I recently spent a considerable amount of time interviewing candidates for a Senior Developer role. One of the main things I wanted to be sure of before they even passed the first interview was that they knew how to write clean, secure code.

Rather than take a large slice of time out in the first interview to *create* such code, I decided to write a piece of well-meaning but lethally dangerous PHP code such as a beginner might create, and ask for their comments on it. Now that I've finished interviewing (for this batch of developers at least) I thought I'd release that code with annotations.

It should be a useful example to anyone who wants to make their PHP secure, as it displays most of the common PHP security mistakes in about 40 lines, as well as a few more general beginner's errors.

I found out a number of very interesting things while interviewing:

• Giving interviews is (by the 10th or so) harder work than taking them.
• A lot of candidates assume that a "Senior PHP Developer" is a project manager who doesn't need to be able to understand or audit the code produced by his* minions.
• Far too many "Senior Developers" with significant commercial experience don't know about security issues. This probably explains why so many websites get hacked.
• The greater a candidate's involvement in the online community, the more they tended to know and care about security. One of the key things I was looking for was developers for whom PHP was more than a 9-5 job, and this experience very much justified that requirement.

As it happens I found out more about each candidate's security knowledge in the 10-15 minutes this test took than from 2-3 hours of pair coding in the second round interviews. From that, however, I learned a lot more about their own coding styles and personalities.

The moral of the story? Never hire a coder from his CV; make sure he's taken a real-world technical test first, with someone who can really evaluate the results at a higher technical level. Personally I'm unconvinced by memory-test, learn-by-rote certifications that are evaluated by computers; I'd rather draw my own conclusions about a developer.

* There were no female candidates. Coding, it seems, is still very male-dominated.

UPDATE: All positions filled

My employer is hiring - we need to add a coder to the team; someone with an interest in professionalism and working to standards:

The Mind Gym provides short, punchy corporate training workouts backed by a strong online presence that gives participants access to a wide range of supporting material and a series of mailshots and magazines. Individual readers of our two bestselling books also receive access to our online tools and community area through individual codes printed in each copy.

We manage all of our technology in-house and use a custom-built CRM system to provide the best possible interaction between our customer relationship team, coaches and clients.

We are looking for a senior developer to join our energetic in-house team and help take our website and internal business applications to the next level of quality, stability and performance. We’re looking for an agile developer who can get things done quickly and get them done right – and we’ll supply the atmosphere that makes this happen.

You will need:

• Excellent skills in web application development with PHP5 (OO) and MySQL
• Fluency in cross-browser, semantic XHTML and CSS design
• An in-depth understanding of security and accessibility issues
• The ability to share project responsibility and ownership
• Excellent communication, self-motivational and team working skills

As this is a small team, you’ll need a range of supporting skills, which may include:

• Fault tracking
• Version control
• Unit testing
• General Linux and network administration
• Understanding of network protocols

That said, we’re interested in anything you can bring to the team, whether expertise, energy or experience. We know that good coders aren’t language-specific so we’ll be interested in skills in a range of languages. We expect all of our developers to learn from each other so new skills are always welcome.

If you’re the person we’re looking for, chances are you’ll also develop in your own time, take part in community discussions and have worked on open source and/or personal projects; coding isn’t just something you leave in the office. Technically you’ll report to the Lead Programmer / Technology Manager, but in reality you’ll be generating your own ideas and helping to meet the needs of the entire team.

The role is full-time and is based in Kensington, London, UK. Salary is up to £35K, plus generous benefits and up to 30% bonus. For more details or to apply, contact Richard George at richard.george@themindgym.com