Next MBA Cohort Starts Monday, July 6th, 2026

Review Pricing and Join the Cohort

CTO Academy Logo
Log In

Category: Technical Strategy

  • Year In a Worklife of a Scale-up Chief Technology Officer

    Year In a Worklife of a Scale-up Chief Technology Officer

    Recently, we had Emily Castles, CTO at a scaling start-up, Boundless, joining us for her fourth CTO Shadowing session. She reflected on their journey over the past year and, by doing that, provided an exclusive look into the challenges of a scale-up Chief Technology Officer who has to recover from severe financial cuts and consequent team losses.

    Rebuilding the Teams

    A year before, the financial cuts at Boundless affected product and tech teams. The product team especially suffered and was reduced to virtually nothing. At that point, of the original eight team members (a full development team with a product manager), only she and one other developer remained.

    Having finally recovered from a period of downsizing and uncertainty, Emily focused initially on rebuilding the teams. 

    Now, the common scenario in start-ups is that employees have to cover areas outside their imminent scope of work. Emily quickly realised that, due to the specific nature of their products, they also needed a dedicated customer support person to offload work from HR and Payroll. With that addition, things finally got moving again. 

    Measuring Success in a Changing Landscape

    As the company scales, the CTO requires more concrete metrics to measure success. In Emily’s case, they’ve implemented a company scorecard to track key performance indicators (KPIs) and gain a clearer picture of the company’s health.

    The key metrics they were monitoring at this stage were:

    • Velocity
    • Customer engagement
    • Customer incidents

    Of course, it took a while before they got in a position to actually measure success. It is just one of the realities of being a CTO in a scaling start-up. Security, data protection and onboarding new (big) customers were priorities. So at that point, measures of success were qualitative. 

    However, after implementing a company scorecard, they ended up with 15 metrics, measuring success and accountability weekly with a 13-week testing period. 

    Her immediate challenge was to define product metrics. One of them was the velocity measure. In Emily’s experience, this was the best place to start even though it’s not the best tool for measuring productivity. 

    The second one was the service-specific customer engagement metric; in other words, it is custom-made for the type of services Boundless is offering, and it should resolve the issue they had in the past where they didn’t really know if people were using people or products to solve the problem. Its purpose is, therefore, to measure the number of operations happening on a customer level while interacting with the product.

    The final metric, this time from a project perspective, was customer incidents.  

    Besides measuring CSAT and NPS, Emily required insight into operational mistakes (eg, mistakes in payroll, a signed contract that has to be undone and redefined, bugs, etc.). The purpose was to immediately identify glitches in the system and improve the product/service. 

    You never know whether the thing that you’re about to measure is going to be right until you go and do it.  — Emily Castles, Boundless CTO

    As a scale-up CTO, you must always acknowledge the challenges of maintaining a culture of honesty and transparency as the company grows and the SLT becomes further removed from day-to-day operations. The emphasis must therefore be on open communication and public feedback channels to ensure visibility into potential issues. In practice, this means that if there’s a security incident (eg, breach) or anything like that, there should never be any kind of admonishment. You don’t want people sweeping problems under the carpet, after all, do you? 

    Third-Party Integrations and Outsourcing

    The immediate goal Emily is trying to achieve is eliminating the need to enter every information twice. Customers are putting a lot of data in their own systems, and then they have to put it into the Boundless systems as well. Granted, the company has various ways to pull data from one system to another but integrating with third-party HRIS systems seems like the best solution. So it has been a priority, but she’s struggled to identify the most critical problem to solve to decide which of the available solutions would be optimal.

    Another thing she’s currently evaluating is whether to use a unified API or integrate directly with individual providers. After all, the company plans to grow and a unified API might impose certain limits. 

    Emily is also considering outsourcing some aspects of the project, but she wants to keep core development work in-house while allowing external developers to work on the edges of the project.

    Operational Expenditures and Internal Tooling

    While operational expenditures haven’t been a major focus due to the company’s funding stage and relatively low operating costs, as the CTO, she is increasingly looking for ways to streamline internal operations and reduce the need for additional headcount. 

    As a part of that effort, she’s exploring no-code/low-code platforms like Retool and Microsoft Power Platform to build custom tools for internal teams.

    Quarterly Retrospectives and Looking Ahead

    Emily found the quarterly retrospectives with colleagues to be a valuable exercise, providing a structured opportunity for reflection and feedback. They also appreciated the external perspective and different language used in these sessions compared to internal meetings.

    Looking ahead, she is focused on continuing to scale the company’s operations and product development efforts while maintaining a strong culture of transparency and collaboration. She is also excited to explore new technologies and approaches to streamline internal workflows and improve efficiency.

    In the original shadowing session with Emily Castles, we explored the challenges and considerations of a CTO in a scaling start-up. It detailed topics such as:

    • Rebuilding and managing a development team
    • Implementing metrics and scorecards to measure success
    • Integrating with third-party systems and potential outsourcing
    • Managing operational expenditures and exploring internal tooling solutions
    • The value of retrospectives and external feedback

    As always during these sessions, attendees had the opportunity to ask questions and share knowledge and experience. So if you haven’t already, sign up for CTO Academy Membership to not only draw from the experience of seasoned technology leaders in different industries but to offer your own unique perspective. 

    Key Takeaways

    • Building and maintaining a strong team is crucial for success. Emily emphasised hiring and retaining skilled developers and a product manager to drive product development.
    • Metrics and transparency are essential for effective scaling. As the company grows, implementing clear metrics and maintaining open communication channels become increasingly important for monitoring progress and identifying potential issues.
    • Exploring new technologies and approaches can streamline operations. In Emily’s case, it involves investigating no-code/low-code platforms and other tools to improve internal workflows and efficiency.
  • Quick Guide to Understanding External Driving Factors of Technology Strategy

    Quick Guide to Understanding External Driving Factors of Technology Strategy

    This guide explains the main external driving factors that could influence technology strategy – from start-ups to large enterprises.

    As you will soon learn, your technology strategy will, ultimately, reflect the landscape in which your company operates. For example, if it’s on a growth trajectory or repositioning, then it’s going to address its weaknesses.

    External Driving Factors

    External Driving Factors of Technology Strategy - infographic summary
    (click to download/enlarge)

    Going Multi-Region (Common Strategy)

    Even today, many things do not support proper localisation or internationalisation. Just consider the fact that we still force people to enter their first and last names when two-thirds of the world don’t have that concept.

    So the basic information and how it’s categorised can become an issue. Additionally, a lot of suppliers don’t support that kind of internationalisation as well. It is a soft spot in every tech strategy.

    Mergers and Acquisitions as Significant Factors

    As you can imagine, there will be a lot of overlapping systems. The first thing we must decide is which ones we want to keep.

    Two seemingly similar systems are, in fact, different because each company operates differently. And that’s going to affect your technology strategy.

    Take, for example, Microsoft’s Dot.Net and merge it with a Linux-based company. Such a merger would cause a myriad of problems. In such a scenario, you, as a technology leader, must evaluate each option and decide what goes and what stays. Because, in the end, you want your strategy to be clear, simple and easy to follow.

    Rebalancing Between a Group

    As a rule of thumb, on a group level, every division has its individual tech strategy and tech stacks. However, major decisions are made on a group level. As you can imagine, this can create significant friction and cause major delays in optimisation and synchronisation between group companies.

    One way to tackle this common problem is to take the initiative and pitch/propose a specific strategy/tech to a group – with a promise of driving it.

    The issue you can expect in a group rebalancing scenario is resistance to adopting new technologies or, on the other hand, reluctance of multiple teams to switch to a single (common) tech.  

    Here, you need a tactical approach, especially if you’re considering more risky technology choices. What you need is a group of people who did due diligence or, even better, used it so you’d have tangible arguments.

    Considerations when choosing a new technology:

    • What level of assurance do I have?
    • How does anybody use this in production?
    • Is there anyone in any of the teams that have already used it?
    • What are their experiences?

    Dealing with the legacy tech

    The first thing to do in this situation is to understand who thinks it is a legacy and for what reasons.

    There are instances where people flag the tech as legacy just because they’ve depreciated it on a balance sheet. It’s an accounting view.

    Sometimes, it’s depreciated because there’s a competing in-house technology standard, only they can’t decide which one to retire. So they simply flag one as a legacy.  

    Or the system has been around for a long time which, by no means, makes it a legacy.

    What are the determining factors that could make a system potential legacy?

    It’s legacy if it has some problematic features that do not exist in a new substitute tech. For instance, tight coupling, invisible business logic, it isn’t easy to read and understand, returns unusual business results and similar.

    So how do you decide to retire a system or extend its use?

    STEP 1: Find out who could potentially raise an issue if you switch it off.

    STEP 2: Understand what exactly a system does.

    STEP 3: Interview users to get feedback.

    Remember, every time you try to flip a legacy system, you always run the risk of running out of goodwill and funding. If there is strong resistance caused by fear, it’s better to stop. Because if you don’t have support, it won’t matter how great your tech is. They are not going to adopt it.

    Cost of Transition to a New Technology

    We will take cloud services as an example here. The big promise was that the cloud would be cheaper. However, that’s not exactly the case. It can get really expensive really fast. Because, unlike data centres that have a limit on a number of servers, clouds enable you to keep provisioning new things and never turn them off.

    As a rule of thumb, large companies never turn things off because nobody is managing the systems.

    Now, from the technology strategy perspective, you should choose a single provider instead of trying to build redundancy on several systems just to have that safety net.

    The choice, ultimately, depends on the volume metric projections, the overall cost and potential compatibility (eg, if you have Microsoft products in your environment, the integration of active directory will go smoother on Azure than on AWS or GCP).

    TIP: If you don’t have an explicit function that looks after your cloud operations and finances, you’re going to have to set that up and make sure that you stay on top of the cost of your cloud provider.

    Skills Availability

    The availability of skills in your market is another important decision-making factor. In some instances, you will have to choose technologies that are more widely adopted to have a larger pool of available skilled workforce.

    Remember that you can always check the TIOBE Index to see what technology is trending.

    Summary

    TECH-INFLUENCING EXTERNAL DRIVING FACTORS

    • Going multi-region, multilanguage:
      • Inadequate suppliers’ support for internationalisation
    • Merger, acquisition:
      • Overlapping systems, difficult to decide which to keep
      • Scalability issues
      • No compatibility between flagship technologies
    • Group rebalancing:
      • Different tech strategies between divisions
      • The tendency toward popular technologies and big suppliers
      • No synergy
      • Technological monoculture, high resistance to new tech
    • Cost of transition to a new technology
    • Skills availability

    These are the most common external drivers that will influence your technology strategy. Module 3 of our Digital MBA for Technology Leaders, consists of over 20 lectures explaining technology strategy and business goals. Starting with alignment to value drivers, planning and, most importantly, execution.

    So far, over 400 technology leaders have taken our course and they all agree on one thing: it provided them with the comprehensive knowledge required to excel as a Chief Technology Officer.

  • Aligning Tech Strategy with Business Goals – Discussion Panel Summary

    Aligning Tech Strategy with Business Goals – Discussion Panel Summary

    An important part of each module in our Digital MBA for Technology Leaders is a discussion panel where a group of experienced tech leaders dive deep into critical problems of senior technology management. Here, we are bringing you a summary with key points on the subject of Tech Strategy and its alignment with the company’s business goals.

    Is Tech Strategy a Common Weakness in Companies?

    It sure seems like there’s often a big misalignment.

    There’s a challenge with technology leaders understanding the business strategy and being able to translate that into what their team and their function need to do.

    Because of that, we get misdirection. The tech goes on one tangent while the business is on a different one and the alignment is not happening. The tech strategy or product strategy is simply not aligned with the business.

    How to solve misalignment?

    Technology leaders and other members of the management team need to have compassion for technology and each other and understand all the pros and cons.

    In the majority of strategy documents, technology doesn’t deliver on what strategy needs to be.

    Strategy is supposed to focus our minds and say, these are the critical few things that we’re going to put all our energies against.

    More importantly, these are things we’re not going to do. 

    It is rare to see tech strategies that say we are not going to do this or that. As a result, lows of focus bled out doing wild goose chase stuff, which technology is particularly great at.

    It’s great at burning time and money on things that will not move the business needle at all.

    And the other part is that technology strategy is often something that seems to be communicated upward to the board.

    However, there are a lot of Staff Managers, Senior Engineers, Heads of Development and even VPs of Engineering who have no idea what the technology strategy was that was presented to the board last week. 

    As a result, alignment is not just happening.

    Whose fault is it?  

    Is it the fault of the technology leader? 

    Well, there are different types of leaders. Some that manage upwards, some that manage downwards and some that don’t manage at all. 

    So it depends on the specific context. The general opinion is that the one who pays your wages and who are you most afraid of (ie, who generates your anxiety) is probably going to show where your focus should be. 

    Consequently, a lot of leaders just create things.

    And it is often too difficult to cross the chasm, like trying to explain it to people who are doing the day-to-day job.

    You’re running systems or you’re integrating systems, trying to get the relevance of what’s happening in the board room and that strategy and translate that into something relevant for those people.

    It’s time-consuming and hard.

    That’s why a lot of people just give up and say, you know what, I’m going to protect my teams from this nonsense and I’m just going to do a document.

    It’ll keep the owners happy.

    It’ll keep the board happy.

    And we’ll just carry on.

    The problem is that you’ll find yourself in a pickle sooner or later when a senior leader goes, “Hey, hang on a second. Didn’t you say you were doing all this stuff? I was just talking to somebody in the hallway and this doesn’t seem to be happening.”

    Therefore,

    A strategy needs to be communicated at multiple levels and be reinterpreted on every level.

    There could also be monetary incentives to understand the tech strategy of the company and to figure out how it interacts with some departments.

    In other words, to improve the way we communicate tech strategy to individual departments (ie, how it affects them, why it’s important for them), there could be a monetary incentive attached to that, depending on the organisation, the structure or the product.

    A lot of things are going to depend on that.

    One of the main issues is that Chief Technology Officers and tech leaders in general aren’t being allowed or just aren’t on boards of companies, which is affecting the strategy coming from the top down. Consequently, communication is failing from the bottom up and from the top down.

    Here’s an example of this.

    An outfit that was a retail bricks and mortar was moving online to e-commerce and it was a sort of bolt home, so to speak. It was one of the larger players in that particular industry.

    But there was some serious competition, particularly one company which was founded by people who have technical backgrounds.

    The latter put technology front and centre in their strategy and are now the largest in the industry, in the United Kingdom. Just because they use the technology correctly.

    It does not matter that some of them were technologists. They simply embraced technology and made it work.

    Younger generations aren’t quite as afraid of technology as older ones. That’s the positive side.

    The negative side, on the other hand, is that we’re still going down alleys, promising stuff that may or may not deliver anything, particularly things like Blockchain or Metaverse.

    We’re chucking all this stuff in and it’s just going to ruin our reputation again.

    Because we’re just trying to make sure that technology works and we deliver all the business.

    How can emerging tech leaders make a difference?

    There is a kind of negative feedback here about what’s going wrong. We’ve got these emerging tech leaders, some of whom are already in senior positions.

    So where and how can they make a difference?

    How can they change the dynamic of what is going wrong in these various scenarios?

    For a starter, make sure your voice is heard while spending time understanding the business.

    In other words, don’t do tech for tech’s sake.

    It is okay to buy something.

    It is okay to knock something up and give it a go.

    It doesn’t need to be perfect.

    But it needs alignment with what your business is trying to do rather than the latest fad.

    If you can then communicate that well in all directions and spend the time communicating it, it’s as simple as that in terms of getting it right.

    Some of us tend to over-index on communicating the tech strategy and going over it again and again with teams or peers, believing that we’ve done something wrong. We think that we should’ve been doing something fancy. But it worked and it helped with alignment.

    So that’s the area where tech leaders need to spend their time.

    How different levels of tech leaders might be able to have an impact?

    Not every tech leader is on the Board of Directors.

    This article explains four ways technology leaders join Boards.

    So the question is, if they’re not on the board or they’re not able to have a direct voice in that strategy meeting, how do they make themselves heard?

    In essence, it’s a campaign trail so you probably need a running mate. On top of that, you need to do an awful lot of video conferencing with people to get the point across, making sure everybody understands your tech strategy. 

    That way, they feel like they have an input. 

    Hence, it’s about the human field.

    Strategy is as much about this as it is about numeric. You do need numeric and you do need it short, you need it punchy, you need it simple, but you also need to have that human thing going on.

    There are other potential stakeholders — operations especially — where technology is a super leverage point for them.

    So the other point is that simplicity is the key.

    There are so many strategy decks, which are war garble, just pages of PowerPoint.

    Here’s a concrete example. 

    There is this company in the holiday sector that owns holiday parks.

    There’s a huge amount of increased uptime, reduced cloud costs, and all these typical things that we’d see in their tech strategy, but there’s one thing missing that can bind that business together. And that would be reducing queues.

    You see, holidaymakers hate going to holiday parks and standing in line for ages.

    This is where this particular company can utilise technology as a key leverage point. 

    Unfortunately, that idea is regarded as an operational problem which doesn’t make much sense. Instead, there should be a technical strategy strand that says we are going to reduce queues.

    And how are we going to do that?

    We’re going to produce booking systems that enable people to schedule the park’s tools and features online while, at the same time, allowing us to check people in and deal with their requests and, thus, reduce failure in, for example, discounts.

    So it makes it tangible and real for people.

    Now, not every business is fortunate enough to house such a physical context, but if you can get something short and sweet and say, boom, this is in strategy, then it also enables you to say that’s not in strategy.

    And that’s the critical thing because your job half the time is to go around saying, “Why are you doing that again?” 

    Managing inevitable anxiety

    For a lot of people, it brings anxiety when they need to go and speak with their CTO. It makes them nervous. They automatically assume that this is a person who knows everything and we have no idea how to talk about it.

    So how in the world are you possibly going to go toe to toe with them when it comes to tech strategy?

    The root of that anxiety is simple: you don’t know how to confront your lack of knowledge about a particular situation.

    On the other hand, for a lot of tech leaders, it is difficult to communicate to “lower” levels because it sounds condescending.

    So how are they supposed to speak on a level that another person is going to understand?

    It comes down to the ability to communicate things in a way that anyone can understand.

    In other words, keep it simple!

    Keep the flow simple and explain things in an easy-to-understand way. Two or three sentences at a fifth-grade level.

    That way, non-technical stakeholders can understand what you’re doing and what your strategy is.

    For example, if you’re in operations and you want to optimise a flow when an order comes in from your Shopify store, there is no reason your tech leader should be the one setting it up on Zapier when you can do it yourself.

    When you have these different flows that you can work with, why shouldn’t you be trying to figure them out yourself, subsequently improving yourself and your career?

    Dealing with the sense of loneliness

    Being in a top leadership position often feels like you are alone. Hence, you need people to help you get forward. But to get them on the same path, you must give them the needed confidence.   

    The more confidence technology leaders have in what they’re doing, the easier it becomes.

    You see, part of the problem of any communication is not necessarily knowing what the other side is thinking or what you think they’re the experts in. Often, they’re not the experts at all. After all, everyone rises to the level of their incompetence.

    The first thing is to understand the business.

    The next thing is to understand does anything else has to do with the strategy, whether it’s a tech strategy, marketing strategy or sales strategy.

    If it doesn’t, there are some communication issues. In that case, you simply stand up and start talking about that. 

    In other words, you get that confidence through exposure and practice. 

    This applies to all levels of technology leaders.

    Our role, wherever we are, is supporting those people and bringing them along with us.

    Even if you’re not a CTO, but you have teammates reporting to you, bring them along so that everybody understands the tech strategy.

    If you bring people in, they generally have better ideas.

    Let’s say, for example, that you’re trying to work this damn thing out and somebody comes up with something brilliant. Some technology you’ve never heard of that solves the whole thing straight away. Someone was confident enough to propose such a solution.

    The bottom line is that it’s about getting the confidence. You’re on a journey and bringing people with you will drive the technology in the business.

    So there are three steps you need to take:

    1. Bring people with you.
    2. Talk to them about it.
    3. Help them understand how it relates to them.

    As Kent Beck said in his book about extreme programming, pick all the things that don’t work for you and stop doing them. Take the things that do work for you and turn them up to 100.

    That’s how you become effective in communicating the tech strategy.

    A word of advice

    Sometimes it’s just not worth integrating something in your stack or trying to do something too complicated, just because it seems like fun and should be done because it’s complicated.

    So before you engage in something like that, ask yourself this:

    Are we wasting time on something that could be simplified?

    Because, if it’s simple, it will be much easier to communicate it to a non-technical stakeholder.

  • The Unwritten Laws of Engineering

    The Unwritten Laws of Engineering

    One of my favourite business and engineering books is probably one you’ve never heard of – The Unwritten Laws of Engineering by W.J. King. 

    Originally published in 1944 as three articles in Mechanical Engineering Magazine, the flagship publication of the American Society of Mechanical Engineers (ASME).

    There is likely to be little in this book that most experienced engineering professionals and leaders don’t already know, or at least claim to know.

    But in my experience as both a business and technology leader, many engineering and management screwups are rooted in a failure to adhere to the laws and principles so concisely presented in this book. 

    So I thought it an opportune time to dust off the cover of my favourite old tome and provide you with highlights from 10 of the authors laws and principles;

    My Top 10 Laws and Principles, from The Unwritten Laws of Engineering

    1. Develop a “Let’s Go See!” attitude. 

    When approached by someone with a real-life problem ….

    A wonderfully effective response, both technically and administratively, is to invite them to have a look with you – i.e. ‘Let’s go see!’”

    It is seldom adequate to remain at one’s desk and speculate about causes and solutions, or to retreat to drawings, specifications, and reports and hope to sort it all out.

    1. Strive for conciseness and clarity in oral or written reports. 

    There is a curious and widespread tendency among engineers to surround the answer to a simple question with so many preliminaries and commentaries that the answer itself can hardly be discerned.

    The tendency is to explain the answer before answering the question.

    1. Do not be too anxious to defer to or embrace your manager’s instructions. 

    An undue subservience or deference to any manager’s wishes is fairly common among young engineers which causes the engineer to:

    • surrender all initiative and depend on their supervisor to do all the thinking for a project.
    • persist with a design or a project even after new evidence has proven the original plan to be infeasible.
    1. Promises, schedules, and estimates are necessary and important instruments in a well-ordered business.

    Many engineers fail to realise this, or habitually try to dodge the responsibility for making commitments

    No one should be allowed to avoid the issue by the old formula, ‘I can’t give a promise because it depends upon so many uncertain factors.

    1. Cultivate the habit of “boiling matters down” to their simplest terms.

    Some people seem eternally disposed to ‘muddy the water’; or they ‘can never see the forest for the trees.

    Make it a practice to integrate, condense, summarise, and simplify your facts rather than expand, ramify, complicate, and disintegrate them.

    1. Do not get excited in engineering emergencies keep your feet on the ground.

    Most crises aren’t half as bad as they appear at first, so make it a point not to magnify a bad situation.

    The important thing is to get the facts first, as promptly and as directly as possible. Then act as soon as you have enough evidence from responsible sources to enable you to reach a sound decision.

    1. Cultivate the habit of making brisk, clean-cut decisions.

    Do not allow the danger of making a mistake to inhibit your initiative to the point of ‘nothing ventured, nothing gained.

    Make clear-cut, swift decisions, but only if a mistake won’t create wreckage for your organisation — and you.

    1. Do not hang on to employees too selfishly when they are offered a better opportunity elsewhere. 

    It’s bad business to stand in the way of a subordinate’s promotion just because the loss will inconvenience you.

    Anyway, you should not get caught in a position where the loss of an individual will embarrass you unduly. Select and train back-ups for all key personnel, including yourself.

    1. Do not be too affable.

    It is a mistake, of course, to try too hard to get along with everybody merely by being agreeable or even submissive on all occasions.

    Indeed, you can earn the respect of your associates by demonstrating your readiness to engage in a good (albeit non-personal) fight when your objectives are worth fighting for.

    Likewise, in your relations with subordinates it is unwise to carry friendliness to the extent of impairing discipline.

    1. Regard your personal integrity as one of your most important assets.

    Apart from all considerations of ethics and morals, there are perfectly sound business reasons for conscientiously guarding the integrity of your character.

    The priceless and inevitable reward for uncompromising integrity is confidence: the confidence of associates, subordinates, and outsiders. All transactions are enormously simplified and facilitated when your word is as good as your bond and your motives are above question.

    75 years and still relevant today ….

    There you have it …. The Unwritten Laws of Engineering from 1944 and IMO, much of it still relevant here in 2021.

    While many of these laws and principles may seem like common sense when you read them on screen, they are commonly violated or overlooked and should remain core to anyone aspiring to best practice.

    Words of Wisdom from the Old and the New

    It’s important for engineers and technical leaders to be lifelong learners, and to diligently learn and teach words of wisdom from the best books.

    The Unwritten Laws of Engineering ranks as one of the best books (albeit, largely unknown) available for engineers and technical leaders.

    As a technical manager and leader, I have recommended this book to entry-level engineers just out of college or university. Young, and otherwise talented engineers, often lack the soft skills to reach their full potential and Part I: What the Beginner Needs to Learn at Once helps them fill that gap.

    While there is plenty of good advice and wisdom in this book for individual contributor engineers, Part II: Relating Chiefly to Engineering Managers covers laws and principles specifically for engineering managers and leaders, or those aspiring to those roles. 

    I can’t think of any other business or engineering book that packs so much wisdom into just 60 pages. It holds a prominent spot in my technical leadership toolkit.

    About the Author

    Jim Mortensen is an experienced CTO/COO based in New Mexico, USA. He is also one of our leadership coaches and about to launch his first group coaching tribe with a cohort crossing the US and Australia.

    About CTO Academy

    CTO Academy provide online courses, coaching and career development to global technology leaders. We have been reviewed as one of the best CTO programs in the world.

  • Improving the Cybersecurity of your Company: The Complete Guide

    Improving the Cybersecurity of your Company: The Complete Guide

    Cybercriminals are getting better at threatening the cybersecurity of your company

    There is no doubt that improving the cybersecurity of your company is more important than ever.

    Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015. Hackers are always looking for new ways to target organizations, steal their data and extort them.

    As tech leaders, and specifically CTOs, are faced with the main responsibility of preventing leaks and eliminating threats, we want to give an overview of the best actions you can do as a tech leader to improve the cybersecurity of your company.

    What is the importance of improving cybersecurity in your company?

    Cybersecurity is a key issue that has been rising in importance over the last few years. The internet and computer networks are integral to our society and economy, with almost every company on the planet having a web presence.

    Cybersecurity is not just about preventing cyberattacks but also ensuring that systems are secure enough to withstand any attack as well as protecting them from data breaches and hacks.

    The main problem is, that there are more incentives for hacking than ever before, with companies spending millions on cybersecurity products yearly while many of them still fall victim to an attack.

    5 Methods for securing and improving the Cybersecurity of your Company

    As we’re a tech leadership academy, we have some great alumni and current leaders with us. We reached out to get the recommendations from them and here’s our collected list of the best advice.

    1. Communicate Potential Security Threats

    Andrew Ryan, Head of Development, UK

    Make sure to communicate potential security threats, including (and perhaps especially) ones involving social engineering – that’s key to improving the cybersecurity of your company

    Not everyone in the company will have as high a level of tech literacy and awareness of these things, let alone know what a cyber defense strategy is, so don’t take it for granted.

    Anecdotally, I sent an email blast to the entire company warning of scam emails from people pretending to be clients or even other staff members. Not two hours later, our CEO had a message from an acquaintance on linked in asking for his input on something if he could click a link. My email set alarm bells ringing. He phoned the guy directly and indeed, his account had been hacked and was sending out phishing messages.

    2. Engage your team in training, scans, and testing

    Jim Mortensen, CTO / CIO, USA

    “After doing a couple dozen buyer/investor-side technical due diligence projects over the last 9 months, I see 6 consistent gaps in security practices of organizations. “

    We’ve turned these points into actionable items:

    Make security awareness training for employees

    Many companies are failing to train employees on how to avoid cyber attacks. With hackers becoming more skilled, it’s important that we do all we can to protect ourselves from these security threats. Encrypting passwords, 2-factor authentication, and securing inboxes, should all be on the list of items.

    Make regular external vulnerability scans

    It is important to keep your website secure. A regular external vulnerability scan can help you identify vulnerabilities and fix them before they become a major problem.

    Start penetration testing for security threats

    Penetration testing is the process of simulating an attack on a computer system or network. Penetration testers are asked to try to get into a company’s system, whether it’s through social engineering, hacking, or other means. The goal is for companies to test their actual security risks and determine where they’re vulnerable before real hackers can break in. You can get software for this like www.invicti.com or www.getastra.com/pentest

    Build an understanding and improve response to applicable compliance requirements (e.g., PCI DSS, HIPAA)

    Whether it’s PCI DSS, HIPAA, or GDPR, companies of all sizes must be aware of and implement new compliance regulations to ensure that their data is safe and secure.

    Improve management/oversight of vendors (who often have these same security gaps)

    Make sure to have management and/or oversight of the vendors you’re collaborating with. Their security threats can easily become your security threats.

    Build regular internal IT risk assessments

    The best way to protect your company is to make sure you have a strong, reliable IT infrastructure. That’s why it’s important to regularly assess the risk of your system and take steps to minimize them.

    3. Start with people and company values

    Paul Clegg, CTO, UK

    Starting simple. Start with People. they’re a double-edged sword. Their awareness and behavior are paramount before implementing specific tools. e.g our most basic tool is company values.

    For example, our values are professional, focused, creative, and collaborative. We’ve given our team examples of behaviors that support staying secure in relation to company values.

    4. Get Software Involved

    Morgan Davies, Software Development Manager, UK

    The best way to avoid security issues is to get InfoSec involved in the design and development process of software. If security is only considered after features are developed, vulnerabilities will get through.

    We can measure:

    • Whether features undergo a security review
    • Whether security review slows down the development cycle
    • How well security is integrated into the delivery lifecycle
    • Whether automated testing covers security requirements
    • The use of pre-approved libraries, packages, toolchains, and processes

    5. Strengthen your incident response plans

    Josh Lopez, CTO, UK

    As was mentioned here already, security awareness training is of paramount importance.

    Zero trust is also critical for improving the cybersecurity of your company. You’ll have to implement network segmentation within the environment with least permissive access always. 

    A shift I have also seen is not if you will be hacked, but when.

    Ensure your incident response plans are adequate and test them. See how long it take you to detect, respond, contain, and recover from an attack. Many companies invest in AV, IDS/IPS technology, among many others, but the human response is weak.

    Although these tools are essential, as well as frequent vulnerability management and mitigation, making sure you are able to really respond to an incident effectively is key.

    Remember, it’s not if you will get hacked, but when!

    Bonus tip from Pedro Sampaio, CTO, Portugal

    You can try software like Riot. We just started using it and it is a really amazing tool.

    Conclusion

    It’s clear that improving the cybersecurity of your company clearly has technical elements and human elements to them.

    The security of your organization is dependent on the members within it. There are many systems, processes, and software that can be used to defend against cybersecurity attacks but if your team and organization are not trained to prevent or avoid them then your chance of it happening is getting higher.

    If you want to improve your tech leadership, consider signing up for one of the CTO Academy courses or subscribing to our newsletter.

    Stay safe,

  • How Our Hiring Strategy Changed, When We Went For Growth

    How Our Hiring Strategy Changed, When We Went For Growth

    Back in 2012, I started a two-man agency in Manchester with aspirations of becoming the goto company for helping SMEs achieve digital transformation.

    We had to start with the basics which meant websites, apps, print … yep, you name it, we probably had a tender for it at some point.

    We were soon given the green light on multiple projects and within a week we were hiring and had become employers, expanding the team slowly and organically. When opportunities came in, we would assess the skills needed and recruit to win.

    Naturally, we created a core set of skills within the agency and tried to align our resources with future work and by 2018 we were ten people, landing projects in PIM, eCommerce and a few entrepreneurs with exciting app ideas.

    That’s how we met Will, a young quantity surveyor working in the rail industry. He had a potential game-changer of an app idea.

    After a few months of prototyping and some passionate pitches to Angel investor groups, Will landed a sizable round of funding. There was a natural fit for us to continue working on what we’d built together, so we combined forces.

    With myself as CTO, Will as MD, and a core set of employees, we pivoted to become a fully-fledged SaaS platform.

    We were practically a new business with investor money in the bank and able to hire new people with a clear focus on growth. This time though our hiring focus had changed, with skill sets and hiring out of necessity were no longer the priority.

    We now felt that we wanted people who could fit in, click with others and were genuinely excited by the problem we were solving. Hiring had taken on a very different dynamic and it felt like our recruitment strategy was starting again from scratch.

    For lots of reasons the past couple of years has been very enlightening for me and not least in the area of recruiting for growth with a very clear focus on the type of people we wanted to hire.

    So I wanted to write an article with my personal experience of what really matters when you’re making those early hires …

    1. Check Your Responsibilities.

    As a first time employer, you’ll have new responsibilities. Whether employees report to you directly or not, you should always be aware of your duties as part of the senior management team. I know the CTO Academy community is global so different countries will have different resources to help but here in the UK, an excellent place to start is the government website. Read more here: https://www.gov.uk/get-ready-to-employ-someone.

    On the other hand, this is the opportunity to relinquish (partially) some of the responsibilities youhave daily. But from personal experience I know it’s one of the most challenging things to cometo terms with throughout your career. This is your baby. You have a vision of perfection; it could be related to the tech stack, the code quality, or a different business area entirely. Nobody will be able to reach the standard you probably hold yourself, at least straight away.

    In The Alliance – managing talent in the networked age, authors Reid Hoffman, Ben Casnocha, and Chris Yeh refer to hiring as a tour of duty. It is a declaration of trust and a call to arms with a clear set of objectives and expectations. I recommend giving this book a read, as your expectations of a new hire are likely to be unrealistic. For example, you and other founders will be working crazy hours because this business is your life right now; you are all in until the end. Non-founding members may be passionate about your vision and excited about the company. Still, at the same time, it’s just a job, and they will probably move on.

    Unclear expectations can be problematic. For instance, a vague or broad job description doesn’t give an employee any meaningful direction. It could result in the wrong person being hired or hiring someone at the wrong time, costing the business more in the long term. In rowing, this error in timing is known as catching a crab; a rower’s oar can become stuck in the water and acts as a brake, slowing the boat down. A severe crab can eject a rower or even capsize the boat – direction and timing are equally important.

    To be clear about what you expect from a new employee, write a job description as if it were a reflection of their first year. Work backwards through the year to set SMART objectives (Specific, Measurable, Achievable, Relevant, Timely) along the way. If the results don’t align with your company’s goals, then it could be that the job’s scope is too broad or you’re hiring too early.

    2. Company values and culture.

    A well-defined set of values underpinning your business culture and strategy will help motivate people. Having an immutable set of expectations around the way everyone communicates and behaves will ensure you can effectively deal with problems for the difficult times ahead. You should always be able to look at core values and ask, “Does this situation align with them?”.

    Being a CTO, one of your goals is to create a functional team of professionals. This doesn’t necessarily mean hiring based on skills; I’ve seen some of the most senior-level engineers crippled by their attitude toward one another. A functional team is a diverse group of people whose greatest competencies are professionalism, respect, and a growth mindset. Their skill sets all differ, as will their career and walk in life.

    Your challenge is finding them and creating an environment that upholds company values and meets its objectives. You also need to defend their time and inspire them to be creative without the prospect of being blamed for getting something wrong or thinking outside of the box.

    New businesses are chaotic as there are just too many things to do. There are also many unknowns. Sometimes, the only way forward is to try, hack it, get all hands on deck. I emphasise the word “sometimes” because all the time isn’t sustainable; you need a rhythm.

    “Creativity, progress, and impact do not yield to brute force.”- from It doesn’t have to be crazy at work by Jason Fried and David Heinemeier Hansson.

    If you ensure that your values and culture support knowledge sharing and continuous process improvement, you can let the team get on with it. To quote our ops director on his perception of Agile, “its process, practice, practice, practice, process, practice, practice …”

    3. Finding and Interviewing candidates

    My advice for finding candidates is that unless you have time to burn, then use a recruiter. Finding one is pretty straightforward; just go to your email or LinkedIn inbox. If by some miracle you’ve avoided detection, you can always do a quick search for one.

    When using recruiters, check the terms and negotiate; working with them exclusively, for instance, can yield better rates and better quality CVs sent through. If you want to use multiple for better coverage, any more than three on the same role is a bit much. There’s only a finite number of candidates out there, and recruiters can speak to a lot in a day. Whatever your approach, keep them all informed.

    Before interviewing

    Reading CVs can be monotonous; this is where recruiters are helpful. Walking them through your job description and setting expectations will save many hours. The best recruiters in my experience are those that a) actually send you quality CVs b) send snippets of their conversationswith candidates c) act as ambassadors to your company.

    When checking a CV, I look for mentions of achievements or responsibilities at each company, the dates and length of time between roles and mentions of activities/hobbies outside of work. You can quickly build up several questions based on a few key bullet points.

    Over the past year, I’ve had applications claiming more experience than on the CV. I’ve even hadtechnologies listed that didn’t exist at the time of their employment. Checking dates, I would say,is essential.

    During interviews

    “Why does your company exist?”.

    “Where do you see the company in two years?”.

    “Why should I come to work for you?”

    All three are reasonable and valid questions from a candidate. I’ve never had the last one asked directly, though it’s kind of the elephant in the room being a small business.

    For this reason, I start interviews with a candidate friendly elevator pitch and talk briefly about my company’s aspirations. By setting some context, I find that I address the questions above, encouraging a more engaging interview. In the past year, I’ve discovered that pitching first has taken the edge off any nerves candidates have had from coming into a video call with strangers.

    If working with a new recruiter, interviews can reveal how much of an ambassador of your company they are. In the past, I have asked candidates how much recruiters have told them about the role before pitching.

    As an aside, if you’re conducting interviews by video conference, stick to a maximum of two people from your side; any more can be overwhelming no matter how friendly you might be.

    Keeping the interview as a casual conversation can be a challenge at times. Asking open questions such as “What do you think about X?” instead of “Can you do Y?” generally helps the conversation flow.

    Questions I like to ask engineering candidates focus on problem-solving, conflict resolution, being a team player, thirst for learning, root cause analysis vs kicking the can, and willingness to fight fires.

    I always ask why a candidate has chosen to move on from their previous role in the first interviews. You can tell a lot about a person’s integrity, personal objectives and character from their response. Bad-mouthing a previous employer, for example, is a red flag for me.

    After the interview

    Straight after an interview is the best time to reflect and make a decision. My only advice here is to go with your gut. Typically if I come out of an interview and don’t think, “Yes, I’ll hire this person or take them to the next stage”, then I don’t dwell on it. It’s no.

    I always aim to give feedback within the same working day, then if the answer is no, everyone can swiftly move on. Giving constructive feedback, however, is a must. Think about the person on the receiving end and their perception of your company after. Even if that person was rude and the worst candidate you had ever encountered, you still have a chance to offer some value to them.

    If all goes well and you find the ideal employee, congratulations! Send an offer letter and an employment contract to them. Confirm their start date and check their references. If there is a negotiation on their employment package, remuneration, career development spend, holidays, and working hours are all cards, you can play. Be sure to check the impact on your business before promising anything.

    4. Onboarding and 1:1s

    Onboarding can be more than just a tick box exercise of introductions, tools and training. An excellent way to bring someone new to the business and keep them motivated is to create a 90-day plan and schedule regular 1:1s. By setting objectives in their first few days, your employee will know their path instead of getting lost in day-to-day tasks. The first few goals can be low hanging fruit like “Read the employee handbook” to get them started; after that, create more challenging objectives.

    By week two or three, they should have a grasp of the day to day and be progressing through the tasks and/or objectives you’ve set them. At this stage, using output as a performance indicator is probably not the best idea. Instead, I would opt for performance review through their approach towork, learning, and professional relationships with others.

    Over the years, I’ve had 1:1 meetings as walking sessions over coffee or en-route to lunch. Getting away from the office is excellent for keeping it casual. It’s essential to get feedback during this time and learn as much as possible about what problems people are having operationally and look mostly forward rather than backward.

    More recently, Sanjay at the CTO academy has helped me structure weekly 1:1s. A lot of emphasis is now placed on objective setting, wins, losses and learnings. Whenever an employee comes to me with a loss, we’ll try to figure out what we’ve learned from the loss together and turn it into a win for them.

    Mixing in peer 1:1s can also help establish better working relationships, providing timely feedback between colleagues. I found this very valuable for working out how an entirely new role fits into the engineering team.

    Final Thoughts

    In conclusion, hiring new colleagues is an opportunity to grow your business objectively, rather than through numbers alone.

    Finding a skillset is easy; you can quickly extend your team’s capabilities through contracting or freelancers.

    However, attitudes and behaviours are the seeds of something much bigger, and you can reap the benefits by creating the right environment, setting expectations, and supporting the growth of individuals in the team.

    Article written by Paul Clegg, CTO at Raildiary in Manchester.

  • What a CTO Needs to Consider When Choosing a Technology Stack

    What a CTO Needs to Consider When Choosing a Technology Stack

    When I was a developer, I was always drawn to the latest languages and frameworks. Even if they came with quirks, the excitement of working with something new made the challenges worth it. I’d spend hours setting things up—installing components, writing a simple app, deploying it with the click of a button—only to end up troubleshooting in the backend for hours.

    That excitement often landed me roles as the go-to expert, but in reality, I became more of a first-line support person.

    As a CTO, it’s critical to stay on top of trends, but jumping into the latest tech without caution can be costly. Is it worth losing man-days while your team gets familiar with a shiny new tool? Sure, they might enjoy exploring it, but at the end of the day, productivity is what counts, and that directly affects your budget.

    Key Considerations When Evaluating a New Framework

    When evaluating a new framework as a CTO, you need to balance technical excitement with practical reality. It’s not just about whether the technology is cool; it’s about whether it serves the business. Here are some key things to keep in mind:

    1. Developer Availability: If only a few developers know this framework, building and expanding your team will be a challenge. It’s not just about finding talent—it’s about finding affordable talent.
    2. Cost of Developers: Niche frameworks can lead to inflated salaries. If the framework requires high technical skill, expect to pay more. That might make sense for cutting-edge projects but could strain your budget in the long run.
    3. Framework Cost: Open source isn’t always free when you factor in support and integration. If the framework isn’t open source, look out for rising costs, especially if initial discounts for startups disappear once you grow.
    4. Setup Time: How long will it take for developers to get this running on their machines and set up for continuous integration? The time cost here is often underestimated, and the longer the setup, the longer until your team becomes productive.
    5. Deployment Complexity: Even though deployment processes have improved, certain frameworks still come with component compatibility issues. Hours lost troubleshooting deployment bugs can add up quickly, eating into project timelines.
    6. Fit for Purpose: Does the framework align with your company’s vision and long-term goals? It may be perfect now, but can it scale with you as the company grows?
    7. Scalability for Teams: When your team grows, you’ll want a framework that allows new developers to come up to speed quickly. Is the codebase structured in a way that makes this possible?
    8. Active Support: Even with open-source projects, active community support is crucial. You don’t want your developers spending more time fixing framework issues than working on your product.
    9. Security: Depending on your application, security concerns will vary. Ensure that the framework’s security components are robust and well-documented. You want to minimise vulnerabilities from the outset.

    Share Knowledge to Avoid Duplicating Efforts

    When introducing a new framework to the technology stack, one critical aspect to consider is how knowledge is distributed across your development teams. You don’t want multiple teams independently evaluating or learning the same new technology at different times. This can lead to inefficiencies, as teams repeat the same mistakes, face the same challenges, and burn unnecessary time and resources.

    To avoid this, establish a clear process for knowledge sharing:

    • Designate Early Adopters: Assign one team or a small group of developers to act as the early adopters. Let them take the lead in evaluating the framework, building prototypes, and working through initial challenges.
    • Document and Share Learnings: As the early adopters explore the framework, have them document their findings in detail. Encourage them to share not just successes but also pain points, setup procedures, and best practices they’ve discovered.
    • Internal Knowledge Sessions: Once the framework has been validated, hold internal knowledge-sharing sessions where the early adopters can pass on their expertise to other teams. This avoids each team going through the same learning curve and allows for a smoother transition.
    • Create Centralised Resources: Ensure all key insights, setup instructions and troubleshooting tips are centralised in a repository accessible by all teams. This repository should be kept up-to-date as the framework evolves.

    By fostering this culture of knowledge sharing, you not only reduce the time spent evaluating new technologies but also ensure that your teams can move faster and more efficiently. It also helps you avoid fragmented implementations, where different teams might handle the same framework in inconsistent ways.

    Conclusion

    If you’re starting a new project, it’s essential to have a shortlist of frameworks that align with both your technical and business needs. Evaluate each one with a clear focus on the considerations outlined above.

    Ideally, if you’re looking to introduce a new framework into your existing technology stack, start small: have one developer or a small team build a simple prototype. This way, you can validate the framework’s suitability before fully committing to it.

    Finally, a word of caution: don’t just choose a framework because it’s your favourite or the one you’re most familiar with. Familiarity can lead to bias, and what worked in the past might not be the best option for your current or future needs. Thorough evaluation, based on both technical fit and cost-effectiveness, is critical.

    Choosing the right technology stack is one of the most important responsibilities of a CTO. It’s a decision that affects not just your technical roadmap but your company’s overall success. By balancing innovation with practicality, you’ll ensure your team is set up for long-term success—both technically and financially.