Work through every step of the change yourself

[marietheresa]

Look, some corporate security teams might not have the time. Feel free to skip this issue if there are only two of you.¹ But if you can wrangle some time away from other commitments, take that time to work through every task you set for the people having to change yourself.

That will accomplish a couple of things:

• it will give you a better understanding of the work involved, which will help you set realistic deadlines and tasks
• it will give you a better understanding of where people might struggle, which will let you provide appropriate help
• it will teach you everything you need to know about the change, which in turn will let you teach your people
• it will make you more believable when you talk about the change because you know what you're talking about

If I'm rolling out a security scanning tool, I'll try setting it up in one of my repositories. I'll look at the alerts it provides me and try to understand them. I'll try to solve a couple of the alerts. I'll try to understand each of the different functionalities of the tool in all of the use cases I can think of. And then, I'll read the documentation for all of that to understand how it works and to learn about the current limitations and edge cases.

Footnotes

1. Alternatively, don't skip all of it, but pick and choose. Only work through some of the steps. Do what you can. ↩