Recruiting is hard

It’s going to be easier to outsource this work to somebody who is more of an expert than I’ll ever be, would ever want to be, or could ever be.

We (Profian) are currently looking to recruit some software engineers. Now, I’ve been involved in hiring people before – on the interviewing side, at least – but actually doing the recruiting is a completely new experience for me. And it’s difficult. As the CEO of a start-up, however, it turns out that it’s pretty much down to me to manage the process, from identifying the right sort of person, to writing a job advert (see above), to finding places to place it, to short-listing candidates, interviewing them and then introducing them to the rest of the team. Not to mention agreeing a start date, “compensation package” (how much they get paid) and all that. Then there’s the process of on-boarding them (getting contracts sorted, getting them email addresses, etc.), and least some of which I’m pleased to say I have some help with.

The actual recruiting stuff is difficult, though. Recruitment consultants get a bad rap, and there are some dodgy ones, but I’m sure most of them are doing the best they can and are honest people. You might even be happy to introduce some of them to your family. Just a few. But, like so many other things about being start-up founder, it turns out that there comes a time when you have to say to yourself: “well, I could probably learn to do this – maybe not well, but with some degree of competence – but it’s just not worth my time. It’s going to be easier, and actually cheaper in the long run, to outsource this work to somebody who is, frankly, more of an expert than I’ll ever be, would ever want to be, or could ever be. And so I’ve found someone to work with.

What’s really interesting when you find somebody to help you with a new task is the time it takes to mesh your two worlds. I’m a software guy, a we’re looking for software people. I need to explain to the recruitment consultant not only what skills we’re looking for, but what phrases, when they appear on a LinkedIn page or CV[1], are actually red flags. In terms of phrases we’re looking for (or are nice to haves), I’d already mentioned “open source” to the recruitment consultant, but it was only on looking over some possible candidates that I realised that “FOSS” should be in there, too. A person whose current role is “Tech lead” is much more likely to be a fit than “Technical manager”. What’s the difference between a “cloud architect” and a “systems architect”? Is “Assembly” different to “WebAssembly” (yes! – oh, and the latter is sometimes shortened to “Wasm”).

There are, of course, recruitment consultants who specialise in particular technical fields, but what we’re doing (see the Enarx project) is so specialised and so new that I really don’t think that there are likely to be any specialist recruiters anywhere in the world (yet).

So, I feel lucky that I’ve managed to find someone who seems to get not only where we’re coming from as a company, but also the sorts of people we’re looking for. He wisely suggested that we spend some time going over some possible candidates so he could watch me identifying people who were a definite “no” – as useful for him as a definite “must interview”. Hopefully we’ll start to find some really strong candidates soon. If you think you might be one of them, please get in touch!

(Oh – and yes, I’ve invited him to meet my family.)


1 – that’s “resume” for our US friends.

3 things you need from a VC

A perspective from a first-time start-up founder.

As I discussed in a recent article (Announcing Profian), we recently received seed funding for our start-up from two Venture Capital firms: Project A Ventures and Illuminate Financial (thanks again, folks!). When you’re looking for start-up funding, in my experience, you’re focussed at the beginning on one thing, and one thing only, and that’s money. The clue’s in the phrase: raising a funding round is about, well, funding. So you might think that the answer to the question “what 3 things do you need from a VC” is “money, money and money”. However, you’d be wrong.

I found, at the beginning of the process, that this was absolutely our focus. This was our first time doing this, and we were desperate to get enough money to be able to start the company and get things moving. That didn’t change, but along the way, I received some very good advice about other areas we should be thinking about, and I really think it’s worth sharing this perspective from a first-time start-up founder.

1. Money

OK, so the first one is money, but it’s not money at any cost. You need to have enough funding to be able to see your way through to your next injection of cash (whether that’s an A Round, loans or just revenue), but a VC-led seed round isn’t the only way. There are angel investors (we had some in our seed round, in fact – thanks to them as well!), enterprise capital, crowd-funding, grants and other options. Even if you are going to do a standard VC-led seed round, you need to think about how much equity (your share of the business, as a founder) you’re will to give up, what further financial help your VCs will give you in the future, what timescales they’re looking at, and what sort of exit they’re looking for. For instance, if they want to sell the company as soon as possible and you want to spend 10 years building a multi-billion business, you need to consider whether they’re the right investors for you right now.

2. People

What is your relationship with your investors? What personal chemistry do you share? How well do you get on? Do you trust them? Are they people you can contact for advice when you have a tricky problem? What experience can they (or their partners) bring to the table when you encounter a situation which is new and you could use some guidance? I’m not suggesting that they should be the first person on your speed-dial list for every bump in the road, but you’re going to be spending a lot of time with these people over the next few years, and their views, expertise and advice are likely to be instrumental in the successful running (or unsuccessful running…) of your company. If the relationship breaks down, they can make life difficult for you (very difficult, if the board composition is such that they can control it). You want people who you trust, and preferably get on well with: these should be people you can turn to when things are tricky. They have experience which should help you navigate difficult situations – particularly ones which are new to you, but which they’ve seen many times before.

3. Network

VCs bring networks with them. They should have a portfolio of companies who they have funded in the past, and set of companies they didn’t end up investing in, but continue to be on good terms with, companies they’re considering investing in, and the customers and business partners of all of those companies. You want to be choosing investors who can put you in front of all of these people as possible partners and customers, experienced hands and even future investors, and you want them to be relevant. If you’re launching a consumer financial product, and all of your VCs’ networks are in institutional medical pharmaceuticals, then you should probably reconsider. Choose investors who can help you.

There’s another type of network: some VCs are what are called operational VCs, meaning that they provide specific services for their portfolio companies. Some of these may be free, others provided at discounted prices, and they may include everything from branding services, marketing, accounting, recruitment or the opportunity to embed one of their staff in your organisation for a while to fill a requirement while you find a permanent employee. Again, choose investors who can help you.

Conclusion

Without funding, your start-up will, eventually, fail, or it just won’t happen. You need money, and the venture capital market (it is a market) is one proven way to get it. It can be a hard slog to get the initial interest – we got very close to giving up – but once you do get that initial “bite”, try not to jump for the very first VC who shows a sign of giving you a termsheet. We decided not to follow up with a number of VCs for all of the reasons above (specifically – differing expectations on exit; no personal chemistry; no strong match with portfolio), and are happy with our decision. If you’re going to make your start-up business succeed, it deserves – and you deserves -the best fit: and that’s not just money.

10 ways to avoid becoming a start-up founder

It’s all rather like hard work, and so best avoided at pretty much all costs.

In last week’s article, I announced the start-up, Profian, for which we’ve just got funding, and of which I’m the co-founder and CEO. This week, I want to give you some tips so that you can avoid the same fate that befell me: becoming a founder, a role which is time-consuming and stressful. Just getting funding can take (did take, in our case) months of uncertainty and risk, and then, when (if) you get funding, there are the responsibilities towards your employees, your investors, government, the law and all the other pieces that whirl around your head (and into your inbox). It’s all rather like hard work, and so best avoided at pretty much all costs. Here’s my guide to doing that.

1. Avoid interesting work

Probably the biggest reason that I fell into the trap of starting a new company was that I couldn’t see myself doing anything other than working on Enarx, the open source project for which Profian is custodian, and on which we will be basing our products and services. I’d had other responsibilities in my previous job, but Enarx was what I cared about the most, and the idea of giving up working on it was unconscionable – I just had to do it. So started the quest to find a way to continue working on Enarx, and to do it full-time.

2. Don’t be passionate

It’s also probably best to avoid getting too excited about what you do. That way, you can give up after a while, and stop bothering your family and friends with your annoying obsession. Most importantly, investors are much less likely to give you money (not to mention customers much less likely to buy your products and services) if you’re basically luke-warm about the whole idea.

3. Work with dull people who you dislike

If you have the misfortune to enjoy spending time with your co-founder(s) and founding team, you’ll have less interest in working with them, not to mention working through complex and sometimes awkward topics such as how to split equity, who can absorb upfront expenses before funding comes through, when it’s appropriate for either or any of you to take some holiday (and for how long), and even more important questions like what colour your logo should be, and what font family best defines your brand. If you don’t like your team or co-founders, or find their company uninteresting, you are much more likely to give up on working with them, hence avoiding getting too far down the start-up road.

4. Ignore customer need

You may not have actual, paying customers early on (we don’t, yet), but at some point, you are probably going to need to get some. And one of the things that investors seem completely fixated on, in my experience, is how you’ll get revenue (very customers). The investors seem to think that you should listen to customers and gear what you’ll be producing to their (the customers’) needs and requirements. This suggests that your vision for the company should be diluted – nay, adulterated – by the market, as opposed to what you want, and what you think should be happening. In the very worst case, your investors may require you to talk to actual people from actual possible customers. If you can ignore their views, you’re much less likely to have to accept funding, and can give up much earlier.

5. Assume you know best

Related to our last point, if you know best, then you don’t need to take advice from anyone. Possible investors love providing their expertise and experience, and there’s a wealth of material in blogs, wikis, podcasts, news articles, LinkedIn posts and beyond which allow you to tap the collected wisdom of thousands of people who’ve trodden similar paths before you. The excuse you can give is that they can’t all be right, so rather than listening to the various advice you’re offered (for free!), reading, listening to and watching the various sources and then taking the time to sift through them all and work out what’s relevant and useful, you might as well assume that you know best (and always have done), and keep plugging away at what you’re already doing. This is almost guaranteed to remove any chance of funding (let alone anyone wanting to work with you).

6. Set your pitch deck in stone

Before I started on this journey, I’d heard about pitch decks: they’re what you show to possible investors to try to interest them in working with you. They should be short, punchy and lacking in extraneous information. I could have suggested long, waffly decks with random cat pictures and irrelevant market sector data, but I think that an even safer way of avoiding attracting interest for your start-up is to create a one-off pitch deck right at the beginning of the process and then never to change it. This is related to the previous point about knowing best, but the pitch deck is such an important tool in the journey towards creating your start-up that I felt it was worth its own section. As you learn more (well, assuming you do – see last point) and get more advice, the way you present your great idea for the company, if not the idea itself, will change. Having a pitch deck which reflects this new, improved thinking, will only aid you on your path, and as we’re trying to avoid such a dangerous move, you’ll want to have a single pitch deck, crafted at the beginning of your quest, and completely immune from improvements or changes of any kind.

7. Tell investors what you assume they want to hear

This one is a little counter-intuitive. You might assume that telling people what they want to hear is a sure-fire way to ensure that they give you money, and will therefore make you more likely to end up as a founder. But no! If you tell people what you think they want to hear, rather than what you actually believe, investors will either see through you (most of them have met many, many founders and heard many, many pitches – they’re not stupid) and reject you, or you’ll end up with a bunch of investors who actually think you’re doing something completely different to what you want to do, and things will fall apart as soon as it becomes clear that you’re not aligned. This is likely to be around the time that you’re getting into the nitty-gritty of your business plan or agreeing final terms, and is a pretty safe way of guaranteeing that everything will implode just in time to stop you having to becoming a founder.

8. Reject support from friends and family

I mentioned, right at the top of this article, that the journey to founding a start-up was long and stressful. Well, there’s a possibility that, from time to time, friends and family will want to discuss things with you, and offer you support to get through the hard times. Taking this sort of support significantly reduces that likelihood that you’ll burn-out before the process is complete, as they may help you to keep some perspective, provide emotional support and generally keep your mental health on an even keel. Crashing and burning because you’ve failed to accept support offered by people outside the process, who can see things in a different light, where the entire world isn’t bounded solely by just incorporating the company, getting through the funding round, hiring your first employees, filing initial tax returns, setting up bank accounts and the rest, is an easy way to avoid becoming a founder. As an extra bonus, failing to involve your close family (spouse, partner, etc.) in the decisions about financial risk, likely time pressures, etc., is a recipe for family break-up if ever I heard one.

9. Remember it’s all about you

Who knows best? You (see above). Who’s running this show? You, again. Who’s this all about? You. Other co-founders, employees, investors, customers (again, see above) are incidental to the main event, which is you, the “hero founder” who will carry the company through thick and thin, providing the vision and resources to succeed, no matter what. This is the attitude you need if you want to alienate everyone around you (including family and friends, see above), and cause all your possible allies to desert you. Working as a collaborative team is so trendy and 21st Century: who needs support and buy-in when you have the drive to make it all happen yourself? Well, the answer will be you, as you won’t have any funding, employees or customers – but that’s what we were trying to avoid in the first place, right?

10. Don’t take any time off

You can fail to do all of the above, ignoring my advice and setting yourself up for a collaborative, well-funded, supported, successful company and still fail with this one, simple trick: make your entire life – every waking moment, every dream, every action, every thought and every word – about the start-up. Find no time for anything else. Become unhealthily obsessed with the company to the exclusion of all other. And you will fail. Taking time off would help recharge your passion, give you insights into other people’s views, allow you to accept support from friends and family and give you a sense of perspective: all things we’re trying avoid in our quest not to become the founder of a start-up. Refusing to take time off might seem like a way to concentrate all your efforts on succeeding, but in the longer term, it’s the opposite.

Summary

I find that writing “how not to” articles is a useful and fun way to provide a different perspective on sometimes important topics. I can’t pretend that the road to start-up foundership has been easy, nor that I’ve avoided taking some of the advice above, but it’s certainly exciting and worthwhile. And I wish I’d seen this article, or one like it, before I started.

Next I’ll … have a sleep

Sometimes, it’s time to break the cycle.

I’ve had a crazy week and a half, and I have another crazy week or two coming. Last night (as so often, it seems) I didn’t get as much sleep as I would have liked – for various reasons, the main of which includes an anxious 9 year old basset hound – and I have a busy day. So many important things to do. And they’re all important, and I need to do all of them. Of course. That’s what I’ve been allowing my brain to tell me, anyway.

So far, I’ve had breakfast, brushed my teeth, shaved, put the washing out, seen two kids off to school, got dressed, and walked the dogs with my wife (who’s about to head off to spend a couple of days with family – she’s been busy, too). I could (should?) get right down to the work that I need to do today. That’s the work that I’ve not already looked at – emails, documents, spreadsheets. It’s just gone 8am, and I don’t officially start my work day till 10:00am (I allegedly finish at 6:00pm).

But I’m going to have a sleep – just an hour, probably no more. The mountain of work (as it seems) isn’t going to go away, but it’s not going to get appreciably worse. And if I don’t take a bit of time, it’ll feel worse, I’ll probably do a worse job of managing it, and I’ll feel worse. An hour, I know, will make all the difference.

The fact that I can do this is one of the benefits of working from home. I’m not going to say “temptations”, because I don’t see it as a bad thing. This is partly because I’m not sure it would be as much as an issue if it weren’t for the fact that I’m working from home in the first place. There’s no easy dividing line between work and home, and there’s no commute to force me to take some time out and do something else, either. I can (and do) start checking my email at 6:05am, and only stop at, well, far later than I should have done. To be claer, I’m not asking for sympathy, but trying to identify the problem, own up, and encourage other people to take it seriously, too.

Sometimes, it’s time to break the cycle, or just realise that a cycle is about to start. We don’t want to be grumpy (grumpier?) with our family, or quietly seethe at our colleagues or work acquaintances, or resent the people on social media who seem to have it all covered (they don’t, at least most of them). We need to take a break, and that’s what I’m about to do. I have work support, and I don’t need to do everything myself, right now. It’s time for a sleep. See you in a while. In fact, do tune it next week: there will be some exciting news.

Organisational suppleness

Growing the ability to react to the unexpected is a valuable skill.

“In preparing for battle I have always found that plans are useless but planning is indispensable.”

Dwight D. Eisenhower

Much of this blog is about security – cybersecurity – in one way or another, but on occasion I do try to take a broader view. Cybersecurity is often modelled or described in military terms, talking about “fighting battles”, “wars of attrition” and “arms races” with “attackers”. These can be useful metaphors (and it’s why I started this article with a quote from a general), but there is a broader set of responsibilities that many of us in the sector need to consider, which is the continued (and hopefully healthy) functioning of our businesses and organisations. In particular, I like to talk about risk and how it relates not just to security, but to how businesses work and plan. One theme that I’ve visited before is that known or planned degradation of a service is often significantly better than failure, or even planned closure (see Service degradation: actually a good thing). My argument is that there are many occasions where keeping a service or business function running, albeit at reduced capacity, or with reductions in known capabilities, allows for better continuity than just stopping it.

Keeping a service running requires work. You can’t just hope that everything is installed and will run as you expect: what happens when your administrator is ill, your fibre-optic cable gets severed by a back hoe, or a DDoS attack is directed at you? You need to plan and practice what to do in these situations. What I’d like to explore in this article goes somewhat beyond the expectation of that planning in three directions. Let’s call them scenario coverage, muscle memory and organisational suppleness.

Scenario coverage

The first, and most obvious of the three directions, is about understanding eventualities. The more scenarios that we model and practice, the more we reduce our risk, simply because we have reduced the number of unknown eventualities in the probability space. There is a actually a side benefit to modelling lost of scenarios, which is that the more situations you consider, the more will come to mind. Every situation involves sets of choices or probabilities – “after the door closes, will it lock or not?” or “if the coolant fails, will the system turn off or burst into flames?” – and the more scenarios you consider, the more questions will arise. This can be daunting – and it’s almost impossible to consider every eventuality – but the more options are covered, the better your opportunities to mitigate the various risks they present.

Muscle memory

Muscle memory is what comes with training and practice. Assuming that you are including your teams in the scenario planning

And I’m assuming here that the planning isn’t solely a paper exercise. Theoretical planning, while useful, only goes so far, for a couple of important reasons:

  • systems will always fails in unexpected ways
  • people will do unexpected things.

What the first of these means is that however much you assume that your back-up generator will kick in if there’s a power outage, until you test it, you can’t be sure that it will. The second of these relates to the fact that however much you tell people what to do, when it actually comes to the doing of it, they’re unlikely to as you expect. This is likely to be even worse if there’s been no training, and you’re just assuming that person X will know how to operate a fire extinguisher, or that team Y will, of course, exit the building in an orderly manner via exit Z (rather than find fourteen different exits, or not even leave the building at all).

For both of these reasons, getting people together to work through possible scenarios, and then, where possible, actually practising what to do, means that you have a higher assurance that when one of the situations you’ve considered does arrive, that they will know what to do, and act as you expect.

Organisational suppleness

While you cannot, as we’ve noted, plan for every eventuality or know exactly how an employee or team will react when things go wrong, there is another benefit to involving a broad group of people in your scenario planning and training. This is that their very involvement gives them practice in dealing with uncertainty, working out how they will react, and giving them experience in how those around them will act. While I may not know exactly what to do if the payroll system goes down an hour before it is due to run, if I have worked with colleagues on scenarios where the sales processing system fails, I’ve got a better chance of making some sensible choices about who to contact, initial steps to take and information to collect than if this is the first time I’ve ever seen anything like it. Likewise, we may not have modelled our response to a physical failure of one of our network links, but our shared experience of practising our response to a DDoS attack means that we have an idea of what to do.

And it is not just having an idea of what to do that is important, but also having gathered and practised the cognitive skills associated with investigating failures, collating data, sharing information and working with others to ameliorate the situation which allows a team or an organisation to respond better to new, maybe unexpected situations. We can think of this as suppleness, as it means that rather than just failing, or cracking, an organisation can react as a tree does to strong winds, or a gymnast does to a new exercise. Growing the ability to react to the unexpected is a valuable skill for an organisation, and knowing that it is supple allows its leaders to plan with more certainty and mitigate more risk.

Buying my own t-shirts, OR “what I miss about conferences”

I can buy my own t-shirts, but friendships need nurturing.

A typical work year would involve my attending maybe six to eight conferences in person and speaking at quite a few of them. A few years ago, I stopped raiding random booths at the exhibitions usually associated with these for t-shirts for the simple reason that I had too many of them. That’s not to say that I wouldn’t accept one here or there if it was particularly nice, or an open source project which I esteemed particularly, for instance. Or ones which I thought my kids would like – they’re not “cool”, but are at least useful for sleepwear, apparently. I also picked up a lot of pens, and enough notebooks to keep me going for a while.

And then, at the beginning of 2020, Covid hit, I left San Francisco, where I’d been attending meetings co-located with RSA North America (my employer at the time, Red Hat, made the somewhat prescient decision not to allow us to go to the main conference), and I’ve not attended any in-person conferences since.

There are some good things about this, the most obvious being less travel, though, of late, my family has been dropping an increasing number of not-so-subtle hints about how it would be good if I let them alone for a few days so they can eat food I don’t like (pizza and macaroni cheese, mainly) and watch films that I don’t enjoy (largely, but not exclusively, romcoms on Disney+). The downsides are manifold. Having to buy my own t-shirts and notebooks, obviously, though it turns out that I’d squirrelled away enough pens for the duration. It also turned out that the move to USB-C connectors hadn’t sufficiently hit the conference swag industry by the end of 2019 for me to have enough of those to keep me going, so I’ve had to purchase some of those. That’s the silly,minor stuff though – what about areas where there’s real impact?

Virtual conferences aren’t honestly too bad and the technology has definitely improved over the past few months. I’ve attended some very good sessions online (and given my share of sessions and panels, whose quality I won’t presume to judge), but I’ve realised that I’m much more likely to attend borderline-interesting talks not on my main list of “must-sees” (some of which turn out to be very valuable) if I’ve actually travelled to get to a venue. The same goes for attention. I’m much less likely to be checking email, writing emails and responding to chat messages in an in-person conference than a virtual one. It’s partly about the venue, moving between rooms, and not bothering to get my laptop out all the time – not to mention the politeness factor of giving your attention to the speaker(s) or panellists. When I’m sitting at my desk at home, none of these is relevant, and the pull of the laptop (which is open anyway, to watch the session) is generally irresistible.

Two areas which have really suffered, though, are the booth experience the “hall-way track”. I’ve had some very fruitful conversations both from dropping by booths (sometimes mainly for a t-shirt – see above) or from staffing a booth and meeting those who visit. I’ve yet to any virtual conferences where the booth experience has worked, particularly for small projects and organisations (many of the conferences I attend are open source-related). Online chat isn’t the same, and the serendipitous aspect of wandering past a booth and seeing something you’d like to talk about is pretty much entirely missing if you have to navigate a set of webpages of menu options with actual intent.

The hall-way track is meeting people outside the main sessions of a conference, either people you know already, or as conversations spill out of sessions that you’ve been attending. Knots of people asking questions of presenters or panellists can reveal shared interests, opposing but thought-provoking points of view or just similar approaches to a topic which can lead to valuable professional relationships and even long-term friendships. I’m not a particularly gregarious person – particularly if I’m tired and jetlagged – but I really enjoy catching up with colleagues and friends over a drink or a meal from time to time. While that’s often difficult given the distributed nature of the companies and industries I’ve been involved with, conferences have presented great opportunities to meet up, have a chinwag and discuss the latest tech trends, mergers and acquisitions and fashion failures of our fellow attendees. This is what I miss most: I can buy my own t-shirts, but friendships need nurturing. and I hope that we can safely start attending conferences again so that I can meet up with friends and share a drink. I just hope I’m not the one making the fashion mistakes (this time).

Eat, Sleep, Wake (nothing but…)

At least I’m not checking my email every minute of every hour of every day.

If your mind just filled in the ellipsis (the “…”) in the title of this article with “you”, then you may have been listening to the Bombay Bicycle Club, a British band. I’ve recently seen them live, and then were good – what’s more, it’s a great (and very catch) song. “You” is probably healthy. If, on the other hand, your mind filled in the ellipsis with “work”, then, well we – or rather, you – have a problem.

When I wake up in the morning, one of the first things I do – like many of you, my dear readers, I suspect – is reach for my mobile phone. One of the first things I do on unlocking it is check my email. Specifically, my work email. Like many of us, I find it convenient to keep my work email account on my personal phone. I enjoy the flexibility of not being tied to my desk throughout the working day, and fancy myself important enough that I feel that people may want to contact me during the day and expect a fairly quick reply. Equally, I live in the UK and work with people across CET (an hour earlier than me) to Eastern US time (5 hours after me), often correspond with people on Pacific US time (8 hours after me), and sometimes in other timezones, too. In order to be able to keep up with them, and not spend 12 hours or so at my desk, I choose to be able to check for incoming emails wherever I am – which is wherever my phone is. So I check email through the day – and to almost last thing at night.

This is not healthy. I know this – as do my family. It is also not required. I know this – as do my colleagues. In fact, my colleagues and my family all know that it’s neither healthy nor required. I also know that I have a mildly addictive personality, and that, if I allowed myself to do so, I would drown in my work, always checking email, always writing new documents, always reviewing other people’s work, always, always, always on my phone: eat, sleep, wake…

In order to stop myself doing this, I make myself do other things. These aren’t things I don’t want to do – it’s just that I would find excuses not to do them if I could. I run (slowly and badly, up to 5 kilometres) 2-3 times a week. I read (mainly, but not exclusively, science fiction). I game (Elite Dangerous, TitanFall 2 (when it’s not being DDoSed), Overwatch, Civilization (mainly V, Call to Power), and various games on my phone), I listen to, and occasionally watch, cricket. And recently, I’ve restarted a hobby from my early teenage years: I’m assembling a model airplane (badly, though not as badly as I did when I was younger). I force myself to take time to do these things. I’m careful to ensure that they don’t interfere with work calls, and that I have time to get “actual” work done. I keep block of time where I can concentrate on longer tasks, requiring bouts of concentration. But I know that my other work actually benefits when I force myself to take time out, because a few minutes away from the screen, at judicious points, allows me to step back and recharge a bit.

I know that I’m a little odd in having lots of activities – hobbies, I guess – that I enjoy (I’ve only listed a few above). Other people concentrate on one, and rather than interspersing blocks of non-work time into their day, have these blocks of time scheduled outside their core working hours. One friend I know cycles for hours at a time (his last Strava entry was a little over 100km (60 miles) and a little under 3 and a half hours) – an activity which would be difficult to fit in between meetings for most working routines. Others make the most of their commute (yes, some people do commute still) to listen to podcasts, for instance. What’s in common here is a commitment to the practice of not working.

I realise that being able to do this is a luxury not shared by all. I likewise realise that I work in an industry (IT) where there is an expectation that senior people will be available at short notice for many hours of the day – something we should resist. But finding ways of not working through the day is, for me, a really important part of my working – it makes me a more attentive, better worker. I hesitate to call this “work-life balance”, because, honestly, I’m not sure that it is a balance, and I need to keep tweaking it. But at least I’m not checking my email every minute of every hour of every day.

Recruiting on ability and potential

Let’s not just hire people who look and think and talk (and take exams) like us

This is one of those more open-ended posts, in that I don’t have any good answers, but I’ve got a bunch of questions. I’d love to have feedback, comments and thoughts if you have any.

This week, it turns out is “results week” in the UK. Here, there are two major sets of exams which most students take: GCSEs and A levels. The former generally are taken by 16 year olds, with around 8-12 in total, and the latter by 18 year olds, with 2-4 in total (3 being the strong median). A level results are one of the major criteria for entry into universities, and GCSE results typically determine what A levels students will take, and therefore have an impact on university course choice in the future. In normal years, A level results are release a week before the GCSE results, but (Covid having messed things up), A level results day is Tuesday, 2021-08-10, and GCSE results day is Thursday, 2021-08-12.

Both GCSEs and A levels are determined, in most cases, mainly by examination, with even subjects like PE (Physical Education), Dance and Food Technology having fairly large examination loads. This was not always the case, particularly for GCSEs, which, when they were launched in the mid 1980s, had much larger coursework components than now, aiming to provide opportunities to those who may have learned retained lots of information, but for whom examinations are not a good way of showing their expertise or acquired knowledge base.

At this point, I need to come out with an admission: exams suit me just fine. I’ve always been able to extricate information from my memory in these sorts of situations and put it down on paper, whether that’s in a school setting, university setting or professional setting (I took the CISSP examination ages ago). But this isn’t true for everybody. Exams are very artificial situations, and they just don’t work for many people. The same is true for other types of attempts to extract information out of people, such as classic coding tests. Now, I know that coding tests, when designed and applied well, can do a good job in finding out how people think, as well as what they know – in fact, that should be true for many well-designed examinations – but not only are they not always well administered, but the very context in which they are taken can severely disadvantage folks whose preferred mechanism of coding is more solitary and interactive than performative.

A family friend, currently applying for university places, expressed surprise the other day that some of the Computer Science courses for which he was applying didn’t require any previous experience of programming. I reflected that for some candidates, access to computing resources might be very limited, putting them at a disadvantage. I’ve made a similar argument when discussing how to improve diversity in security (see Is homogeneity bad for security?): we mustn’t make assumptions about people’s potential based on their previous ability to access resources which would allow that ability to be expressed and visible.

What does this have to do with recruitment, particularly? Everything. I’ve been involved in recruiting some folks recently, and the more I think about it, the more complex I realise the task is. Finding the right people – the people who will grow into roles, and become really strong players – is really tricky. I’m not just talking about finding candidates and encouraging them to apply (both difficult tasks in their own rights), but choosing from the candidates that do apply. I don’t want to just people who examine well (looking solely at their academic grades), people who perform well (who shine at coding exercises), people who interview well (those who are confident in face-to-face or video conference settings). I want to find people who have the ability to work in a team, grow the projects they’re working on, contribute creatively to what they’re doing. That may include people who fall apart in exams, who freeze during coding exercises, or whose social anxiety leads them to interview “badly”.

I’m not sure how to address these problems completely, but there are some things we can try. Here are my thoughts, and I’d love to hear more:

  1. Look beyond exams, and rate experience equally with academic attainment
  2. Accommodate different working styles
  3. Be aware that the candidate may not share your preferred interaction style
  4. Think “first language” and work with those whose native language is not yours
  5. Look beyond the neurotypical

None of these is rocket science, and I hope that the recent changes in working habits brought around by the Covid pandemic have already started people thinking about these issues, but let’s work harder to find the right people – not just the people who look and think and talk (and take exams) just like us.

In praise of … the Community Manager

I am not – and could never be – a community manager

This is my first post in a while. Since Hanging up my Red Hat I’ve been busy doing … stuff. Stuff which I hope to be able to speak about soon. But in the meantime, I wanted to start blogging regularly again. Here’s my first post back, a celebration of an important role associated with open source projects: the community manager.

Open source communities don’t just happen. They require work. Sometimes the technical interest in an open source project is enough to attract a group of people to get involved, but after some time, things are going to get too big for those with a particular bent (documentation, coding, testing) to manage the interactions between the various participants, moderate awkward (or downright aggressive) communications, help encourage new members to contribute, raise the visibility of the project into new areas or market sectors and all the other pieces that go into keeping a project healthy.

Enter the Community Manager. The typical community manager is in that awkward position of having lots of responsibility, but no direct authority. Open source projects being what they are, few of them have empowered “officers”, and even when there are governance structures, they tend to operate by consent of those involved – by negotiated, rather than direct, authority. That said, by the point a community manager is appointed for a community manager, it’s likely that at least one commercial entity is sufficiently deep into the project to fund or part-fund the community manager position. This means that the community manager will hopefully have some support from at least one set of contributors, but will still need to build consensus across the rest of the community. There may also be tricky times, also, when the community manager will need to decide whether their loyalties lie with their employer or with the community. A wise employer should set expectations about how to deal with such situations before they arise!

What does the community manager need to do, then? The answer to this will depend on a number of issues, and there is likely to be a balance between these tasks, but here’s a list of some that come to mind[1].

  • marketing/outreach – this is about raising visibility of the project, either in areas where it is already known, or new markets/sectors, but there are lots of sub-tasks such as a branding, swag ordering (and distribution!), analyst and press relations.
  • event management – setting up meetups, hackathons, booths at larger events or, for really big projects, organising conferences.
  • community growth – spotting areas where the project could use more help (docs, testing, outreach, coding, diverse and inclusive representation, etc.) and finding ways to recruit contributors to help improve the project.
  • community lubrication – this is about finding ways to keep community members talking to each other, celebrate successes, mourn losses and generally keep conversations civil at least and enthusiastically friendly at best.
  • project strategy – there are times in a project when new pastures may beckon (a new piece of functionality might make the project exciting to the healthcare or the academic astronomy community for instance), and the community manager needs to recognise such opportunities, present them to the community, and help the community steer a path.
  • product management – in conjunction with project strategy, situations are likely to occur when a set of features or functionality are presented to the community which require decisions about their priority or the ability of the community to resource them. These may even create tensions between various parts of the community, including involved commercial interests. The community manager needs to help the community reason about how to make choices, and may even be called upon to lead the decision-making process.
  • partner management – as a project grows, partners (open source projects, academic institutions, charities, industry consortia, government departments or commercial organisations) may wish to be associated with the project. Managing expectations, understanding the benefits (or dangers) and relative value can be a complex and time-consuming task, and the community manager is likely to be the first person involved.
  • documentation management – while documentation is only one part of a project, it can often be overlooked by the core code contributors. It is, however, a vital resource when considering many of the tasks associated with the points above. Managing strategy, working with partners, creating press releases: all of these need good documentation, and while it’s unlikely that the community manager will need to write it (well, hopefully not all of it!), making sure that it’s there is likely to be their responsibility.
  • developer enablement – this is providing resources (including, but not restricted to, documentation) to help developers (particularly those new to the project) to get involved in the project. It is often considered a good idea to separate this set of tasks out, rather than expecting a separate role to that of a community manager, partly because it may require a deeper technical focus than is required for many of the other responsibilities associated with the role. This is probably sensible, but the community manager is likely to want to ensure that developer enablement is well-managed, as without new developers, almost any project will eventually calcify and die.
  • cat herding – programmers (who make up the core of any project) are notoriously difficult to manage. Working with them – particularly encouraging them to work to a specific set of goals – has been likened to herding cats. If you can’t herd cats, you’re likely to struggle as a community manager!

Nobody (well almost nobody) is going to be an expert in all of these sets of tasks, and many projects won’t need all of them at the same time. Two of the attributes of a well-established community manager are an awareness of the gaps in their expertise and a network of contacts who they can call on for advice or services to fill out those gaps.

I am not – and could never be – a community manager. I don’t have the skills (or the patience), and one of the joys of gaining experience and expertise in the world is realising when others do have skills that you lack, and being able to recognise and celebrate what they can bring to your world that you can’t. So thank you, community managers!


1 – as always, I welcome comments and suggestions for how to improve or extend this list.

3 vital traits for an open source leader

The world is not all about you.

I’ve written a few articles on how to be do something badly, or how not to do things, as I think they’re a great way of adding a little humour to the process of presenting something. Some examples include:

The last, in particular, was very popular, and ended up causing so much furore on a mailing list that the mailing list had to be deleted. Not my fault, arguably (I wasn’t the one who posted it to the list), but some measure of fame (infamy?) anyway. I considered writing this article in a similar vein, but decided that although humour can work as a great mechanism to get engaged, it can also sometimes confuse the message, or muddy the waters of what I’m trying to say. I don’t want that: this is too important.

I’m writing this in the midst of a continuing storm around the re-appointment to the board of the Free Software Foundation (FSF) of Richard Stallman. We’re also only a couple of years on from Linus Torvalds deciding to make some changes to his leadership style, and apologising for his past behaviour. Beyond noting those events, I’m not going to relate them to any specific points in this article, though I will note that they have both informed parts of it.

The first thing I should say about these tips is that they’re not specific to open source, but are maybe particularly important to it. Open source, though much more “professional” than it used to be, with more people paid to work on it, is still about voluntary involvement. If people don’t like how a project is being run, they can leave, fork it, or the organisation for which they work may decide to withdraw funding (and/or its employees’ time). This is different to most other modes of engagement in projects. Many open source projects also require maintenance, and lots of it: you don’t just finish it, and then hand it over. In order for it to continue to grow, or even to continue to be safe and relevant to use, it needs to keep running, preferably with a core group of long-term contributors and maintainers. This isn’t unique to open source, but it is key to the model.

What all of the above means is that for an open source project to thrive in the long-term, it needs a community. The broader open source world (community in the larger sense) is moving to models of engagement and representation which more closely model broader society, acknowledging the importance of women, neuro-diverse members, older, younger, disabled members and other under-represented groups (in particular some ethnic groups). It has become clear to most, I believe, that individual projects need to embrace this shift if they are to thrive. What, then, does it mean to be a leader in this environment?

1. Empathise

The world is not all about you. The project (however much it’s “your baby”) isn’t all about you. If you want your project to succeed, you need other people, and if you want them to contribute, and to continue to contribute to your project, you need to think about why they might want to do so, and what actions might cause them to stop. When you do something, say something or write something, think not just about how you feel about it, but about how other people may feel about it.

This is hard. Putting yourself in other people’s shoes can be really, really difficult, the more so when you don’t have much in common with them, or feel that your differences (ethnicity, gender, political outlook, sexuality, nationality, etc.) define your relationship more than your commonalities. Remember, however, that you do share something, in fact, the most important thing in this context, which is a desire to work on this project. Ask others for their viewpoints on tricky problems – no, strike that – just ask others for the viewpoints, as often as possible, particularly when you assume that there’s no need to do so. If you can see things at least slightly from other people’s point of view, you can empathise with them, and even the attempt to do so shows that you’re making an effort, and that helps other people make an effort to empathise, too, and you’re already partway to meeting in the middle.

2. Apologise

You will get things wrong. Others will get things wrong. Apologise. Even if you’re not quite sure what you’ve done wrong. Even if you think you’re in the right. If you’ve hurt someone, whether you meant to or not, apologise. This can be even harder than empathising, because once two (or more) parties have entrenched themselves in positions on a particular topic, if they’re upset or angry, then the impulse to empathise will be significantly reduced. If you can empathise, it will become easier to apologise, because you will be able to see others’ points of view. But even if you can’t see their point of view, at least realise that they have another point of view, even if you don’t agree with it, or think it’s rational. Apologising for upsetting someone is only a start, but it’s an important one.

3. Don’t rely on technical brilliance and vision

You may be the acknowledged expert in the field. You may have written the core of the project. It may be that no-one will ever understand what you have done, and its brilliance, quite like you. Your vision may be a guiding star, bringing onlookers from near and far to gaze on your project.

Tough.

That’s not enough. People may come to your project to bask in the glory of your technical brilliance, or to wrap themselves in the vision you have outlined. Some may even stay. But if you can’t empathise, if you can’t apologise when you upset them, those people will represent only a fraction of the possible community that you could have had. The people who stay may be brilliant and visionary, too, but your project is the weaker for not encouraging (not to mention possibly actually discouraging) broader, more inclusive involvement of those who are not like you, in that they don’t value brilliance and genius sufficiently to overlook the deficits in your leadership. It’s not just that you won’t get people who aren’t like you: you will even lose people who are like you, but are unwilling to accept a leadership style which excludes and alienates.

Conclusion

It’s important, I think, to note that the two first points above require active work. Fostering a friendly environment, encouraging involvement, removing barriers: these are all important. They’re also (at least in theory) fairly simple, and don’t require hard choices and emotional investment. Arguably, the third point also requires work, in that, for many, there is an assumption that if your project is technically exciting enough (and, by extension, so is your leadership), then that’s enough: casting away this fallacy can be difficult to do.

Also, I’m aware that there’s something of an irony that I, a white, fairly neuro-typical, educated, middle-aged, Anglo adult male in a long-term heterosexual relationship, is writing about this, because many – too many! – of the leaders in this (as with many other spaces) are very much like me in many of their attributes. And I need to do a better job of following my own advice above. But I can try to model it, and I can shout about how important it is, and I can be an ally to those who want to change, and to those worst affected when that change does not come. I cannot pretend that inertia, a lack of change and a resistance to it, affects me as much as it does others, due to my position of privilege within society (and the communities about which I’ve been writing), but I can (and must) stand up when I can.

There are also times to be quiet and leave space for other voices (despite the fact that even the ability to grant that space is another example of privilege). I invite others to point me at other voices, and if I get enough feedback to do so, I’ll compile an article in the next few weeks designed to point at them from this blog.

In the meantime, one final piece of advice for leaders: be kind.