Skip to main content

Leading with “deadlines” during Covid-19

So firstly, we obviously failed at our promise in our first post, i.e. we didn’t post an article every few months. Both of us did contribute to the Leadership Tribe of Hackers book so that makes the failure a little less, right??? 

Anyway, in this post, we wanted to share what we have found to have worked for the Security teams at Riot Games during the Covid pandemic. 

Like Chris Hymes described here, we pivoted early (before the “stay at home” order) to collaborate with IT (and teams across Riot) to ensure there was a secure and reliable “work from home” experience for Rioters. As challenging as this emergent work was, the more difficult and ambiguous challenge arose after-implementation. 

Surely, the pressure was off as Rioters were now able to work from home such that Riot could securely deliver new games, transition to a remote broadcast for eSports, onboard new vendors (to help further with “wfh”) and do their usual day jobs? That wasn't quite reality and, we all soon realised that we didn't know how “working from home during a pandemic”, for a prolonged length of our time, would affect people.One of the first things we realised is that this was not going to be “working for home”, it was something-else and as leaders, we would need to be both patient and understanding with our teams.

As obvious as it sounds, people have different circumstances from living by themselves to living with a family where kids have “school work” (more like crisis-schooling :p ), while some folk live in city apartments but others have a family home with a garden. Some folk rely on work for their social crux, whereas for others it’s the gym or their sports team, all of which are now closed. Ultimately, we fell back on a simplistic lens:

People > Product > Tech

Here's a summary of the some things we did (that seem to be working):

  • Over-indexing on communications.
    • Especially on our “fun, no work” channel :)
  • Sharing ups and downs.
    • Telling people that you are also struggling and discussing where things have gone wrong is both incredibly important and 
  • Try to do non-work and non-craft things away from the screen.
  • Do things as a team (video games obviously but more significantly, team syncs over video conference).
  • Visibly logging off and taking time off (with no work comms), especially important as a leader:
    • You can't lead if you're not rested yourself.
    • Some folk worked reduced hours during the recent Spring Break (in the US)
    • People actually took time off when they saw leaders taking it off, versus not when they were simply being encouraged to take time off.
  • De-prioritising some objectives to give the team breathing space. People like goals so they can have a "sense of achievement", but at this time, they already feel overwhelmed and mental health should be the priority.
  • Shared “wfh” tips from people who had been working from home for years. Two simple and effective but surprising tidbits:
    • Change rooms for meetings occasionally if possible as it really breaks things up.
    • Give yourself 5 minutes between meetings, walk away from the desk. This will enable you to context switch as opposed to powering through hours of consecutive meetings.

Examples of over-indexing on (electronic) comms:

  • Sending a weekly Corona update, with an emphasis on self-deprecation and personal experiences.
  • Being vocal about things that don’t work - e.g. letting people know what’s not been easy, explaining the challenges and acknowledging personal failures (be honest about your vulnerability).
  • Individually reaching out to see how people are, while also encouraging others (not just team leads) to look out for their teammates.

Tangentially, if you’d have told us that we’d have 8-12 weeks at home a few years ago, we all would most likely have planned on ramping up tech-wise - reading papers, doing some courses or finally learning Go/Rust/something hipster :-/  I personally have found such activities difficult to focus on and as such I am doing less mentally taxing stuff rather than working on my (InfoSec) craft:

  • Working reduced hours to support my family during home crisis-schooling
  • Home improvements that I’ve been staring at for many months (amazingly rewarding with the sense of completion and almost meditative)
  • Building a small gym and working out over Zoom with friends
  • Old-style games or jigsaws with my kids
  • Tried to cook a little more (wasn’t hard to improve from zero here)
  • Video Conference Calls and quizzes with family/friends
  • Dabbled in the garden (hysterical efforts)
  • Evening walks/bike rides
  • Catching up on TV series that I never had enough time to watch

In the end, the world has changed and we don’t know what situations our team will face when this ends or how we will solve these challenges.

However, in the current scenario, we want to ensure that our team is supported throughout and that when we don’t have to “stay at home”, they are rested and somewhat prepared for that return. With that in mind, don’t be too hard on yourself or colleagues and if you do one thing for your team, “share and check-in”. 

#Moved from my old site - securityleadership.ninja - originally posted on 2020-04-25.

Comments

Popular posts from this blog

MongoDB Authori(s|z)ation

Introduction Having answered numerous questions on the new and old authori(s|z)ation within MongoDB, I thought I'd write a short blog post explaining how things work as there seems to be some confusion. What's New Prior to version 2.4 , there was a very basic sense of "Role Based Access Controls" (RBAC) within MongoDB as there were only two roles - read readWrite which is quite limited. For example, if the user has "readWrite", that user is essentially "root" and the user can add/remove users as well as inserting data into the database, i.e. there is no role segregation. Version 2.4 added in the following 3 core roles - userAdmin dbAdmin clusterAdmin with a notable extension such that there are now 4 roles that apply across all databases - readAnyDatabase readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase This increased RBAC is a significant improvement from a security perspective in MongoDB. It is imp

Being a Support Engineer @ 10gen - Part 1

There's a mis-conception around the role of a "Support Engineer".  As a clue, it's not what Urban Dictionary   says   - A person whose job is to answer calls from customers of a small- to large-sized company...... They are teathered to a their desk all day via phone headset........ phone jockeys usually hate their jobs.......they are are paid well enough..........until they completely burn out, and hate everyone.   and doesn't always involve this - Image Source: http://half-bakedbaker.blogspot.ie/2009/11/cannoli-and-broken-computer.html As you can see  here , there's lots of open roles in  10gen  and more specifically with 10gen, in  Dublin . I thought I'd write this quick blog to explain what Support Engineers actually do and why I joined 10gen as a "Support Engineer". I could be wrong but didn't Google come up with term " Site Reliability Engineer " to do away with the stigma associated with being a

Separate MongoDB Syslog by Facility

In my last post , I showed how you can set up MongoDB v2.2 to syslog its logs off to a remote syslog server. As my `tcpdump` snippets show, the syslog messages hit the syslog server tagged as "user.info", which means that they're assigned to the "user" facility with a severity level of "info". I've received a few questions regarding the possiblity of splitting out syslog messages by facility, however, as everything is currently sent to a "user.info" bucket, so-to-speak, this is not possibility. There is a current feature request for this capability and work will be done on this but if this is important for you, I'd strongly encourage you to vote for this feature. In the meantime, however, (whilst not ideal) you can still do some host filtering with rsyslog as outlined here .