Skip to content

First Week Checklist

Your first week at Timeless Biotech will include orientation, setup, and getting you productive. We've structured it with specific goals for each day. Your manager and onboarding buddy will guide you through each step.

Don't worry if you don't complete everything by the end of the week—most new hires take 2-3 weeks to get fully productive. The goal is to ensure you're unblocked and connected.

Day 1: Welcome, Accounts & Access

Goals: Get all your accounts created and MFA configured. Understand the company and team structure. Meet your teammates.

Morning

  • [ ] Arrive and get situated at your desk/workspace
  • [ ] Check in with your manager or onboarding buddy
  • [ ] Review this playbook and watch the company overview video (if available)
  • [ ] Meet the team—your manager will introduce you to key people

Accounts & Setup

  • [ ] Email address created (@timelessbiotech.com)
  • [ ] Slack account active; added to #general, #engineering, #help, #random
  • [ ] AWS console access confirmed
  • [ ] AWS MFA configured and tested—don't skip this
  • [ ] GitHub access added to Timeless Biotech org
  • [ ] 1Password vault access and account created
  • [ ] Okta SSO set up
  • [ ] Asana access to team projects

Afternoon

  • [ ] Complete AWS CLI configuration on your local machine
  • [ ] Generate GitHub SSH keys and add to GitHub account
  • [ ] One-on-one with your manager: role clarity, first week goals, any questions
  • [ ] Lunch or coffee with onboarding buddy
  • [ ] Review your first week schedule

End of Day

  • [ ] All accounts created and tested
  • [ ] AWS MFA working
  • [ ] SSH keys configured for GitHub
  • [ ] Onboarding buddy contact info saved

Blockers? If any accounts aren't created, message ops@timelessbiotech.com or your manager immediately.

Day 2: Local Development Environment

Goals: Get your development environment set up so you can run the codebase locally. Get comfortable with Docker and the basic tech stack.

Morning

  • [ ] Review the Development Environment Setup guide
  • [ ] Install required tools (Python 3.11+, Docker, Docker Compose, AWS CLI, PostgreSQL client)
  • [ ] Verify tool versions: bash python3 --version # Should be 3.11+ docker --version docker-compose --version aws --version psql --version

Clone & Setup

  • [ ] Clone the menotime-api repository: bash git clone git@github.com:timelessbiotech/menotime-api.git cd menotime-api
  • [ ] Create Python virtual environment: bash python3 -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
  • [ ] Install dependencies: bash pip install -r requirements-dev.txt
  • [ ] Copy .env.example to .env and ask your buddy to help populate secrets from 1Password
  • [ ] Start the local development environment: bash docker-compose up -d
  • [ ] Verify services are running: bash docker-compose ps
  • [ ] Test the API: bash curl http://localhost:8000/health

Troubleshooting

  • [ ] If Docker doesn't start, check Docker Desktop is running and resource limits are adequate
  • [ ] If database connection fails, verify PostgreSQL container is healthy: docker-compose logs postgres
  • [ ] If you can't access 1Password secrets, ask your buddy for temporary credentials to get started

Afternoon

  • [ ] Pair programming session with onboarding buddy (30-45 min)
  • Walk through the codebase structure
  • Understand how to run tests
  • Explore the main FastAPI endpoints
  • [ ] Join the engineering team daily standup (usually 10-11 AM)
  • [ ] Review your team's recent PRs to get a sense of current work

End of Day

  • [ ] Local development environment running
  • [ ] Can start and stop Docker containers
  • [ ] Health endpoint responds
  • [ ] Have a basic understanding of the repo structure

Blockers? Docker issues are common. Don't struggle alone—ask in #engineering or have your buddy help debug.

Day 3: Codebase & Architecture

Goals: Understand how MenoTime is built. Learn the architecture, understand key services, and see how components connect.

Morning

  • [ ] Review the Architecture Overview guide
  • [ ] Study the directory structure of menotime-api: menotime-api/ ├── app/ │ ├── core/ # Configuration, security, logging │ ├── models/ # SQLAlchemy ORM models │ ├── schemas/ # Pydantic request/response schemas │ ├── services/ # Business logic │ ├── routers/ # API endpoints │ └── utils/ # Utilities (de-identification, encryption, etc.) ├── tests/ # Unit and integration tests ├── migrations/ # Database migrations (Alembic) └── main.py # Application entry point
  • [ ] Read through a few key files:
  • main.py — Application setup and middleware
  • app/core/config.py — Configuration management
  • app/models/patient.py — Core data model example
  • app/services/deidentification.py — De-identification logic

Architecture Deep Dive

  • [ ] Review the Tech Stack Overview
  • [ ] Understand the basic flow: User Request → FastAPI Router → Service → Database
  • [ ] Learn about the main services:
  • Authentication: JWT tokens, role-based access control
  • De-identification: How patient data is anonymized before storage
  • Data Validation: Schema validation, clinical data constraints
  • Audit Logging: How all data access is recorded
  • [ ] Review the database schema (ER diagram in docs or via psql locally)
  • [ ] Understand the deployment pipeline: Code → GitHub → CI/CD → ECS

Pair Programming Session

  • [ ] 1-hour pair programming with your buddy or engineering lead
  • Walk through a real endpoint (e.g., data submission endpoint)
  • Understand how data flows through layers
  • Ask questions about design decisions
  • Explore how de-identification works in practice

Afternoon

  • [ ] Run the test suite: bash pytest
  • [ ] Pick one test file and read through it to understand testing patterns
  • [ ] Review recent commits to understand recent changes: bash git log --oneline -20
  • [ ] Join engineering standup if applicable

End of Day

  • [ ] Understand overall architecture (API → Service → Database)
  • [ ] Can navigate the codebase
  • [ ] Know where key business logic lives
  • [ ] Tests pass locally
  • [ ] Have a mental model of how a request flows through the system

Note: Don't try to understand everything today. You'll keep learning the codebase over the next weeks.

Day 4: First Task & Pair Programming

Goals: Pick up your first real task. Get feedback on your code. Contribute to the codebase.

Morning

  • [ ] Meet with your engineering lead to discuss your first task
  • [ ] Ideal first tasks: bug fix, small feature, documentation, test improvement
  • [ ] Make sure you understand:
  • What the task is
  • Why it matters
  • Any acceptance criteria
  • How to know when it's done
  • [ ] Set up your feature branch: bash git checkout -b feature/your-task-name

Implementation

  • [ ] Work on your task (with pair programming support available)
  • [ ] Write tests as you go (test-driven development preferred)
  • [ ] Keep commits small and focused
  • [ ] Ask questions in #engineering if you get stuck

Code Review

  • [ ] Open a pull request with a clear description
  • [ ] Assign a reviewer (your buddy or engineering lead)
  • [ ] Respond to feedback and iterate
  • [ ] Get approval and merge

Don't worry if your first PR needs multiple rounds of feedback—that's normal.

Afternoon

  • [ ] If your task is complete, pick up a second small task
  • [ ] If your first task needs iteration, work on feedback
  • [ ] Explore related areas of the codebase
  • [ ] Attend engineering standup

End of Day

  • [ ] Have one PR open or merged
  • [ ] Understand the code review process
  • [ ] Have contributed something to the codebase

Day 5: Security, Compliance & Wrap-up

Goals: Learn critical HIPAA and security requirements. Ensure you understand what we do differently to handle sensitive data. Reflect on your week and plan next steps.

HIPAA & Compliance Training

  • [ ] Watch HIPAA training video (30 min)
  • Overview of HIPAA
  • MenoTime's HIPAA responsibilities
  • Common mistakes to avoid
  • Your role in compliance
  • [ ] Read the HIPAA Essentials guide
  • [ ] Read the Security Best Practices guide
  • [ ] Key takeaways:
  • Never log PII (names, SSNs, medical record numbers, etc.)
  • Always encrypt sensitive data at rest and in transit
  • Always authenticate before accessing data
  • Audit everything — log who accessed what data and when
  • Report incidents immediately — if you suspect a breach, notify your manager and security immediately

Security Checklist

  • [ ] Laptop encryption enabled (FileVault on macOS, BitLocker on Windows)
  • [ ] AWS MFA confirmed working
  • [ ] GitHub SSH keys secured
  • [ ] No credentials stored in code or .env files (use 1Password)
  • [ ] VPN enabled if working from public networks
  • [ ] Password manager (1Password) set up and passwords stored
  • [ ] Slack two-factor authentication enabled

Data Handling Practices

  • [ ] Review Data Handling & De-identification
  • [ ] Understand what qualifies as PII/PHI
  • [ ] Know how to safely store and transmit data locally
  • [ ] Understand when you can/cannot export or share data
  • [ ] Know the incident reporting process

Week Wrap-up

  • [ ] Reflect on your first week with your manager (1-on-1)
  • What went well?
  • What was confusing?
  • What questions remain?
  • What should we improve about onboarding?
  • [ ] Update your Slack status to "onboarded" or similar
  • [ ] Say hello to the team in #general if you feel comfortable
  • [ ] Add feedback to the onboarding process (we're always iterating)

End of Week

  • [ ] Understand HIPAA requirements and your role
  • [ ] Security best practices are second nature
  • [ ] Know how to report an incident
  • [ ] Have completed at least one pull request
  • [ ] Have built relationships with 5-10 teammates
  • [ ] Understand your first week assignments for next week

Next Steps

By the end of week 2, you should be: - Working on 2-3 tasks per week independently - Participating in code reviews - Attending all team meetings - Comfortable asking questions and getting help - Starting to specialize in your area (backend, frontend, infrastructure, etc.)

General Notes

Pace: If you're not finishing everything on schedule, that's fine. Talk to your manager. Everyone onboards at a different pace.

Asking for Help: Please ask questions. We prefer to answer questions than for you to spend hours stuck. Mistakes made during learning are good—mistakes made in production because you didn't ask are bad.

Pairing: We encourage pair programming, especially during onboarding. Use it liberally for debugging, learning, and getting unstuck.

Feedback: We'll ask you for feedback on onboarding. Please be honest. We're always trying to improve the experience for the next person.

Last updated: February 2025