Security Careers and Leadership with Alex Graul
Introduce yourself! Who are you? Where do you work?
I’m Alex Graul, I’m the Director of UX for CrowdStrike, we’re a cybersecurity firm that helps protect organisations ranging from vast multi-nationals to small NGOs from sophisticated hackers. We’re best known as the firm that uncovered the hacking of the DNC during 2016 by the now notorious Russian Fancy Bear group.
My role has been to build & run a growing multi-disciplinary team of designers, writers, developers, testers & user researchers who are collectively responsible for the user experience of our products. I trained as a Graphic Designer before moving sideways into development through data visualisation work.
Who or what got you into security?
I’ve always had an interest but working full time in the space was something of a lucky fluke. I was looking for something new & interesting after a period at the Guardian building interactive & data visualisation content and noticed an enticing job listing on a semi-private list for data vis work. At the time CrowdStrike was still entirely stealth and entirely remote - before I joined I didn’t meet a anyone in person. I took a gamble and it has paid off spectacularly well. It’s been a huge amount of work to slowly understand the whole domain in practice - how hunters work, how the industry is changing and the philosophy & architecture of our product. The job satisfaction from from watching analysts use our tools to take down bad guys is pretty hard to beat.
What’s the tech scene like in London?
London is without a doubt one of the big global tech centres but most of the major employers are satellite offices of US firms (Google, Facebook & Amazon all have large developer presences now) rather than firms founded & headquartered here. That is changing though, particularly in fin-tech where there’s a real center of gravity here.
I admire your transition from engineering to leadership - what’s your advice for other looking to make the same transition?
I’m not sure I entirely feel qualified yet! When I first started managing people I asked a lot of folks I respected for book recommendations and got surprisingly few - the loose consensus was that people had essentially worked it out as they’d gone forward. I think there’s a fair degree to which you need to work out your own path and the kind of leader you want to be. There’s definitely a few things I’ve learned though, and some ideas that have been validated through experience:
Look after your people first, projects & deadlines will come and go.
Diversity is strength. Hiring people like yourself is easy, comfortable and a terrible disservice to to everybody involved. The broader the set of ideas your team can bring to the table the higher the chances of coming up with better solutions.
Remember you’ll have two sets of problems. The first is the ones your organisation wants you to solve - shipping features, improving quality, enabling sales. The second is the ones you need to solve to make that possible - hiring the right people, building the right infrastructure, creating a healthy team environment. It’s possible to succeed at the latter without the former if you forget to pay attention to your role in achieving the larger goals of the organisation.
How do you think the security industry will change over the coming years, and how might that affect your role?
One of the biggest challenges I see in the industry is staffing. Increasingly organisations recognise the magnitude of the threat but there simply aren’t the people to fill open roles manning security operations. For us that means we need to remain laser focussed on ensuring those humans can work efficiently - that we don’t create alert fatigue or information overload while not hiding what may be critical details, it’s a tightrope.
What has been your toughest lesson to learn in your software career so far?
On more occasions than I’d like to count I’ve finished demos or features with a laptop scrunched into an economy seat of an intercontinental flight. The last time I did it was for a feature I was really, really excited about, something we’d been quietly chipping away at for months. Hours before lights up I realised there was an upstream change we were going to need that it wasn’t going to be possible to deploy in time, game over. It wasn’t wasted work but it was a huge opportunity missed. The lesson - saving the day or delivering the impossible by pulling all-nighters regularly is a form of failure, despite feeling great when you pull it off. Persist and you’ll likely discover it won’t always work at the worst possible time.
What would be your number one piece of advice for a successful tech career?
Seek out and treasure good mentors. Having a sounding board I could use when I’ve been unsure of the right way to approach a problem or whether my judgement is off-base has saved me making some major mistakes and missing opportunities. Don’t be afraid to ask people you respect if they’ve got time for a one-on-one every now and then, particularly people outside your direct reporting chain.
Have you got any hobbies outside of your job? Do you think they help your tech career in any way?
Weight lifting and scuba diving. The former is excellent stress relief. A leadership role particularly in a distributed organisation can easily become a 24/7 job - timezones mean you’re getting messages around the clock and the gaps from reactive work become the downtime to do the less time-sensitive tasks. Anything that forces you to completely disengage from work regularly is good and an endorphin high does more for your mood & energy than the best coffee in the world.
What books/resources would you recommend for others wanting to follow a path similar to yours?
The Manager's Path: A Guide for Tech Leaders Navigating Growth and Change by Camille Fournier is a fantastic resource particularly for anyone making the transition or thinking about it.
Boyd: The Fighter Pilot Who Changed the Art of War by Robert Coram. Boyd’s ideas are applicable to almost any team structure and his ideas play a role in how we think about our product.
Team of Teams by Stanley McChrystal is a great insight into how powerful autonomous teams with clear missions can be. It’s in essence taking some of the descendent ideas of Boyd’s OODA loop and using them to build a high-cadence structure that was responsible for dismantling Al Queda in Iraq.
Inferior by Angela Saini is a tour de force on not just how damaging and illogical ingrained sexism is but also how easy it is for baseless ideas to be wrapped in the cloak of ‘common sense’.
Finally, make your shoutout! What would you like the readers to go have a look at?
Unsung stories! http://www.unsungstories.co.uk/
Fantastic small publisher of unusual and interesting fiction.