Over the last couple of weeks I’ve spent a lot of time thinking about team leadership, promotions (tis’ the season), my career and projects.

This post is broken down in two parts, first I wanted to write a little about planning projects and then about leadership, promotion and responsibilities.

For the longest time I’ve noticed that there are subset of projects that I just didn’t feel suited to run.

I was never able to explain why, but projects that typically put large constrains on imagination by having a non-flexible requirements (law/regulation) or where initial launches need to have all T’s crossed and i’s dotted with little margin for changes, just didn’t interest me and I never felt suited for them (I’ve thought about this for years but never once brough it up to anyone or felt confident enough to talk about it in public, I do now that I understand where “I fit”.).

Planning

When thinking about the way I plan projects, I typically think about “the final product”, 5 years out and then start decomposing it back. It typically ends up looking like the equivalent of the tech tree in a game of Civilization, and then when me and the team hit that “final product” mark, it becomes the pivot point for the next large thing, another 4 or 5 years out.

For example for BinaryEdge, here are what the high level versions looked like.

be2015

be

As some of you know, we then launched Attack surface monitoring which was one of the first milestones I had planned that used BinaryEdge 2020 as the base for the next 5 years.

A couple of things are important though, if you look at that roadmap, lots of things happened in different order, or some featurs we launched only to later go in a different direction or kill them all together. But from all of them we learned, we grew, we adapted. For each feature, I always try to follow a template.

  • Title - What is this
  • Description - Why should we do this
  • Benefits to customer - Why would a customer want this / Benefit from it
  • MVP needs - What is the absolute barebones development that needs to be done for us to confirm this bring benefit to said customer
  • Success - What do we want how of this to confirm it was successful?
  • Fail - In case of failure what is the worst that could happen? (PS: A failure isn’t necessarily a bad thing. When you fail you learn, just make sure you fail in a contained environment or with contained risk and that you learn from that failure.)

I have hundreds of these written and I continuously add to them, and then at beginning of each year I pull them in, look at the ones that can bring the biggest benefit to customers or impact to the company and discuss those with the team to choose priorities.

Even BinaryEdge itself was at one point one of these

  • Title - Startup that scans the internet
  • Description - We saw good succcess with PTCoresec, I think we could build a business that sold internet scanning data to organizations to help them protect themselves.
  • Benefits to customer - Scanning the internet is hard, scanning all assets for an organization is hard, curating all events and showing only things that are important for a security team is hard - we can make all of this simple for them. When a vulnerability comes out orgs don’t know if they are affected by it or not.
  • MVP - Use a TCP scanner, build something like nmap but faster that can identify services, have a data processor based on rules that can build reports or the data in a database that orgs can query easily.
  • Success
    • Company: We are able to identify organizations that have security exposures, they are willing to pay for the service and let us handle dealing with data wrangling for them.
    • Personal: Work on something I have fun with, with people I enjoy. My own thing. Lots to learn.
  • Fail
    • Company: Orgs aren’t willing to pay for this, we don’t have enough knowledge on how to maintain all of the data in an easy to use system.
    • Personal: Multiple years of life/career lost. Friendships lost. Money loss.

This system has allowed my imagination to run wild, think of whatever features I could imagine, or observed as a need, and I really enjoy it. (PS: As usual, just because it works well for me, doesn’t mean it needs to suit you.) But this system also has a VERY special requirement. You need people around you that can work the same way.

This is a set of skills that my current team has. We iterate fast, we start with building the absolute minimums in products to test with customers and then improve or cut things that are not needed. This system allows us to get super early feedback, instead of investing months or years into something we believe is correct, only to then have no way back/out from it. Unfortunately it also means that as I mentioned in the beginning, projects that are heavy on restrictions/regulation, are not well suited for us, but building tools/products for customers to use on a daily basis, are absolutely perfect.

The most extreme version of this, was when a few years ago we built a mobile app to teach people about security, and that also served as a internal network scanning agent.

We started with a paper prototype, which allowed for some super fast testing (you can get one of these done in <1 day):

cyberfables1

Then moved to an electronic prototype (Adobe XD)

cyberfables2

And then it landed with our last version, which went to the app store

cyberfables3

A great way to learn more about this is to become certified in Design thinking, I did the certification with IDEO a few years ago and learned a ton!

This brings us back to the beginning of this post. I never knew how to explain all of this in a simple way, that is, until I read Sid Meiers memoir.

In his memoir, he explains that he thought of projects like sculpting. There are different types, sculpting with granite he never felt was the right thing for him, you chip one bit too much and the entire thing is ruined. However sculpting with clay, is a lot more fun, imaginative and forgiving, you add a piece of clay, you don’t like it, take it away, you chipped a bit too much? add a bit more clay and it looks normal again.

In reading this it immediately clicked as a nice way to describe how I feel about projects. Projects more rigid like granite, not good for me, projects that require imagination, exploring a problem, and quickly try different iterations until you find one that works well, are also well suited for me.

Promotions, leadership and responsibilities

One thing I don’t feel you hear during life, is that promotions are also hard.

Going from IC to team lead, and team lead to leader of leaders causes huge changes in your scope, and if you’re not prepared these can catch you by surprise.

Hiring and placing a team around you that you trust implicitly become two of the most important actions you can take. The soft skills start to matter so much more. The teams start to gain their own personalities, and sometimes they are very different (and can still work together well).

A lot more people look to you to guide and lead. Things that you don’t like to do, you have to do, because you can’t just think about yourself, you have to think about the team.

Your contributions to a project move from discussing if the API’s should work synchronously or asychronously, which database to use or which latest and greatest tech to use, to discussing roll out plans, coordination between different teams and metrics.

Checklists and templates become your best friends (a great book on this topic is: The Checklist Manifesto: How to Get Things Right by Atul Gawande)! I’ve really become obssesed with building templates for things I have to do on a weekly/daily basis, and Notion makes it super easy to just right click - duplicate a page that serves as template.

Come review season, every year you should ask yourself “Where do I want my career to go?” and make sure your manager knows how you feel about your career. Choosing to remain an IC is an absolutely valid choice, not everyone needs to become a manager.

Knowing the answer to that question is not only important for you, but for your entire team, and specially if you’re a manager, you need to be prepared for the change because if you do not commit to it, your team will feel it.

Your decisions have a huge impact on people’s lifes, working through leveling and promotion, to figuring out if people are doing well on their projects can change the motivation of your individual contributors in a snap. Find people to help you, you won’t be able to solve big problems by yourself.