惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Know Your Adversary
Know Your Adversary
S
Securelist
I
Intezer
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
P
Privacy International News Feed
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
N
News and Events Feed by Topic
The GitHub Blog
The GitHub Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Schneier on Security
Schneier on Security
N
Netflix TechBlog - Medium
爱范儿
爱范儿
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
S
Secure Thoughts
K
Kaspersky official blog
N
News | PayPal Newsroom
O
OpenAI News
Last Week in AI
Last Week in AI
C
Check Point Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tor Project blog
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
Martin Fowler
Martin Fowler
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog

Yusuf Aytas

When Code Is Cheap, Does Quality Still Matter? Why Crouching Tiger, Hidden Dragon Is a Masterpiece Why We Ignore Advice The Mirror Is Part of the Machine When Too Many Maps Overlap on One Person The Work Runs on Different Maps Your Work Introduces You Trial By Fire The Dude Why Headcount Math Lies Capacity Is the Roadmap The Roadmap Is Not the System Torres del Paine W Trek Escaping Status Theater Incentives Drive Everything Scaling Culture Without Dilution What Good Looks Like Why Airport Security Feels Random Why Politics Appear How to Work with Me The Janus Protocol Multi-Horizon Delivery Framework What Good Execution Looks Like Managing Your Manager Why Kingdom of Heaven’s Director’s Cut Is Better AI Broke Interviews Most of What We Call Progress Managers Have Been Vibe Coding All Along Stop Wasting Brainpower Why Over-Engineering Happens Prisoner's Dilemma Climbing No More The Weekly Win Mevlana Candy Brewing Turkish Tea Onboarding Your Engineering Manager Technical Deep Dives Yapay Zekâ Çağında Bilgisayar Mühendisliği Building Remote Teams From Idea to Launch in 2 Weeks Reflecting on Software Engineering Handbook Representing the Business New Manager Survival Guide Take Self Reviews Seriously Chasing Real Respect The Invisible Difference Learning the Johari Window Management is a Lonely Place Simple Task Management AI Balance in Work PIP Manager Insights Engineering Manager Interview Preparation Work-Life Balance as a Manager Bridging the Management Disconnect Tech Hiring Bubble Bursts Traits for EMs Simple Acts of Recognition Matter The Question I Ask Every New Report The Reality of an Employer's Market Bridging Ideals and Reality Hiring Red Flags Why The Godfather Is So Damn Good Subteam Tenets No Fluff Please Losing a Top Performer Balancing Act of Reliability Building Trust in Engineering Teams Ideal Number of Direct Reports Overriding a People Leader’s Decision From Misperception to Promotion Perception vs Perspective Setting Goals From Engineer to Manager Getting Delegation Right Interviewing Your Future Boss Celebrating Our Book in Iceland Operational Skills Needed On Writing Software Engineering Handbook Charlie Munger Quotes Working with Dependencies From Las Vegas to Canyons Navigating Layoffs Handling Competitive Dynamics A Weekend Getaway to Malta Engineering Health Essentials Should Dev Managers Code? Confronting the Life on Pause Winning Eleven Kindness is A Choice Bireysel Katılımcılar ve Yöneticiler Leading from Where You Are The Subtle Art of Listening Coding in Leadership The Power of Consistency The Making of a Leader The Path to Leadership Embracing TikTok Talent Sourcing Journey Leading Self Managing Teams Cracking Coding Bottlenecks
Risk Comes First
Yusuf Aytas · 2020-12-31 · via Yusuf Aytas

Published · 8 min read

You probably saw many cliché stuff about risking everything. Not risking is the biggest risk and all. While there is a truth to that, risk needs to be an appetite. Remember what happened with the 2008 global financial crisis. Some took risks. Miscalculated. Misrepresented. Misaligned. So forth. Where did we end up? Entire markets froze. Liquidity vanished overnight. Companies collapsed in a chain reaction because nobody understood the true exposure they were carrying. Everyone assumed someone else was watching the details. No one was.

Similarly, what does that mean in engineering? Cowboy coding. No backup procedures. No code reviews. No testing. No handover. No documentation. No blue or green deployments. No staging environment. Shipping changes straight into production. Friday master merges. No feature flags. No monitoring until the outage already happens. Relying on tribal knowledge instead of written truth. Hoping for the best while silently carrying risk in every corner of the system.

This is how engineering fails. It’s not through a single mistake but through a slow buildup of unspoken risk that everyone ignores while they focus on what they are doing. Risk is always building up somewhere. It hides in someone’s silence, in someone’s assumptions, in the things people forget to mention, in the places where a team says “we will fix it later” but later never arrives. It is never a flashy problem. It is always the quiet one underneath. This is why risk comes first. We need to look at risk before we look at speed or ideas or features.

Risks follows you even you keep movingRisks follows you even you keep moving

What is risk though? It is the devil in the details. It is something that hides. It is in all the things that feel boring or feel routine. It feels like something you can ignore for another day, and then another one, and then one more after that.

Unfortunately, most teams only recognise risk when something finally breaks. A production outage. A missed deadline. An architectural decision that was made without the right people in the room. A conflict between two teams that suddenly becomes a political problem. Nonetheless, the real damage was already happening long before by the time these things surfaced. The root cause was not the failure. The root cause was the quiet accumulation of ignored signals.

This is something I remind myself often. I like being bold. But being bold without understanding the risk profile is just recklessness and silliness. I used to think experienced people were being overly cautious. I assumed the priority was speed, or output, or coming up with clever ideas. The more responsibility I had, the more I realised that what really matters is the risk profile behind the work. If the foundation is shaky, the project becomes shaky. If communication is unclear, delivery becomes unpredictable. If assumptions stay unspoken, everything built on them becomes fragile.

It’s funny that I now realize the risk is present in every decision a team makes. The question is whether that risk is visible or invisible. Visible risk can be managed. Invisible risk grows in the dark until it escapes at 4:58 AM. That is why the most dangerous risks in engineering are not technical. They are the silent ones created by habits, assumptions, and shortcuts that feel harmless in the moment. What kind of risks should we think of?

The Types of Risks

In time, I learned here and there a bit. We are engineers, not developers and that distinction matters. Technically, I’m a manager but still. We need to address the risk. Although there are so many risks for a software project, team or organization, a few generally stood for me. They look ordinary. They look harmless. They look like everyday behaviour. Nevertheless, that is what makes them dangerous. Here are the ones that matter most.

Alignment risk

People think they are working toward the same goal, but they are not. One group is optimising for speed. Another is optimising for correctness. One is writing a library. Others do not use it. Someone else is solving a completely different problem. Everyone feels productive, yet the team moves in different directions.

Communication risk

Information moves slowly, or not at all. The right people hear the right thing too late. Updates only reach half the team. Decisions happen in private conversations and never make it into the shared space. Communication risk creates uncertainty, and uncertainty is one of the fastest ways to create pressure from above.

Expectation risk

You believe success looks a certain way. Your manager believes something else. Stakeholders believe something entirely different. Nobody says it out loud because everyone assumes they understand each other. This risk grows quietly until the moment of delivery, when everyone realises they were imagining different outcomes.

Execution risk

The scope is bigger than expected. Dependencies multiply. Unknowns become real. Work takes more time than planned, yet nobody reacts early enough. Execution risk is not about failure. It is about pretending things are on track when they are not. By the time people acknowledge reality, the timeline has already broken.

Interpersonal risk

There are unresolved tensions between people. Someone feels unheard. Someone feels pressured. Someone feels disrespected. People stop asking questions. They stop surfacing concerns. They stop collaborating with full energy. Interpersonal risk drains the team slowly until motivation and trust disappear.

Visibility risk

Leaders cannot see what is happening. They do not know the state of the work. They do not know the truth about progress. They do not know what worries the team has. When visibility is low, leaders assume risk is high. And when leaders feel risk is high, they begin to intervene in ways that slow the team down even more.

Structural risk

The organisation is set up in a way that guarantees friction. Ownership is unclear. Responsibilities shift day and night. Nobody decides on anything. When they do, it’s not written anywhere. Teams are connected through fragile dependencies. Structural risk is not created by individuals. It is created by the environment they work in.

Momentum risk

This happens when small delays accumulate. A week slips here. A decision waits there. A dependency drags on. Nothing looks serious on its own, but the accumulation of those stalls the progress. Once momentum disappears, it takes enormous effort to recover it.

A Formula That Helps

Risk feels abstract until you break it into something you can measure with your eyes and your instincts. Every project carries risk. Every decision carries risk. Every conversation carries risk. The question is how to see it before it becomes a problem. Here is the formula I use.

Risk equals ambiguity multiplied by impact, divided by visibility. Voila!

Software Development Risk FormulaSoftware Development Risk Formula

It looks simple, but it explains almost everything that goes wrong in engineering work.

Ambiguity

This is everything that is unclear. Unknown requirements, unclear ownership, missing context, hidden assumptions, confused priorities, or the silent moments where people think they agree but they do not. When ambiguity increases, risk increases with it.

Impact

This is the weight of what can go wrong. A tiny feature with no users has low impact. A change that touches billing, authentication, or production infrastructure has a high impact. Even a small misalignment can become serious if the impact is large enough.

Visibility

This is how clearly everyone sees what is happening. High visibility lowers risk because people can react early. Low visibility raises risk because surprises grow in the dark. Visibility includes updates, written notes, honest conversations, early signals, and shared understanding.

So the formula becomes simple. 

  • If something is ambiguous and the impact is high and visibility is low, the risk will explode.
  • If something is clear and the impact is manageable and visibility is high, the risk stays contained.

You can use this formula on every task, every plan, and every project. You can use it to decide when to raise a concern. You can use it to see when a team is drifting off track. You can use it to understand why a manager is anxious. You can use it to understand why leadership pushes for more updates even when the work is going well.

In Conclusion

Risk is always present, even when people do not see it. Think about something simple. Why do you buy a child seat for a car? You want to be safe. You want to protect someone you care about. But for a long time people drove without child seats. The risk was always there. It did not appear the day the regulation arrived. People just did not recognise it until the cost became impossible to ignore.

Work is the same. Projects do not fail suddenly. Teams do not fall apart in one moment. The risks were already there. Unclear expectations. Quiet assumptions. Missing information. Shaky foundations. If you do not see them early, you only notice them when something breaks.

This is why risk comes first. When you understand the risk profile of your work, you protect the people around you. You make better choices. You keep the system safe. You prevent the slow, silent problems from growing. And you build trust without needing to talk about trust at all.