Category: Social Working

One Foot in Front of the Other

BobbieLeave a comment

One of the things I do to relax – particularly when I need the hands to be doing something (e.g., knitting project, cross stitch project, etc.) is “watch” YouTube. I have a handful of subscriptions but the ones I’ve enjoyed most of late are History Hit and the “Tech Support” series from Wired. The most recent one I watched was with a polar explorer, and I listened as he answered questions from a wide selection of forums.

In answering one of the questions, he started talking about a time he was on day 4 or 5 of a 50-day solo expedition – this guy legit goes out there with a tent and a stove and assorted gear and no one else — and he lost his iPod. (His white iPod, in the snow and ice, the irony of which was not lost on him). It meant that for 45 days then — if he was to continue — he was alone with his thoughts. No podcasts, no music, etc. This was disheartening and he had to park himself for a bit to work through a mental impasse; he ended up using his satellite phone to call a friend who in turn talked him through how to deal. Then he continued, for the remaining 45 days, with only his thoughts. As he put it: he started by putting one foot in front of the other, for a thousand feet, and just kept doing that.

I will not even pretend that anything I do in life is that hard. There’s not a chance. I can still take a lesson from it.

If you are at this moment a corporate worker bee of some sort, you are watching very likely as coworkers get Reduced in Force, as the job market dries up, as we are increasingly asked to do more with less in the name of Efficiency and Cost Savings. AI, whilst somewhat useful for the basics, hasn’t (yet, knock wood) really replaced human capability (barring the impression it has from some CEO’s). The more load you pile into a machine — think of increasing the number of pages you put through a shredder each time — the more bogged down it gets, the less productive it is, or feels.

It’s review season again where I work, meaning that each person sets aside a nominal period of time (some do this in 20 minutes, some do this over agonizing hours) to identify their *impact* over the last 6-ish months. Not delivery.

You can have a lot of delivery with little impact. If you ship a bunch of code and no one uses it, you had a lot of delivery, and not much impact. If you write a lot of docs and no one reads them, ditto. You can mop the floor six times a day 7 days a week but if no one is walking on it there’s not much impact. I’m not even going to pretend that this is in the sole control of the worker bee: oftentimes we are directed to Do the Thing and if your boss tells you to Do the Thing you Do the Thing because capitalism and rent and groceries.

Whereas you can *feel* like you’ve delivered relatively little but had serious impact. It’s a bit of “proving a negative” but if you are beating your head against a wall with a project and making only the slightest headway, *but still making headway*, that can be impact – because you’ve either found a way to NOT do it again (hey, document that so others can learn) or you’ve blazed the trail and figured out how it was supposed to go, so others can find it easier (and hey document that too). *Someone* had to do it first, and it wasn’t going to be easy. It’s also not what we normally think of when we think impact.

Dollars. Views. Customers. Reduced time to X. We tend to think about impact in objective numbers and quantitative measurement. There is also room for qualitative feedback and the value of pivoting. There is value in slogging through things but, and I want this to be copiously clear, there is no value in slog for slog’s sake, and having to repeat a slog. If you’re the first one to explore and slog, share that out so it’s less of a slog. If you find yourself slogging through the exact same stuff with the exact same people, it’s time to convert that into impact – pull back/up/out and figure out how to break the cycle (if you can).

I am equally not going to pretend that it’s that simple – there are and will be situations in which you’re told to do the thing because you were told to do the thing, in spite of objective evidence that there’s a better/different/impactful way. The best you can hope for there is a workplace that apparently rewards delivery, vs. impact. If you’re very very lucky, you have an environment, resources, and work community that lends itself to impact over delivery.

And in the meantime, you put one foot in front of the other for the next thousand feet.

Do Your Updates, Part II

Bobbie1 Comment

Firstly: a new Apple iOS update is out for phones/pads/Macs, and you want to take it *as soon as possible*. Not only does it have a zero day in it, that zero day is under active exploit. This means that a problem is/was identified before a fix was identified (zero days to fix) and professionals are already abusing it (under active exploit). Granted, the typical target of these things are journalists, government officials, etc., but also folks working at corporate offices. Maybe even you.

One of the questions I have fielded since Do Your Updates is best distilled as “why can’t developers do it perfectly the first time”. Aside from the unrealistic expectation that an engineer not be human, there’s a few reasons for this.

  1. The biggest vulnerability in any system *is the humans* and it’s not just the humans building the system, it’s the humans *using* the system. Phishing and social engineering – those emails asking you to click a link urgently or telling you “here’s your PayPal receipt” for a transaction of several hundred dollars (designed to make you panic) are phishing. Social Engineering is more like the person calling you on the phone saying they’re calling from Chase to verify a recent fraudulent activity and asking you for things like your passcode, to verify a 2FA, etc. These methods rely on the target feeling *vulnerable* and have a sense of urgency.
  2. Code evolves and so does technology. There was a time where a very strong password was sufficient to guard your stuff — but then we had data breaches. So then we added 2FA (second-factor authentication, e.g., when you get a text with a code to support your log in) — but then we had SIM swapping. So then we added MFA (multi-factor authentication), physical YubiKeys, etc. etc. — for each fine cat, a fine rat: engineers on the malicious side are not resting, so engineers on the corporate side cannot, either.
  3. We talked about packages and post-deployment vulnerabilities in Do Your Updates. That is still a thing.
  4. There are *a lot* of ways an attacker can poke at the platform or the code:
    • They can insert things into text boxes for forms that interrupt the inbound form contents (e.g., the text box in which you give your feedback on a thing) to try to get into the database in which those contents exist (this can go by a variety of terms and also has a variety of methods, one of which is called SQL Injection and is/was the first thing I learned about cybersecurity, aside from “never share your password”, back in 2002).
    • They can do something called a “brute force” attack which is just like it sounds: employing a variety of clients to just pound the ever-loving crap out of any intake on a site to either force it to give up/let you in and/or just take the site down (Ddos: Deliberate denial of service). 2FA helps with this but so does throttling (making it so that only so many requests are allowed before it locks you out), or Captcha/Re-Captcha. Except now AI can pick out all the parts that are a “motorcycle” in the image, even if you can’t. And so now engineers have to figure out the difference between a less tech savvy person reaching for their paper-written passwords and typing those carefully but incorrectly into the little box, vs. an AI acting as such.
    • They can code up sites that *look* like the site you want to go to and the URL even looks like the site you want to go to — except maybe instead of a “O” it’s a “0” in the site name. You go to the site that looks legit, that the engineer has scraped/copied the design from a legitimate site, and you type. your login as always. Because it’s not the real site, it tells you “oh gosh we need to verify it’s you, please type in the 2FA code” and instead of you sending that code to the real site and doing a real authentication, you are providing that code to the attacker so they can go log in as you.

AI is also not going to solve our security problems — it will make them harder to (as malicious folks have access to AI, too)– but it can help. AI can be used to detect anomalies faster (in most cases you don’t have to tell your bank you are traveling as it employs AI to figure out whether or not that was you booking a 7 night trip to Cancun or not), or even predict patterns for exploits. When it does, it will not be replacing the engineer or even making what the engineer does perfect. This dance does not end.

So do your updates.

Burner

BobbieLeave a comment

I recently had the opportunity to travel internationally, and to test a few things. Namely, using a “burner” phone.

To be super clear: it is very hard to do this perfectly and I did not do it perfectly. We’ll discuss some hypotheticals further down, but I felt the need to start with that. This was a test, it was only a test, and it went pretty much how one could expect it to.

Why

There’s a lot of discourse in the media about phone confiscation, personal privacy, etc.; this shows up in articles hearing about journalists being issued “burner phones” or the advice to acquire one yourself before international travel. I wanted to see firstly how that would work and secondly, frankly, if I would actually need it. I am not the target demographic for the sort of privacy harassment (yet?) that would require a burner phone (I am not a journalist and I hold no real position of power) so the likelihood I was going to have to hand over my phone to a Cellebrite was small, but not zero. How painful, then, would a burner phone experience be?

Who

This phone was just for me, in my private travel, to talk with about ten people in two countries. The number, once acquired (see “How”), was shared with those people via What’s App and/or Signal. The phone wasn’t used by anyone else during this period.

When

The actual phone was acquired about 3 weeks before my trip which, with life being as busy as it is, did not leave me much time to set up the necessary infrastructure. The plan was to have it set up pre-trip, test it a bit, and then evaluate it for the trip.

How

There are the “right” ways to do this for “ultimate privacy” (and I put that in scare quotes for a reason) and then there are the “okay” ways to do this for like 80% of scenarios, and I went with that one. Firstly, you have to acquire a phone. You could, for example, revive an old one of yours or a family members’, or purchase one off of Swappa. I did the former, but for “perfect” you would ideally do a cash deal off-record for someone else’s phone. Once you have the phone, you need to install a phone plan. You could, in theory, get a prepaid phone plan through a different carrier and in some cases they don’t actually require an ID (as long as you’re paying with cash and/or a prepaid Visa card) but note that everything, on some level, is traceable. There’s cameras at the phone store, there’s call recording for the wireless provider, etc. I didn’t bother with that, I just added it to my current plan.

I will note here that adding a phone to your plan immediately gives it some tether to you. The phone, when added to my plan, got “my name”, and anyone with a warrant, or really good phishing, could probably divine that this “Bobbie Conti” on the phone plan is related to that “Bobbie Conti” on the phone plan. They can also then probably get that other phone number, and my address, which in turn means they would know already quite a bit about me. BUT, the *phone itself* doesn’t impart all of that – in order to get there you need to do that “hop” and either that warrant or phish. Moving on…

If you have an Apple phone – and for security reasons I prefer them – you are best placed to get an iCloud account, so you can load apps and suchlike. For that, you need at least an email address. For a Google email address, they like it if you have a backup email and a phone number for 2FA. So the phone comes first, but where do you get the 2nd email address? Proton mail. Armed with my new Proton mail, and then my phone number, I got a Gmail account and wired that all up to the Burner. Great! I now have a phone, with the ability to load apps, text, etc., that on the surface level isn’t “me”.

A really, really driven person would have gone to a public forum of some kind (e.g., Best Buy when busy and using their demo machines) and used their computer to set up the Proton Mail account, then gone to a second one several miles away to set up the Gmail account, and so forth. I did none of that, but I did use a VPN on the machine that I set them up with. That said, Google almost certainly was able to figure out it’s me, since the machine I logged into was the same machine I use my personal Gmail (note: my gmail is my spam hole and I do not use it for anything important).

From here I did some final tweaking and followed some basic principles:

  • I removed location services from all the things – including even weather.
  • I deleted a bunch of apps I did not need.
  • I installed Signal. Yes, What’s App was on there, too, but if one has to choose one chooses Signal.
  • I did NOT load up any other accounts (emails, etc.), and absolutely did not tether any cards/payment forms to the phone.
  • I brought my own chargers, charging cables, etc. and never hooked up to public USB, nor to any bluetooth.

This left me with a phone I could use to search the internet (Duck Duck Go for the win), send texts/Signals/WhatsApps, and… that’s about it.

A truly driven person would probably purchase, with cash, some Visa gift cards, load those up in the “wallet”, would add in one or more VPN’s, and would almost certainly have not used What’s App. I know what they say about What’s App being private. However, What’s App *can* read your texts if a recipient requests them to, e.g., if you’re getting reported for fraud or abuse. If they can do that under that circumstance, they can certainly do it under others. Additionally, What’s App shares data with other Meta products, so if you are traveling with others who use those, the proximity tracking (and more if those folks are your friends and taking pictures in which you may be, *tagged or otherwise*), it’s not much for them to figure it out.

What

What happened was an exercise in frustration for me, and not much else.

Not having access to “tap to pay”, location services (hello maps!), etc. meant for a substandard experience to the one I could have had, had I had my phone. Instead I relied on others and/or visual directions, and physically pulling out my card to tap it. It also meant I wasn’t getting health tracking benefits, etc. If I had been on a trip by myself and not with friends, the maps/location piece would have absolutely driven me nuts.

The phone itself received generic text message phishing (in this case offering a job), allowed me to text the group I was in, and that was about it. There was no case in which it was compromised, invaded, etc., and there was no indication that someone or thing actually cared about it (other than me). It’s hard to prove a negative, and as I said earlier, I’m not that important :).

The final curiosity was to see if it were to get plugged into the aforementioned Cellebrite on the return trip and… it wasn’t. Not a hint of it. In theory, an Apple phone equipped with Signal and not voluntarily unlocked is fairly “protected” (thus far) from Cellebrite forensics but nothing lasts forever and I would imagine that Cellebrite, having preemptively declared victory in the past only to have to walk back their words would, in future, not advertise a capability until proven. Still, the plan had been to see if any of the account information stored on the phone (with the new emails, etc.) were to show up elsewhere post-plug-in.

Addenda

You could fit the “what ifs” and caveats in this scenario into a small football stadium.

If the concern is a government acquiring the data to do things with it (whatever one might imagine those things to be) then it should be noted that so much of our data is available to JUST ANYONE at any time it’s scary. With a first name and last name, you can search court records, find addresses, see property tax records, etc. With a social security number (which, erm, the gov’t gives you), you can run a credit report, know where someone is banked, and (if again you are said government) know their income and income streams. The things the government would need a warrant (purportedly) for would be specific financial transaction information, and possibly what calls were made at what time and to whom and for how long. If one is to believe the news of the early oughts, the NSA is already listening in anyway. What is left, then, is texts to/from the device itself, the contents of which you have and the person to which you texted have; and either can be forced via warrant.

The other concern is non-government entities or government entities that are not your own and, in my case, again, I’m not that important :). I would imagine the same holes in the process apply to those, if not more. I also generally ascribe to the notion one should not say out loud anything one is not willing to defend in court or another public forum.

The core scenario in which we hear about burner phones (e.g., journalists) are different from mine – I don’t imagine journalists using tap to pay from a burner phone in the middle of a war zone and I don’t imagine foreign officials using said burner phone to send sensitive messages (or if so I imagine some sort of Mission Impossible self-destruct smoke thing happening). For their sakes I hope it works, but my own scenario is nothing so dire.

One should remember the name here, too: a burner phone is so named because when it ceases to be useful and/or is compromised, you burn it; the real purpose of a burner is to get a message from point A to point B and then discard it, hopefully with no traceability back to your thumbs.

You can donate to Signal here.

You can donate to Reporters without Borders here.

Ripping

BobbieLeave a comment

Ask any sewist or person who works with fabric what their feelings are about their seam ripper, and they will either tell you it’s complicated or that it’s their favorite. Most of us think it’s complicated.

A seam ripper is a little tool with a sharpish-hooked edge that you use to rip seams (“it’s that easy!”). “Ripping” sounds more violent than it is — it cuts through the threads that hold the seam together whilst (mostly) preserving the fabric on either side and is used for either letting you take something that wasn’t right for you and make it right for you, or for tearing out a mistake.

In knitting, if you have to do that it’s called “frogging” and it’s where you yank the yarn free of the needles and, row by row, disassemble the knit into an unwieldy pile of yarn.

For the most part, NO ONE is having a good time doing these things. At the very best, these are an impedance to actual progress, a necessary correction on the way to doing the thing you actually wanted to do. More often, they are an admission of error, and a painstaking reminder at that. By the time you are frogging or ripping seams, you are watching as you undo dozens, perhaps scores of hours of work. It hurts.

At the very least, though, you have control – you can choose to let the seams stay as-they-are, or you can choose to undo them and refashion them into something you want — but you choose. If you’re one of the thousands laid off last week — or millions over the last year — you didn’t get to choose (or likely didn’t). You have been forced into a Very Large and Very Painful change.

I’ve got some older posts on the practicalities of handling this situation but for the most part they do not address one of the more problematic aspects: what if you’re old?

I speak as someone who is “old”. At least, considered “old” in the workforce for technology: this year I will be 52. With the power of hair dye and wrinkle cream and soft focus and carefully applied makeup I may still be “looking” mid 40’s but the reality is I’ve been in the corporate workforce now for 32 years.

Mind you, “age” isn’t a problem for the person who has it. *I* think my brain works just fine, thank you (or at least as fine as it did some 10 or 20 years ago), but the perception on the exterior could be that I am not as “fresh” as someone younger in career, or as “raw”. (Why do we use phraseology for candidates that we would for produce?). Older folks who have been hit by the layoffs are going to have a harder time getting a new job, and that can mean a forced early retirement or a forced early cliff in finances, neither of which sound great.

The irony is, of course, that we need people to be working as long as possible to support the infrastructure our government uses to support the *really old* people. With the largest generation — Boomers — retiring, the more of us Gen X-ers that can be kept in play, the better off “the system” will be. Gen-X has more in common with Millenials in terms of why we stay at a role, and while I don’t necessarily agree with everything in this infographic, I do think that our generation’s skeptical approach to most things — rebranded as “critical thinking” by the time I got into the workforce properly — is and proves to be quite useful.

Which is not to say the pain is solely borne by us “semi-olds”. Millenials are still paying off student loans while trying to hold a mortgage and save for their kids’ college. Gen Z are coming in with student debt and skyrocketing housing expenses. Getting yoinked out of your job, and also your health insurance, with no notice, is catastrophic. Sure, the unemployment rate — even today — isn’t as bad as it has been (the Great Recession and COVID both created huge spikes), but that is cold comfort to the person evaluating their current situation in what is hopefully a “garden leave” period.

This could be a post that tells one impacted to “buck up”, refashion that resume, pound the pavement, work your network, etc. There are plenty of those posts. This post is to acknowledge it sucks, and for some in a specific stage and circumstance, even if eventually they do get something bigger and better, it sucks hard.

Controlled Ascent

BobbieLeave a comment

Decompression stops can be needfully boring.

When scuba diving, if you go past a certain depth, you have to “stage” your ascent every so many feet for a period of time, so you don’t get the bends when you surface. I have a high regard for my own skin so I don’t quibble with this and will sit at a decompression stop for however long it needs be; and sometimes just a bit longer.

In the mid-2000’s (somewhere in there, the memory is fuzzy) I was on a dive trip with friends in Mexico, and the order of the day was to dive with Hammerhead Sharks. I love sharks; I think they’re graceful, efficient, and I enjoy their variety of size and shape and color. Shark diving? Sign me up. (Just none of that “let’s chum the water and put you in a cage” stuff). To dive with the Hammerheads, you have to go deep-ish. If I recall correctly, we were clocking in somewhere between 120 and 160 feet. For reference, a Basic Open Water certification will get you certified for 60′, and part of that certification requires you do a “free ascent” – meaning you take one breath at 60′ down, and then ascend (carefully exhaling the whole way) for 60′ without taking another. So we were a little deep.

I remember the decompression stop had me holding on to a guideline from the boat, probably the anchor line. My dive buddy was slightly below me on the wire and in the open water, the only view was the vast blue of the ocean; all the sharks were at depth. It was quiet, it was peaceful, it was … utterly boring.

For however long of a decompression stop I had to be at that place, I was staring out at blue nothingness, literally forced by physics and physiology to stay in one place and do essentially nothing but breathe. I was still “on the job” — the dive was not complete, it’s not like I could nap or anything, but I was, at least a little bit, removed from the “work” of the dive. In 20 years of diving, this is the only decompression stop I remember.

I write this from Arizona, visiting my parents, and it is NOT boring, but it is a decompression stop, for me, from work. I’m not 100% off, but I’m not 100% on, either.

Inasmuch as I would like to be 100% off, I need this decompression stop, before surfacing and heading into a real vacation; I have a hard time letting go of work things, and need to double check multiple times for my own sanity: did I finish this thing? Did I pick up this ball? Did I put this to rest, or at least to rest enough to wait for the New Year?

Somewhere along the way to now, I started taking the day off before a trip and the day off after, to allow for a similar staged decompression: it’s not like you’re still on vacation those days, rather, those are the days you set things “to rights” so you’re ready for the next stage. Piles of laundry and an empty fridge and hundreds (if not thousands) of emails feels rather like the bends otherwise.

My advice, therefore, is this: do your decompression stops. They can be boring, you may feel afloat, you may not have the ability to immediately communicate to your buddy and you may be eyeballing your air, but they are needful.

Competition

BobbieLeave a comment

I am very competitive, and I don’t compete with you.

I realize that may be an aggressive statement so allow me to explain I’ve just had an epiphany, one marked from extremely privilege and pique, and I’m not particularly proud of it but I’m glad I know it.

My Apple Watch died. (I realize this is a privilege problem and it just helped me understand a little more about myself.)

In 2018 my husband got me an Apple Watch, because I had been using a Fit Bit reliably for years and am a sucker for metrics: how many steps, how many miles, how many runs. When “challenges” would get posted in Map My Run or in peer groups (e.g., run 1 mile per day every day for 365) I would happily accept. I’ve been tracking my food in MyFitnessPal for years too (yes, I’m aware that this gives Under Armor a ton of data about me). If I can measure it, I can improve it.

I am not fanatical about it and a couple of bouts with COVID and associated other health problems have clapped back, but for the most part, I have led a life, in the last 15 years or so, of “how much better can I get” (nestled against the reality of physical and mental limitation).

A couple of years back I upgraded my watch and was able to “keep my streak” — the Apple Watch has fitness rings that accrue information about how often you stand, how much you move, and how much you exercise — and you can extend the limits of those rings as appropriate. It also includes a monthly challenge that appears somewhat tailored to you based on your recent metrics. There is a monthly “award” for moving a certain amount each day every day.

It also provides a bunch of other metrics one can rathole on, such as VO2 max (lung capacity), an Oxygen saturation sensor (which is okay), and a heart rate monitor (which is excellent and I over index on it regularly). You can augment some of this data through other methods (e.g., Map My Run) but for the most part, this all hinges on having the watch.

My streak is broken. I have only “feelings” to judge if I really pushed myself in my workout yesterday, I have only “feelings” to judge if I slept well (I feel like I did), I have only “feelings” to judge if I stood enough yesterday. I don’t like it. (Yes, a fix is on the way).

That these metrics mean *nothing* to anyone else is absolutely the point: they mean something to *me* and I miss them. I use them to judge improvement and progress, and without them I’m looking at a space in my graphs. It’s annoying.

What I do not miss, and I never used, was the “competition” feature. There’s a feature in the fitness app that allows you to “compete” with a friend, by sharing your stats. I’ve never used it, even though there’s an easy-to-get badge for it. In a world where I love getting badges for badge’s sake (heck I even did Yoga to get the International Yoga Day one), in the five-ish years I’ve had this watch I’ve not once competed with a friend. I don’t like to compete with other people.

I’m not running down competing with other people, for other people. If you’re into a sport or chess or running for office or any number of professions, competition is real and cogent. It is a zero-sum game; there can only be one gold medal or one Governor or what have you. In those cases, the competition is not set by *you*, it’s set by whatever rules/governing body exists: e.g., we can have only one Miss America because those are the rules of the Miss America Pageant.

I do not have to operate in any environment where that is the case, which is great, because I do not *like* to.

I cannot control what someone else does/did do/will do; I do not like spending the mental energy trying to game out all of the solutions of a human’s behavior. Why should whatever *you* elect to do influence what *I* do in any way? You want to go for that promotion? Go for it! You want to go run that half marathon/marathon/Ironman/etc.? You go! You want to run for office (any office)? Enjoy! And count me out: I seek places where I can improve me and I can improve the things around me, but that improvement should not come at the expense of someone “losing”.

There is an interpretation where I could be considered to compete and that is At Work, come Review Time. (It’s not called that – the process of impact evaluation at my work is called One Thing, and the process by which it is rewarded is called Another Thing). The realities of work budgets are that there is a fixed sum that can be distributed amongst constituents and in a world where Money is the clearest signifier of Appreciation then that can be considered competition: if I get an extra dollar, someone is losing a dollar.

But I’m not deciding who that someone is, and I’m not looking at all of the someone’s and “plotting” my next moves with that in mine. My assumption is I have my charter and the things I need to do and the things I can improve, and everyone else does, too. If I land what I need to land and what I set out to, great. The very best-case scenario is the person who has to do the Evaluating has a Hard Time. But *I* don’t have to do that evaluation, that’s Somebody Else’s Problem. *I* am not competing, someone else is *comparing*. We are not running the same race or playing the same game because our tracks are different, and our hurdles are tailored to us; I don’t have to obsess over how I’m going to be better at you than a Thing because that Thing isn’t even in my wheelhouse or on my radar.

When it comes to competing with myself, though, I’ve just lost some key data sets, and until I get it back, it’s going to be hard to distribute rewards. I am used to having all of that so easily, because of this watch.

And now my watch has ended. (I’ll see myself out).

Change Management, Part II

BobbieLeave a comment

Following up on the earlier post, as I have had Spare Time TM courtesy of a bout of COVID.

The Ripple Effect

I failed to mention previously that Big Changes tend to have ripples, and much like when you throw a rock into a pond and then another rock shortly after it the ripples sort of crash into each other, creating other ripples, is how post-major-change ripples go. For example: you have broad reorganization A – let’s say whole departments move, charters move, Big Changes happen. That’s the first rock.

As the ripples from the first rock stretch out to other parts of the water, things in that part of the water get impacted — in this case, there’s the tactics of administrating to a reorganization (changing of cost centers, migrating of resources, identifying process or people gaps, revising projections, etc.) and then there’s the tactics of reacting to a reorganization (I had guaranteed funding from your team to do X, you have gone through a reorganization, is my dependency on you at risk). After enough buildup of these ripples, it often comes to management’s (correct) mind that another reorganization is needed, to account for the things that weren’t immediately derived or attended to with the first one. This “aftershock” reorganization is typically smaller, more nuanced, and often has better details worked out (direct reporting lines, accounts for previously identified gaps, etc.). Perhaps pedantically, this aftershock can breed additional, smaller aftershocks (or, additional, smaller ripples) that eventually calm down as they extend through the system. Depending on what time of year The Big One hit, the Little Ones can extend 3 to 6 months afterwards.

Driving To Clarity

The unloved but absolutely necessary job of the shitbird.

I’m sorry, there’s no better way to put it, although LinkedIn me wants to change “shitbird” to “change facilitator” or something; the bottom line is that oftentimes the people who have to drive through the stickier parts of the ambiguity pursuant to a reorg (particularly when we are talking about things like charter, support, keeping programs running, transfer of knowledge, transfer of understanding (those are indeed two different things), and so forth) are incredibly unpopular because we are often the ones pointing out the un-fun things to be done. For example, if the reorganization of people and charter does not equate to a clean reorganization of resources, there’s typically a lot of tedious work in identifying which resources go where, which ones can’t move until they’ve been reviewed, etc. In a world where development teams are already stacked with features and fundamentals work, the tactics of a reorg often present an unfunded mandate and are not usually expressed in cost of hours (e.g., this reorganization equates to N developer hours spent on the tactics of the reorg).

Note I do not say “wasted”. The time spent inspecting and enabling a reorganization to be successful is *not a waste* if done transparently, with understanding of the purpose of the reorganization, and in good faith. Like any effort, there are costs to that effort; the overall reorganization ostensibly results in greater long-term efficiencies, development or productivity. There is a short-term cost, however, and I’ve yet to see any reorganization actually attempt to size the cost and get better at sizing and predetermining the costs associated.

Tactics vs Strategy

Thus far all of my conversation here has been about “tactics” because the reorganization itself is the output of a strategy decision, and the implementation and administration of the reorganization is all tactics. But should it be?

I’m fairly certain that my company is not the only company to regularly shift resources, assets and charter in a near-constant effort to get better: we are a for-profit company and like sharks you either swim or die. We spend money on things, we want to be as efficient as possible for the best possible outcome, and ostensibly every reorganization is made with that goal in mind.

In a world where this is the case then it occurs to me that, by now, there should be a playbook for these things: how to determine the lines of the reorganization, how to pre-identify some of the impacts (both proactive and reactive), and most of all size the costs associated. Those costs need to be juxtaposed with the previous planned expenditures and weighed accordingly – you cannot absorb the impact of moving a thousand people around with no delay in production or productivity; to do so is either specious or obtuse.

One could argue that we cannot get to the impacts of the proactive/reactive tactics to a reorganization because the people who tend to understand these pieces best are too close to the ground – they cannot be trusted, in advance, with the knowledge of the pending changes enough to provide sizing of impact, and so it’s better to let the reorg roll and then “just deal with it”.

If you cannot trust your team to size things in advance, that’s probably a signal to pay attention to. Let’s ignore that for now, because that’s not what we’re talking about here (but we will, later).

You can have some aspect of both worlds.

The Strategy of Shuffle

Working with the fait accompli that a reorg is coming, you cannot (for whatever reason) pre-plan the reorg transparently with your organization, and you have to land the message and then pick up the pieces: approach it as strategy.

Because this isn’t the first one of these you’ve done, and it won’t be the last.

Playbook

If you don’t have a playbook, build one. Literally start building one by capturing the experience of the pain of the tactics of this reorg:

  • What were the hardest parts of the implementation?
  • What were the things you didn’t plan for?
  • What were the things you planned for that didn’t actually happen? Or didn’t turn out the way you thought?
  • How much time did your team actually spend implementing the reorganization?
  • What projects for that period ended up being delayed (either directly or indirectly)?
  • Did any of your KPI’s suffer?
  • Did your OKR’s have to change?
  • How did your employee satisfaction scores change before/after/6months after 12 months after (for those who were part of the cohort before and after)?
  • What volume of attrition could you directly or indirectly tie to the reorg?

You’re already having to absorb the tactics of the specific reorg you’re undergoing right now, you may as well track this while you’re at it.

Sharing

As you’ve captured all this information, be transparent with it – share it with your team, share it with your management, share it with your impacted peers, share it with your leadership. None of these things should be sensitive and every single one of them is useful.

“None of these should be sensitive? What if my KPI’s suffered? What if our employee satisfaction scores suffered?”

I would argue that it’s likely anyone seeing this data already has access to it — it’s not unusual for employee health scores to be shared out semi-or-annually, OKR’s and KPI’s by their very nature are shared in a Measure What Matters context, and I guarantee that regardless of what they wrote on their “going away/changing roles” email everyone knows why someone left the team or company.

The transparency and sharing of the data facilitate conversation, they facilitate awareness, and most of all they facilitate the ability to identify areas to improve *next time* — because there will be a next time.

Benchmarking

If you’re thinking, “hey it looks like you’re gearing up to say now that I’ve measured all this and documented it, I should benchmark and improve” then ding! go to the head of the class. Because that is exactly what you (I, anyone in this) should do. If for no other purpose than your own for the next time you go through one of these, to better set expectations and understand the volume of work, and to better approach the tactics of *that* reorg, record what it took last time and use it to inform your experience the next time.

Forecasting

Obviously if every impacted team did exactly this then that would be a heck of a conversation with leadership about (and accrued body of data to inform) the strategy of reorganizing. Armed with the data of the costs pursuant to a reorganization (in time, developer productivity, attrition) vs. the benefits (in strategic pursuit, overarching delivery, etc.) leadership can make better informed and more surgical reorganization decisions. Specifically, armed with data about implementation times — e.g., if Reorg A took a really long time to implement because the volume of entrenched and shared resources was particularly gnarly to tease apart — then when approaching the next reorganization leadership can cast an eye in that direction and ask their middle management (who will be better informed on this aspect but also ostensibly in the Circle of Trust, or at least enough to help message the reorg) to size the effort for this bout and/or adjust their reorganization plans accordingly (move more/fewer people, move more/less charter, etc.).

In turn, much like any development effort, the management team can identify predictive costs of the reorg (if we do X, it will use up about Y productivity, and potentially impact Z project, to N degrees), avoiding many of those unpleasant conversations (or worse, handwavy conversations without any actual data attribution) that happen 6, 8, or 12 months down the line when we’re collectively trying to figure out why something did or did not happen.

Perfect vs Good

A quick note here about perfectionism: it’s good in small doses to get you directionally better at things. It is not a good management philosophy or philosophy to apply to any sort of “benchmarking and improvement” endeavor, which I would posit the Strategy of Reorgs as. Which is to say:

  1. Your first round of reorganization benchmarking will not solve for All the Cases.
  2. Your first or even second set of impact metrics will not be enough data to create a predictive model, but will be enough potentially to suggest correlation.
  3. The practical upshot of this exercise is to fractionally minimize the pain and/or volume of expense with each go.

It’s not going to be perfect, ever. You are welcome to aim for perfection; understand you will oft settle for good.

Which is better than settling for nothing at all.

Change Management

BobbieLeave a comment

Author’s note: I had to go back and read through this blog a bit because I was certain I had already talked about this, but it turns out I’ve only dallied around the edges. Time to hit it head on.

I’ve been at my current company for about 8 years, meaning that if I stick around for another year (likely) it will be the longest time I’ve ever been at one company (and, should I stick around another year after that, the longest time I’ve been consecutively in the same approximate management chain/position). We just underwent the largest reorganization I’ve ever been through.

When a reorg happens, one or more of at least three things can happen:

  1. Your manager changes.
  2. Your reporting chain changes.
  3. Your charter changes.

Any one of these can be disruptive and when they happen it’s a good idea to go through and do that risk assessment, “Do I want to be here/Do I want to do this”. I advocate doing that assessment on a twice annual basis (or however often you have formalized reviews/checkpoints of your career at your company) anyway, so in my case, this assessment was about a two-minute exercise.

Once you’ve picked your stance, you then have to pick how you’ll approach it. As a manager, my first responsibility is to my team to make sure they have what they need to 1. do that risk assessment and 2. act on their plans outbound from their risk assessment. It’s also to make sure they get the answers they need to the questions they have, and to make sure they are supported. My second responsibility is to my charter: I am here to do a job (and it is not volunteer work, I am well paid) so let me focus on that job.

Which is why when a major reorg happens, I am probably not the best person to ask about “how I am feeling right now”. I put that in quotes not because I don’t feel anything, but because any emotional reaction I am going to have about the change will not hit until all of the change is managed and is *complete* — meaning, until we are all comfortably in our new place doing our new things as defined the new way, I am still in “change management” mode and my focus is to *get things done*. One of the defining criteria of leadership at this company is the ability to manage through ambiguity and my ability for that is to work consistently until there isn’t any.

This is all well and good until you work with someone who expects you to want to talk about the emotional reaction to the reorg, to have sentimental lookbacks, to “wallow” in the unknown a bit, or (and this is the one that grates the most) you have to work with someone who is “ostriching” — ignoring the change and hoping that things will just “stay the same”. That last shows up in things like being willfully obtuse, or pretending like the decision today will not make a larger impact four weeks from today; it’s the opposite from “I see the vision of the future and I want that future right now” (which to be fair is also pretty annoying — you have to traverse the interim between the two, you have to *do the work* to close out the old world and prepare for the new one).

Unfortunately, the way many folks deal with change are to either ostrich or to do that “assumptive time jump”, and so when you are the person who points out you can’t really do either and you must traverse the A, B, C, and D between the two, it can be perceived as unfriendly or adversarial. Which sucks, because the intent is to get through that sludge as quickly and efficiently as possible, not to reinforce the discomfort people are feeling with that change.

The problem is even though I’m aware of it I can’t really turn it off, for two reasons: 1. I’m literally paid to make sure we actually do the things we’re supposed to do, and 2. I’m fundamentally wired this way. Case in point: when my mom died. My mom died of vascular dementia and acute arteriosclerosis in April 2020. We found out she had this in December 2019, her having hid the dementia (and associated health issues) behind an alcohol problem and a refusal to share any health information with us. By the time she got through the first of two surgeries it was clear that we were in the end of the book, and by the time we had to engage Hospice there wasn’t any pretending anymore. This is change and that change bridges between the old world (Mom is “fine”) and the new world (Mom will not be here). And in that world, I felt helpless, because unlike this in-between space I have at my job, I couldn’t do anything. I wasn’t a doctor, a nurse, a hospice person; I had no job to do in this space except sit and wait. I could bring blankets and chocolates and have nonsensical discussions and on the side work through the endless paperwork; but these were things I could manufacture for myself to do to at least feel like somehow, I was contributing.

It’s a pretty stark comparison to take a major life event and compare it to something so trivial as a job; I draw it only to reinforce that this is a “me” thing and not a “me at work” thing and it’s a thing I have to balance.

I’m therefore in this weird space between Old World and New World where I want to focus on the steps to get from A to Z but I’m dealing with folks who want to pretend we’re in “A” for ‘just a little longer’ and folks who want to get to Z ‘right now’ and I’m the shit bird who has to point out there’s 25 steps to do first and the more time people insist on wallowing the less time there is to do those effectively.

In terms of energy expense, I think the main difference is that for these other folks, their mental energy expenditure is the stress surrounding the change and what that could mean for them/their charter/their vision; for me, the mental energy expenditure is the practical approach to get it done. Which is why on my Insights profile I get things like “Bobbie needs to be reminded of the humanity in others.”

So really, I have to manage myself through this change.

Unplug

BobbieLeave a comment

TL;DR: Use your paid time off if you’ve got it.

There’s kind of a lot going on in my world right now, a conflux of “things we should have known better” and “things we had no idea would happen”; as my job is professional Anvil Spotter these things touch me in one way or another. (Typically: “Yes we saw that anvil, here’s proof we saw that anvil, here’s how we will duck out of the way of said anvil”, or, “Nope, didn’t see that anvil, but here’s how we dealt with a similar anvil, and here’s how we’ll keep from being under this anvil next time”.) So far none of the anvils have landed but there’ve been some close calls.

What this means in a dynamic, hybrid work environment is a finely controlled chaos. In a meeting talking about interpersonal dynamics the other day a graph popped up to show all the interaction capabilities in a group of say, six people — and it’s factorial. Which means that if you have six people then Person A can have a “group” with all 5 other people, or 4, or 3, or 2, or 1, and as you whittle down the numbers the combinations increase as to which people they can be interacting with. Which in turn means that a group of “six” people is actually something like 720 “groups”. Which is why at the end of the day you and I and everyone are exhausted when working on a “small group” project (never mind 3 or 4).

The privileged luxury I have is to be able to take a break. This break has been like a few others where I’m actually not completely removing myself (even though that is/was the stated purpose) from work, but it is a departure from my normal work habits and a drastic reduction in the amount of mental involvement and time spent in front of a machine (for work). It’s that last that gets to the crux of it – the same machine I would log in to for fun or just routine access to docs and such, is aligned with my work. I can remove work notifications from my phone relatively easily (without having to remove the apps) but removing those from my Outlook, for example, is a bit more of a project. Thusly I’ll log in to say, update my grocery list or check in on something outside of work and I’ll see the little red bubble and it will entice me to go pay attention to that Teams chat or email. These sporadic check ins are not as tiring as a full day of work but are, as you can imagine, not as relaxing as one completely departed from it.

The fact that I *also* stacked this “break” with my to-do list of non-work stuff makes it feel like less of a break — car maintenance, catching up on house stuff, etc. means that my eternal fantasy of sitting on the couch systematically eating the marshmallows out of a box of Lucky Charms while watching Jaws and Aliens still eludes me.

That said, this “break” still provides respite and is necessary to ensuring that when I do officially return, I’m a sane, practical, rational person, whose job it is to identify anvils as they hover. The takeaway here for you, is to use your paid time off.

FOMO (Fear of Missing Out) is a thing – and probably drives some amount of “nah I’ll just take a break later”. It’s not necessarily fear of missing out on the fun stuff, though, but rather fear of missing out on crucial information to a given project, or the nuance in a meeting, or having the time to catch up on XYZ technology, or getting your administratea done. The objective horror of coming back to literally hundreds (thousands) of emails can also be a deterrent. Much as lying down without sleeping can offer an incomplete yet still valid rest, so too can be the “break” with a teeny check in here and there. In my case, the little red bubble will not be too scary when I return.

Does this sort of “semi break” take the place of a real, honest to goodness, vacation? Heck no – no more than that 20 minute beanbag loll takes the place of 8 hours of sleep. But it can give you the respite you need to keep going until you can get to the *real* break. Just remember to actually take that real break. I’m scheduling mine shortly… you know, while on this one.

Linked Out

Bobbie1 Comment

I have, as of right this moment, reached my tipping point with some Bad Behavior on LinkedIn — from “professionals”. I’m not talking about your coworker who posts political stuff or that link from 3 jobs ago who posts pictures of their kids’ graduation — spare me the “LinkedIn is not Facebook” drama; I understand that but can scroll by those posts just fine on the “let people live” principle.

I’m talking about proactive outreach that is ostensibly about opportunities, that is not in fact about opportunities. These actually really waste time, and not just the recipients’ time. They waste your time, recruiters and business opportunists. They make me think less of your organization. They make me less likely to consider your company and/or “opportunity”, ever.

I’ve grouped these broadly into four categories. If you’re thinking about doing any of these, please count me out.

The “Come Apply for This Completely Irrelevant Role” In Mail

In this one, you get the semi-form letter that says “Dear [your name here], I was looking across your resume/LinkedIn profile and think you’d be perfect for [their job title here]…” and then goes on to list the benefits of their organization and how to get in touch with them. So far, so good. Here’s where the red flags come in:

  1. You are pitching me for a level that I have exceeded by at least 3 stages and/or haven’t been at in 7 years.
  2. You are focusing on a skill set or keyword that is not in the last 10 years of my job history.
  3. You sent me this same mail 30 days ago, 60 days ago, 90 days ago, etc. and at that time I sent you a polite, “thank you, love where I’m at right now, might consider new options *next year*”.
  4. You are identifying a role or a skill set that appears nowhere, not anywhere, and in no way in my history. Like ever.

Looking at you, Major Seattle Tech Company, Major California Banking Company, Major Seattle Tech Company, Major Seattle Tech Company, and Major Silicon Valley Tech Company.

When I get these, they tell me either your algorithm is borked and coming from a tech company that’s probably not a good sign, or that you aren’t using an algo and your recruiters are so desperate they’re legit just looking for any name whatsoever to send a mail and make some sort of number/incentive, which is also not a good sign.

The “Come Join Our Advisory Board as a Way to Give Us Cash” Opportunity

Admittedly I fell for that this morning, and it wasted 30 precious minutes of my life and also probably someone else’s. Here’s how this one happened: I have, on my LinkedIn, that I’m looking for opportunities in the nonprofit sector specifically in board support – either as member of a board or of committees (as I already am and have). Life is precious, time is precious and so I’d like to spend my ephemeral existence trying to help improve things. In this case, I got a mail for an advisory board role opportunity linked to a local educational endeavor, one I’m actually close to. I accepted the 7:30am call (because sure!) and the day before the call I got a link to “more information”.

Cue the red flags.

The first three pages of “more information” is/was the usual stuff around board support — this is what we do, this is what we need, these are the kinds of support. Then it got into phrasing like, “Work with the design team to select the format best suited for your organization and budget. Each activity and discussion will focus on your industry and company needs. Start your corporate program with as few as 30 employees…” which… somehow read as a sales pitch? For a board role? I responded to the invitation asking for clarity and, got none.

Here’s where I made my mistake: I attended the call. I should have taken the non-response as “we don’t want to answer that right now”, either because it would mess up people’s target call numbers or perhaps the plan is to get people emotionally invested in the first five minutes. Regardless, I attended the call. The inviter was five minutes late (fine) and after some initial small talk when I brought up my question about the “hey what kind of board role is this”, after some very scripted speech the ask was to start talking more about me and what I’m interested in. I was frank, “That’s another red flag for me; you shouldn’t need to know more about me or what I do in order to let me know how the board advisory opportunity squares with the language around organization and budget.” After some initial clarification, what came out is that prospective board members are expected to actually participate in the program the board advises on, to the tune of $5k (oh! but for special people it’s only $2.5k).

I have no problem donating money to nonprofit organizations and do so, on the regular, for ones that I do and do not participate in directly as a board member or advisor or committee member. This bait and switch, however, means that I would re-think any fiscal donation to the educational institution whose name shares this “opportunity” because this “invitation” feels like a scam, and frankly if anyone comes asking me about it, I will share with them my concerns and experience. I mean, if you’re looking to drum up cash just say so, don’t obfuscate it with a theoretical opportunity to actually advise or help.

The Come Use Our Irrelevant or Superfluous “This As A Service” Service

I work for a Very Large Company. There are a few Very Large Companies on my resume and that’s normal as I like the stability of Very Large Companies – you can move around within them without having to renegotiate health insurance sign ups, for example. When I get a LinkedIn email asking me if I want to consider using your HR services to administrate my HR needs, though, it sounds really tone deaf. Like somehow, I’d have the power or the inclination to bypass my existing company Human Resources organization (which is pretty darned great) and just– somehow use your company for my team? I understand when people offer contracting services — that makes sense, I’ve hired contract services before so that is normal — but when I get solicited for things like payroll services it is just a time waster — the precious minutes of life gone, reading that email.

The “Here Let Me Help You Even Though You Didn’t Ask for it and I Don’t Know You or Anyone You’re Linked To” Service

Executive Coaching. Financial Management and Estate Planning. I do not know or understand what the algo is here but I get one about once a month of someone offering to be my coach or manage my money. On one hand, good for you! Go get ’em. On the other hand, I wish LinkedIn offered us the ability to flag that we are not open to business opportunities. We have for example the ability to say we are “Open To Work” (for recruiters — which is not the case for me and I still get the pings), it would be great to opt out of “business opportunities” or better yet opt in to the ones we are looking for.