments (1 replies)
[–] [email protected] 6 points 1 day ago (3 children)

I get what you’re saying, but also see the other side - these services exist and aren’t ever going away, so the level of knowledge you need about these to use them at least competently is significantly reduced.

What their existence does mean is that there are thousands of developers who wouldn’t ever touch or learn any of this stuff previously are now actually learning it and using it. That’s a positive thing. Not everyone needs to be an expert on the inner workings of everything that a service provides unless you’re specifically looking for an expert.

Also…..people lie on CVs and cover letters. If your ad has buzzwords and technology X, Y, and Z, then you should expect people with little to no knowledge of at least one of those things to have all 3 on their resume.

[–] [email protected] 2 points 3 hours ago

I applied to a place that asked "experience in SquirrelScript" - that seemed like a personality test, I told the truth: 0. Surprisingly, when I got hired there, they were indeed one of the three places in the world using SquirrelScript at the time. Manager said that over half of applicants professed deep experience with SquirrelScript, but none ever had it for real. It wasn't hard to learn.

[–] [email protected] 1 points 4 hours ago

If too much of these services are provided by another country, that country could severely cripple your infrastructure by denying you service. In times of international conflicts, this could be a very serious problem.

[–] [email protected] 1 points 16 hours ago

I partially agree, but not only we are looking for experts of that thing, we are also looking for security experts, and security knowledge is very much meta-knowledge. A software developer might not care at all about - say - how the CI/CD works, because all they care is that the thing builds the code. A security expert generally has a broader scope, and their job is not functional, which means their job is exactly understanding the thing to be able to model the risks around it. So they might not care of all the tools used in that CI/CD or the exact details of the steps, but they should understand the execution flow, the way third party dependencies are pulled, verified, consumed, the authorization model etc.

There is no such thing of security professional who doesn't understand - at least from an academic point of view - the overall setup of a thing they worked with.

If I take the image attestation example I made in the post, I consider the "inner workings" to be the cryptographic details, such as ciphers and their working mechanisms, or the exact details of the way that attestation can be verified offline, or what exactly is computed and how. I am OK with someone not knowing this. But not understanding the whole flow? Well, without this what's left? Copying the 3 lines of code that do something from the Github documentation? Any software engineer can very much do that, what is your contribution as a security specialist?

…..people lie on CVs and cover letters. If your ad has buzzwords and technology X, Y, and Z

Totally agree. It is very likely, although the more people I interview, the more I think that they are not lying from their perspective. It's that people can legitimately make a career today by stitching together stuff with scotch tape, spending years by just by doing that and effectively have little to show for those years. But from their perspective, they might be experienced in that stuff, maybe?

[–] [email protected] 11 points 1 day ago (11 children)

I'm a very good engineer, but so much of my time is consumed fighting with Tekton pipelines and migrating testing frameworks and versions I barely have time to write code. But that's because I can figure that stuff out when I have to. All the code is written by the people who can't figure that stuff out.

Why this isn't two separate jobs I can't understand. Let me do some stuff I'm good at rather than constantly fighting with things I'm not?

[–] [email protected] 2 points 8 hours ago (1 children)

I somewhat disagree here, but also somewhat agree.

In my org, we get a lot of requirements that require very different skillsets. For the first 2-3 years, our task list was mostly CRUD stuff with some domain specific logic, but otherwise a boring web app. In the last 1-2 years, we have:

  • ported a Fortran simulation to Python
  • embedded a C++ simulation in Python
  • created a 3D UX for our previously 2D only app (lots of 3D logic on both FE and BE)
  • implemented a machine learning algorithm to train our simulations

If I hired only for the work I'd seen in the past, we'd be completely unfit to handle this workload since we'd mostly have people who are really good at building CRUD apps (so DB optimization and quick UX building).

On the flipside, we cut off huge swaths of work so people don't need to wear too many hats. We have:

  • dedicated devOPs - handles everything from trst pipelines to prod deployments
  • dedicated QA - manual and automated app-level testing - devs still do unit testing
  • dedicated product teams who handle feature requirements and documentation
  • dedicated UX team to produce designs for FE engineers to implement

So our devs only need to worry about development, but they also need a broad skillset in that domain, from everything from local tooling to working in different domains. We hire a diverse set of candidates, some with a heavy math background, some with design experience, and some with low level programming experience, because we never know what projects we'll get or who will suddenly leave the org.

[–] [email protected] 1 points 4 hours ago

If I understand the gist, I'll just say I'd like my job to be some stuff I'm good and some stuff that challenges me. When I do nothing but challenge myself, imposter syndrome sets in. When I do nothing but the stuff that I'm good at, it gets really boring. I need to find a better mix than I have been.

load more comments (10 replies)
[–] [email protected] 8 points 1 day ago (1 children)

I'm not in any way, shape, or form an engineer so I don't really understand the exact details of your post.

However, you post reminded me of a really good episode of a podcast called Hidden Brain. In it the host, discusses the topic of knowledge with a cognitive scientist.

At one point, they talk about how sophisticated technology has gotten that people don't know how to solve problems if that technology brakes, especially since technology is getting so good that it makes fewer mistakes. They use an airplane as an example in which an experienced pilot forgot how to get out of a nosedive and crashed the plane. On a smaller scale, the host mentioned that he has a hard time navigating if his phone's GPS doesn't work.

Its a really interesting listen if you have the chance.

load more comments (1 replies)
load more comments
view more: next ›