Aligning your purpose to your work

If I’ve learnt anything over my diverse and multi-faceted career, it’s that aligning autonomy, mastery and purpose in your work is challenging. Combining this with wanting to work with incredible people, long-term work-life balance, and meeting salary and equity expectations — it’s no surprise that I’ve worked at so many places. This challenge was somewhat convoluted by my time in California, not that I have any regrets about my time in the US. The friends and connections I made, the personal and professional growth I’ve experienced is partially due to taking that first step working with LinkedIn.

Getting exposed to tech companies that invest heavily in culture, salary, equity, perks, work/life balance and so on had a long-lasting impact on the sorts of places I want to work. I just had a quick read of a post I wrote a few years ago after starting at LinkedIn. While a lot has changed in the security industry here in Australia during that time, it’s still a significantly different market to the US.

Has this made me slightly pickier for the sort of place I want to work? Yes. Is this a privileged position to take? Certainly. For family reasons, I’m here in Australia. Has this been challenging? Yes. For professional and personal reasons, my transition back home was one of the more considerable challenges I’ve faced (again, I’m trying to be mindful of my privilege - and reading this back makes all this seem sort of ridiculous). One of those challenges was trying to find Australian organisations that had a focus on application and product security.?

In the current working environment, tenure is generally lower than previous generations experienced. Current stats in Australia for how long people stay at their place of work is around 3.4 years, on average. Do I see a problem with that? Not really. I’m a firm believer that if you aren’t learning, growing, and being challenged - if you’re not working at a place where you can see the impact you’re making to your customers or communities - and if those things are important to you, then move on. When I reflected on my time after shortly joining LinkedIn, I ended the post writing this and still stand by it: “It’s a big world out there, don’t put up with the status quo. Take intelligent risks, get out of your comfort zone and push yourself to the next level.”

Do I see a problem with people that stay at the same place for a long time? Of course not! If you’re able to continue learning, growing, and challenging yourself, fantastic. If that’s not something you’re interested in and you’d prefer to focus on long-term stability, seeking a more comfortable lower-paced growth trajectory, that’s great too. It’s entirely subjective, and as organisations grow, they should want to support either avenue.

I’ve realised that how you measure and benchmark an organisation’s culture and processes are often lost in the wash when you’re interviewing for a new role; there isn’t a clear language or framework. This is challenging, as this is likely one of the key indicators you need to resolve in ensuring that you join a new organisation. Having interviewed loads of people both in Australia and the Silicon Valley, a common question that candidates ask is: “What’s a day in the life of <role>?“ It’s an interesting question, and while I think it sheds light on people’s desire to understand “Is the culture of this company one I’d enjoy?” there’s more digging that’s required.

For me, the following topics should be discussed during interviews:

1. What is the purpose of the company? This often relates to the purpose, vision and mission statements that the company may have. Sometimes these are public; usually, they’re not. If the company's purpose is to earn money for a parent company or shareholders, that’s fine. Just don’t try and pretend that’s not the case.
2. How does the individual work you do help achieve the purpose? Are you able to draw a line between the efforts you apply each day up to that purpose? It’s okay if that line includes a few connections in-between. This is often the case in security, where your job may be to “secure a product” so that “users are happy to use and invest in the product without worrying about security.”
3. What are the cultural norms related to collaboration, communication and personal development? This is tricky for me and one of the oddest challenges I’ve had working at non-product or non-tech companies. Some people may assume that the organisation’s size will have a negative impact on these things. Still, I’ve worked in very large tech companies that collaborate and communicate better than smaller orgs, and vice-versa.

This last point is addressed when walking through a “typical day”, discussing the tools and processes in place at work. It’s also the area that has rapidly evolved thanks to the growth of distributed and remote workforces. Primarily due to covid. For an increasing percentage of the workforce, the requirement to be physically present in an office to “demonstrate value” is becoming unnecessary. If you’re able to deliver value and work transparently, regardless of where or when - why should you have to sit in an office? Don’t get me wrong. I love working in an office surrounded by people, but the reality is if I need to focus and deliver more cognitive work, I’m often not doing it in an office. Personally, my ideal role is a bit of a hybrid — occasional stints of social time with colleagues and lots of focused work time.

This style of working environment is also where more product, agile, or tech companies have an advantage: Leveraging project management tools like Asana, delivering value through pushing code to GitLab, and collaborating using things like Zoom and Slack. Your value is evident to the organisation and not measured by how much your day is spent in meetings. If you’re fortunate, you may be able to work somewhere that actively tries to reduce the number of meetings you attend.

So what is a day like for me? It depends. My role with SafeStack is unlike anything I’ve done before. Combining the output of my experience in application security, software development, education, and engineering leadership, with my desire to learn and grow in the product management space. During an average month, it’s a combination of:

• Researching technical security subject matter
• Creating and collaborating on material for various audiences in various formats
• Exploring community, products and product management concepts
• Drafting RFCs and collaborating with other SafeStackers for upcoming development, community or organisational changes
• Working with our community and the broader security community
• Collaborating with our marketing team on all sorts of fun stuff
• Occasionally working with our sales team when talking to prospective customers
• Sometimes helping out our customer success team to help existing customers
• A bit of software development and operations work
• Some hacking
• Kitchen sink / helping out with all sorts of stuff (startup life)

If any of this resonates with you and you’re looking to do something a bit different in your security career, I’d be interested in having a chat. We’re growing our Secure Development team at SafeStack, and I’d love to share this journey with you. https://academy.safestack.io/careers/developer-advocate/