Articles by Jacob Kaplan-Moss
Probably Are Gonna Need It: Application Security EditionJacob zooms out from code-focused security and gives guidance on a few must-haves for any company that handles user data.
- How Managers Should Respond to Defensiveness After Feedback
Defensiveness after feedback is a common issue managers face. It can include arguing, not changing behavior after feedback, or avoiding conversations. • Before addressing defensiveness, managers should check if their own feedback was appropriate and specific. • The first few times an employee is defensive after feedback, managers should let it go and focus on the future behavior change they want to see. • If the defensiveness continues, managers should continue addressing the specific behavior issue. They can escalate to giving systemic feedback about the pattern of defensiveness. • Managers should give the same feedback multiple times to give employees opportunities to change. • If the behavior does not change after systemic feedback, managers should involve HR and consider termination. • Taking feedback well is part of an employee's job, and persistent defensiveness is unprofessional. • When giving feedback about defensiveness, managers should focus on specific behaviors and future changes. • Managers should avoid arguing with defensive employees and keep the focus on the desired future behavior. • Using role power and stating consequences can be appropriate when an employee disagrees with feedback standards.
- My Software Estimation Technique
Jacob proposes an estimation technique that captures both time and uncertainty. He recommends breaking down work into smaller tasks, estimating uncertainty levels, calculating expected and worst case times, refining estimates as needed, and tracking actual times to improve future estimates. The key is to choose a system and stick with it so you can calibrate estimates over time. While there are other techniques, capturing uncertainty is critical for effective estimates. Evidence-based scheduling, where you track actual times from the start, can be highly accurate but requires stable teams and long-lived projects.
- How to Build Trust
Jacob provides concrete strategies for building trust with one's team as a manager. He emphasizes that trust is built over time by consistently demonstrating trustworthy behavior like following through on commitments, providing honest yet constructive feedback, and giving credit to team members for successes. Asking permission before providing feedback or suggestions helps equalize the power dynamic. Maintaining transparency about company matters while respecting appropriate confidentiality in one-on-ones also fosters trust.
- How to Delegate Meeting Attendance
Jacob offers specific and tactical guidance on how to delegate the responsibility of attending a regular meeting.
Psychological safety in the InfoSec industryJacob offers three root-causes behind a lack of psychological safety in the security world. For each, he gives concrete ideas on how to combat this on your team.
- Software Estimation Is Hard. Do It Anyway.
A four-part series that acknowledges all the challenges of software project estimation and offers actionable advice for pursuing excellence this notoriously hard skill.