LGTM: Strategies for Successful Code Review

It's easy to tell when peer code review fails: a minor one line change is blocked with a dozen comments; a massive pull request with hundreds of files is approved with just "LGTM"; a critical requirement is missed; a production-breaking bug slips through; your reviewer is being a pedantic jerk; the reviewee thinks *you* are a pedantic jerk. Giving good code reviews is a skill just as creating good code and writing good tests: it takes practice. This talk will mostly skip over the theory and various reasons why you should be doing peer code reviews. Many companies don't have a choice: code review is required explicitly or implicitly (as a standard secure coding practice) by many compliance frameworks, like SOC 2, HIPAA, PCI-DSS and GDPR. What we will cover are practical, real-world strategies for successfully reviewing code, including: - How to think through the code while reviewing it and finding issues - When to approve versus when to block a pull request - Writing review comments without being a jerk - Pair peer code reviews versus traditional peer code reviews - How to make the review process beneficial to both the reviewer and reviewee - What parts of code review can be outsourced to code quality and AI review tooling - How to review code in an unfamiliar language (e.g. Python, Rust, or Go)