This post is from a series of post I am writing about my first year as CTO, you can find here part 1 and part 2.
The concept of not doing something is something we all know, many people pay for an house cleaner or a baby sitter exactly to avoid doing those chores.
What are we buying when we buy those services? A clean house?
No, we buy for free time. We buy the freedom of doing something else.
So when asking yourself “should I hire an IT specialist to manage the company laptops?” you could say “yeah sure we got the money” or “wait a minute, can I make this go away?”
And this is extremely important when thinking about doubling the size of your team with a tight budget.
Standardization beats automation
One widely accepted rule of technology companies is that people work best when they are free to pick and choose the way they work and which tools or hardware they want to use.
I used to agree with that, intuitively it makes perfect sense! Just throw money at the problem, it will make people more efficient and you will get your money back!
Except that nobody realizes the impact of those choices downstream.
Let’s take a couple of the most common areas of friction in technology companies.
Let’s start with the team backlog.
I have witnessed first hand how beatiful it was to be in an environment in which every team could choose their backlog tooling, ranging from physical backlogs to Jira, and everything in between.
Beatiful until you start asking yourself simple questions like “How do I move a story to another team?” or “How do I connect the backlog to the Git repository, or produce a Software Bill of Materials for the US federal government?”
As engineers our answer is almost immediately “Let’s automate that” and maybe even propose to have a team to support internal toold. But if you stop and think the right answer is “The atlassian cloud is a business process manager that has a million plugins out of the box and no need to have a dedicated dev team”
It sounds less sexy, I understand, but today with Jira and Confluence we can have backlogs connected to Gitlab and our QMS automatically, using the Tempo plugin we can track and partly automate the tracking of WBSO and essentially pay to make all those complicated regulatory problems just go away.
Another argument I heard often was the choice of laptop provided, someone wants Windows, or Mac or Linux; maybe a Dell or a Mac but a very specific type of Mac of course. And for Linux I want my own distro and I don’t care that it doesn’t play nice with anything in the office.
The decision I personally made was to say “We provide everyone with top of line Macbook Pro but you get no freedom to choose otherwise”. It might sound harsh but it freed us from doing a number of things:
Onboarding instructions, no need to have multiple versions for it;
Software procurement, it works on Mac, that’s enough for us;
IT maintanance, standardize procedures to solve anything, use Apple Care for problems.
And most importantly, we didn’t choose this to be cheap, our laptop are bloody expensive, but we think that the extra money is better spent on hardware than on paying someone to manage the mess.
Outsource your security
Ok outsourcing security sounds stupid, I admit it but bear with me.
As a startup there is no way you can be better than the big players out there and the world is a scary place. We need to be ISO certified and have a huge responsibility to keep very important personal data safe, if we had to build a security department internally the investment would be impossible to sustain.
Luckily it’s 2022 and there are plenty of services already provided for you, in particular we partnered heavily with Google, we went all in. As I said in another article, if you go cloud it makes no sense to not go all in.
We chose the direction of Zero Trust https://cloud.google.com/beyondcorp both with Google Cloud Platform and Cloudflare.
Same for the corporate accounts, instead of making stuff up we chose to rely on Google Identity and make it part of our procurement process when it comes to new software. At that point using hardware MFA or other stuff is just a no-brainer.
We also chose to pay the extra (a big extra) subscription for Gitlab, so we could use the security scanners embedded with the tool to ensure we ship safe software.
All those subscriptions are not cheap, they are quite expensive, but they are an order of magnitude cheaper than having to maintain your own solution for the next 10 years.
Budgeting for not doing something
But how to justify the expense? It’s easy to put all those software into the bucket of IT expenditures, like Salesforce or Workday, but I don’t think that’s correct.
You should take that budget from your hiring budget, you are paying someone so you don’t have to hire a person.
This is a better way to think about it.