Applied Alchemy
====================
## The Startup CTO's Field Guide to Building Technology Companies from Nothing
Figure 1\. "These are all yours now. No, you can't give any back."
Congratulations -- you've worked your way to the top of the engineering ladder. Your journey has ended. But your journey has just begun. The job that got you the title and the job you now have to do are completely different -- and they'll be different again in 18 months.
The startup CTO role transforms completely as the company grows -- from coder to manager to director to strategist -- and most founding CTOs are replaced by Series B not because of technical shortcomings but because they never develop the business fluency, communication skills, and self-awareness to navigate those transitions. Half of all founding CTOs are replaced not for technical failures but because they never closed the gap between what they could build and what they could communicate.
This book maps that transformation stage by stage. It begins with the decisions that feel permanent but shouldn't be -- your stack, your MVP, your first architecture -- moves through the competitive engine of shipping velocity, and confronts the business acumen gap head-on: the communication failures, the board meeting disasters, the co-founder conflicts that end more CTO tenures than any technical mistake.
It addresses the AI disruption reshaping the role in real time: team compression, vibe coding's promise and peril, and the new competencies every CTO now needs. It includes the parts no one talks about publicly -- burnout rates that would alarm any HR department, the loneliness of a role where you can't show doubt to anyone, and the growing movement to normalise CTO transitions as a sign of strength rather than failure.
Grounded in named case studies, quantitative benchmarks, and interviews with CTOs across stages and outcomes, this is the field guide for every stage of that transformation -- from your first commit to the day you have to decide whether to step aside.
## Table of Contents
### Part I: The Map
* [Introduction: The Role Nobody Prepared You For](introduction.html)
* [Chapter 1: The Four Stages](1-four-stages-cto-evolution.html)
* [Chapter 2: How People Become CTOs](2-how-people-become-ctos.html)
* [Chapter 3: The CEO-CTO Relationship](3-ceo-cto-relationship.html)
### Part II: Building and Shipping
* [Chapter 4: Technical Decisions as Business Decisions](4-technical-decisions-business-decisions.html)
* [Chapter 5: Technical Debt](5-technical-debt.html)
* [Chapter 6: Shipping](6-shipping-software.html)
* [Chapter 7: Rushing vs Speed](7-rushing-vs-speed.html)
* [Chapter 8: Working with Product](8-working-with-product.html)
* [Chapter 9: Measuring What Matters](9-measuring-engineering-metrics.html)
### Part III: The Gap Nobody Talks About
* [Chapter 10: The Business Acumen Gap](10-business-acumen-gap.html)
* [Chapter 11: Building the Team](11-building-engineering-team.html)
* [Chapter 12: AI Transformation](12-ai-transformation.html)
### Part IV: Surviving and Evolving
* [Chapter 13: From Maker to Multiplier](13-maker-to-multiplier.html)
* [Chapter 14: The Operating Rhythm](14-operating-rhythm.html)
* [Chapter 15: Burnout and Isolation](15-cto-burnout-isolation.html)
* [Chapter 16: Knowing When to Step Aside](16-knowing-when-to-step-aside.html)
* [Chapter 17: Building Something That Outlasts You](17-building-lasting-legacy.html)
### Appendices
* [Appendix A: The First Ninety Days](appendix-a-first-ninety-days.html)
* [Appendix B: Stage-by-Stage Metrics Guide](appendix-b-stage-metrics-guide.html)
* [Appendix C: Compensation and Equity Benchmarks](appendix-c-compensation-equity-benchmarks.html)
* [Appendix D: Technical Due Diligence Preparation Guide](appendix-d-technical-due-diligence.html)
* [Appendix E: The Operating Rhythm -- Quick Reference](appendix-e-operating-rhythm-reference.html)
* [Appendix F: Recommended Reading](appendix-f-recommended-reading.html)
* [Appendix G: Your AI CTO Advisor](appendix-g-ai-cto-advisor.html)
## Frequently Asked Questions
1. _What is Applied Alchemy about?_
Applied Alchemy is a field guide for startup CTOs that maps the transformation from coder to manager to director to strategist. It covers the technical decisions, team building, communication failures, AI disruption, burnout, and leadership transitions that define the role -- grounded in named case studies and quantitative benchmarks rather than generic advice.
2. _Who is Applied Alchemy written for?_
The primary audience is startup CTOs at every stage -- from first-time technical co-founders writing all the code to experienced engineering leaders managing hundreds of people. It is also valuable for aspiring CTOs, VPs of Engineering, engineering managers considering the CTO path, and CEOs who want to understand what their CTO is navigating.
3. _What topics does Applied Alchemy cover?_
The book covers the four stages of CTO evolution, the CEO-CTO relationship, technology stack decisions, technical debt strategy, shipping velocity, deadline management, product collaboration, engineering metrics, board communication, team building, AI transformation, the transition away from coding, operating rhythms, burnout prevention, knowing when to step aside, and building a lasting legacy.
4. _Is this book useful for first-time CTOs?_
Yes -- first-time CTOs are the core audience. The book starts from the assumption that most CTOs arrive in the role without formal preparation, covers the earliest decisions (choosing a stack, building an MVP, making your first hire), and maps the transitions that catch first-time CTOs off guard. It provides the playbook that does not exist in most organisations.
5. _How is Applied Alchemy different from other CTO books?_
Most CTO books are written by consultants observing the role or by former CTOs writing from memory. Applied Alchemy is written by a working CTO currently navigating the challenges it describes. It prioritises named case studies over anonymised anecdotes, quantitative benchmarks over generic advice, and honest discussion of failure modes -- including burnout, isolation, and the reality that most founding CTOs are eventually replaced.
## Part I: The Map
Introduction: The Role Nobody Prepared You For
====================
> "Most of what we built, nobody will ever see. And the only reason why we do this well is our own professional pride in operational excellence. That is what defines the best builders. They do the things properly, even when nobody's watching."
>
> -- Werner Vogels, CTO of Amazon, AWS re:Invent closing keynote, December 2025
---
Monday. A production incident takes down your largest client's dashboard during a board meeting. Your co-founder sends a Slack message from the conference room: "Board is asking what happened. Can you join?" You are already in the war room with two engineers, staring at a cascade of errors in a service you haven't personally touched in eight months. You fix the immediate problem in forty minutes. You join the board call ninety minutes late, apologise, and spend the remaining time trying to explain what went wrong in language that does not include the words "race condition," "connection pool," or "retry backoff." The board nods politely. You can feel the temperature change.
Tuesday. The CEO asks for a one-on-one. It is not on the calendar. The conversation is short: the feature promised for Q1 has slipped again, the sales team is losing deals because of it, and the CEO has been fielding questions from investors about whether the engineering team "has the right leadership." The CEO does not say "we need to bring in someone more senior." They do not need to. The sentence is in the room.
Wednesday. Two engineers give notice within three hours of each other. One is your best backend developer. The other is the only person who understands the billing system. Neither resignation is about money. Both mention the same thing: they do not feel like the company has a clear technical direction.
Thursday. You sit in the weekly leadership meeting. The CFO presents a fifteen-minute revenue analysis. The CMO walks through a twenty-minute campaign review. You get five minutes for the "tech update." You spend those five minutes trying to explain why the team needs to pause feature development for six weeks to address technical debt that is slowing every project. The CEO's eyes glaze over at "dependency graph." The CFO asks what the ROI of the debt reduction would be. You do not have a number. The conversation moves on.
Friday. The office is quiet. You sit at your desk and open the codebase -- the one you built from the first commit, the one you know better than anyone alive. You haven't merged a pull request in four months. You scroll through recent changes you didn't review, in a language you chose, in an architecture you designed, maintained by people you hired. The system works. It works without you. And you are not sure whether that is the greatest achievement of your career or the clearest sign that the role you loved has become a role you dread.
| | AUTHOR: Your version of this week. Not all five days -- even one or two moments that the reader will recognise. The composite scene establishes the emotional range of the role; your specific version grounds it in a real company and a real person. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
This book is for that person. Not because the week gets easier -- it does not -- but because every crisis in that week has a framework, and almost nobody gives you the framework before you need it.
## What This Book Is About
The startup CTO role is the most consequential and least understood position in the technology industry. Nearly 80% of successful technology companies have either a founding CTO or a technical CEO.\\] The CTO builds the product that the company sells, hires the team that builds the product, designs the architecture that constrains the product's future, and translates between the engineering organisation and the business leadership that funds it. Every other function in the company -- sales, marketing, finance, operations -- depends on what the CTO's team produces.
And yet. No standard training exists for the role. No professional certification. No established curriculum. When Andy Skipper founded CTO Craft in 2017 and asked CTOs how much formal preparation they had received, "the resounding answer was none."\\] Seventy percent of CTOs come from software development backgrounds, and only 14% held a VP of Engineering role before taking the title -- most arrive without prior experience leading an engineering organisation at the executive level.\\] The CFO has accounting credentials. The General Counsel passed the bar. The CTO has whatever they happened to learn as an engineer, and discovers on the job that engineering is the smallest part of what the role demands.
The role transforms completely every 18 to 24 months. The CTO who was effective at five engineers discovers that the job at twenty engineers is a different job -- one that requires hiring skills, process design, and cross-functional communication rather than code. The CTO who mastered the twenty-person team discovers that the job at fifty people is different again -- organisational architecture, board communication, and strategic planning. Each transformation requires the CTO to let go of the skills that made them successful at the previous stage and learn a new set of skills they were never trained for, often without a mentor, a peer group, or even a clear description of what the new stage requires.
The result is predictable. Noam Wasserman's research on more than 10,000 founders shows that 52% of founder-CEOs are replaced by their third financing round, with nearly three-quarters of those replacements being involuntary.\\] No equivalent large-scale study tracks founding CTOs specifically, but the structural dynamics -- a role that transforms faster than the person holding it, a board that evaluates business outcomes rather than technical quality, a co-founder relationship that compounds unresolved tension -- apply to every founding executive.
Adelina Chalmers, a CTO advisor who has coached dozens of startup CTOs over more than a decade, provides the most specific data on why CTOs are replaced. Her finding, drawn from working with CTOs and interviewing their investors: "100% did NOT get fired because of their technical skills." Instead, 70% were fired because they could not communicate with the board and other non-technical leaders, and 30% because they were not strategic enough.\\] The core insight of this book follows directly from that finding: **the thing that determines whether a startup CTO survives is not their architecture, their code quality, or their technical judgment. It is their ability to translate technical reality into business language -- and their willingness to operate as a business leader, not just a technical one.**
The burnout data suggests the role is taking a toll beyond career risk. The LeadDev Engineering Leadership Report 2025, surveying 617 engineering leaders, found that 22% were experiencing critical burnout and an additional 24% were at moderate burnout levels -- nearly half of all respondents in the danger zone. Only 21% were categorised as healthy.\\] The CTO Craft community survey found that 97% of CTOs reported experiencing loneliness in the role.\\]
This book covers the full scope of the job: the technical decisions, the organisational design, the business communication, the co-founder relationship, the personal survival. It is not a DevOps manual. It is not a management theory book. It is a field guide -- written by a working CTO, for working CTOs, about the actual experience of building technology companies from nothing.
## Who This Book Is For
This book is for three people.
The first is the **founding CTO** -- the technical co-founder who chose the stack, wrote the first commit, and now manages a growing team while trying to maintain the architecture they built and the relationship with the CEO who depends on them. This person is in Stage 1 or 2 of the four-stage model. They are experiencing the first transition -- from building to leading -- and are not sure whether the disorientation they feel is a personal failing or a structural feature of the role. It is structural. [Chapter 2](2-how-people-become-ctos.html) will make that clear.
The second is the **scaling CTO** -- the person who has survived the early stages and is now managing managers, communicating with the board, and discovering that the job has less to do with technology and more to do with people, politics, and business strategy than they expected. This person is in Stage 2 or 3\. They are effective but exhausted, and they suspect that the thing they are optimising for -- engineering quality, team velocity, technical excellence -- may not be the thing that determines their survival. They are correct. [Chapter 10](10-business-acumen-gap.html) will explain why.
The third is the **CTO who is wondering whether it is time to leave** -- either because the role has outgrown them, because they have outgrown the role, or because the cost of staying has become higher than the cost of going. This person is in Stage 3 or 4\. They need [Chapter 16](16-knowing-when-to-step-aside.html)'s framework for departure, [Chapter 15](15-cto-burnout-isolation.html)'s burnout diagnostic, and [Chapter 17](17-building-lasting-legacy.html)'s long view of what comes after.
## The Map
The book is organised around a four-stage model of the CTO's evolution, introduced fully in [Chapter 1](1-four-stages-cto-evolution.html):
**Stage 1: Coder.** The CTO writes most of the code. The team is small -- often just the CTO. The job is building the product. This is the stage that most CTOs were trained for and the stage they will spend the rest of their career grieving.
**Stage 2: Manager.** The CTO manages the people who write the code. The team is growing. The job shifts from building to hiring, from coding to reviewing, from solving problems to ensuring that other people can solve problems. The CTO's calendar fills with one-on-ones. Their IDE gathers dust.
**Stage 3: Director.** The CTO manages managers. The team has layers. The job becomes process design, cross-functional communication, and organisational architecture. The CTO spends more time in meetings with the CEO, the board, and the sales team than with engineers.
**Stage 4: Strategist.** The CTO owns the technical vision and its communication to the business. The job is translation: converting engineering reality into board-level language, converting business strategy into engineering priorities, and making architectural decisions that will constrain the company for years. The CTO at this stage may not write any code at all.
Each stage requires the CTO to let go of the activities that defined the previous one. Each transition involves a kind of grief -- the loss of the identity that made the CTO effective at the stage they are leaving. And each transition is a point at which the CTO must honestly assess whether they want to make the next jump, or whether the role has outgrown them -- or they have outgrown the role.
The book follows this arc but is organised by problems rather than stages, so the reader at any stage can open to the chapter most relevant to their current situation.
## How to Read This Book
**Part I -- The Map** (Chapters 1--3) orients you. [Chapter 1](1-four-stages-cto-evolution.html) establishes the four-stage framework. [Chapter 2](2-how-people-become-ctos.html) normalises the "accidental CTO" experience -- the fact that almost nobody who holds this title was ready for it. [Chapter 3](3-ceo-cto-relationship.html) addresses the CEO-CTO relationship, the single most consequential dynamic in the startup. Read Part I first regardless of your stage. It takes less than an hour and reframes everything that follows.
**Part II -- Building and Shipping** (Chapters 4--9) is the operational playbook. Technical decisions as business decisions ([Chapter 4](4-technical-decisions-business-decisions.html)). Technical debt as a strategic instrument ([Chapter 5](5-technical-debt.html)). Shipping velocity as competitive advantage ([Chapter 6](6-shipping-software.html)). Managing the pressure to move faster ([Chapter 7](7-rushing-vs-speed.html)). Working with product ([Chapter 8](8-working-with-product.html)). Measuring what matters ([Chapter 9](9-measuring-engineering-metrics.html)). This is the section you will dog-ear and return to. If you are in Stage 1 or early Stage 2, start here after Part I.
**Part III -- The Gap Nobody Talks About** (Chapters 10--12) delivers the book's core insight. [Chapter 10](10-business-acumen-gap.html) argues that the business acumen gap -- not technical skill -- is what gets CTOs fired. [Chapter 11](11-building-engineering-team.html) covers building and leading the team. [Chapter 12](12-ai-transformation.html) addresses the AI transformation and what it means for the CTO's role. If you are in Stage 2 or 3 and feel the ground shifting beneath you, this is where the book becomes different from every other engineering leadership book you have read.
**Part IV -- Surviving and Evolving** (Chapters 13--17) addresses the personal and existential dimensions. The identity crisis of leaving code behind ([Chapter 13](13-maker-to-multiplier.html)). The operating rhythm that keeps you sane ([Chapter 14](14-operating-rhythm.html)). The loneliness and burnout that the role produces ([Chapter 15](15-cto-burnout-isolation.html)). Knowing when to step aside ([Chapter 16](16-knowing-when-to-step-aside.html)). Building something that outlasts you ([Chapter 17](17-building-lasting-legacy.html)). If you are in Stage 3 or 4 -- or if you are at any stage and feeling the weight of the role -- read Part IV. It contains the content you did not know you needed.
| | AUTHOR: A sentence or two about what the reader should expect from the \[AUTHOR\] tags throughout the book -- that these are places where your specific experience at CorralData grounds the argument in a real, current company rather than retrospective case studies. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## A Promise
By the end of this book, you will have the frameworks, language, and self-awareness to navigate every stage of this role -- or to recognise when it is time to hand it to someone else, and do so from a position of strength.
The role does not get easier. But the disorientation -- the feeling that you are the only person who has experienced this particular combination of pressures, that there is no playbook, that nobody warned you -- that part ends here. There is a playbook. There are people who have been through it. And the fact that you are reading this book means you are already doing the thing that most CTOs fail to do: treating the role as a discipline that can be studied, practiced, and improved, rather than an identity that must be performed.
The week described at the beginning of this introduction is not a failure. It is a Monday through Friday in the life of someone doing one of the hardest jobs in the technology industry. The question is not whether weeks like that will happen. The question is whether you have the frameworks to navigate them, the relationships to sustain them, and the self-knowledge to recognise when the role needs you to change -- or when you need to change the role.
Let's begin.
## References
. Index Ventures, _Scaling Through Chaos_, 2024\. Analysis of 200,000+ career profiles across 200 successful tech companies. Reported in _Fortune_, March 18, 2024\.
. Skipper, A. (2017, June 22). Introducing CTO Craft: A nudge in the right direction for tech leaders. _CTO Craft_ (Medium).
. STX Next, _The Global CTO Survey 2021 Report_. -- Survey of hundreds of CTOs globally. 70% previously worked as software developers/engineers; only 14% held VP of Engineering titles.
. Wasserman, N. (2003). Founder-CEO succession and the paradox of entrepreneurial success. _Organization Science_, 14(2), 149--172\. Expanded in Wasserman, N. (2012). _The Founder's Dilemmas_. Princeton University Press. Based on \~10,000 founders across \~6,000 US tech and life sciences startups. Note: data tracks founder-CEO replacement; no equivalent CTO-specific study exists.
. Chalmers, A. (\~2023). LinkedIn post on CTO firing statistics. -- Based on Chalmers's consulting experience with dozens of startup CTOs over 13+ years. See also Chalmers, A. (2024, July 3). Most founding CTOs are fired or moved sideways within 3--5 years. _Medium_.
. LeadDev, _The Engineering Leadership Report 2025_. Survey conducted March 14--27, 2025, n=617 engineering leaders. -- Note: only 6% of respondents were CTOs; the majority were engineering managers and senior engineers.
. CTO Craft loneliness survey, n=100 CTOs. Cited in Lawrence case study and CTO Craft community materials.
Chapter 1: The Coder, the Manager, the Director, the Strategist
====================
> No man ever steps in the same river twice, for it is not the same river and he is not the same man.
-- Heraclitus
fragment (c. 500 BCE)
Key Takeaways
* The startup CTO role is not one job but four -- Coder, Manager, Director, Strategist -- compressed into a timeline that gives you months to master what corporate leaders get decades to learn.
* What kills most CTOs is not the stage they are in but the transition between stages, because each one demands surrendering the very skill that made them successful in the last.
* The four-stage model is a map, not a mandate. Some of the best CTOs in the world have deliberately moved backward -- and the company was better for it.
* Every stage has a distinct failure mode: the Coder who cannot delegate, the Manager who cannot think strategically, the Director who loses touch with the technology, and the Strategist who loses touch with the team.
Greg Brockman had a Tuesday problem.
By 2013, Stripe had grown fast enough that Brockman -- already functioning as CTO, though the title only became official midway through the year -- needed to keep pace with an expanding engineering team. His solution was to stack all his one-on-one meetings on Tuesdays. By Tuesday evening, he was spent. By the time he recovered enough to do productive work, it was Tuesday again.\\]
The CTO of one of the most consequential fintech companies in the world had compressed himself into a single functional day per week. Not because he lacked ability. Because the job he had been doing -- designing Stripe's server architecture, building its credit card vault in a two-week sprint over the holidays, writing the core authorisation flow -- no longer existed.\\] The company had grown past the point where the CTO's value came from writing code. It now needed someone who could manage people, build teams, and delegate. Brockman was still operating as the chief builder. Stripe needed a chief organiser. The role had changed; he hadn't.
This mismatch -- between the job you prepared for and the job you now hold -- is the central challenge of being a startup CTO. The role is not one job. It is at least four different jobs compressed into a few years, each demanding skills that the previous job did not teach you and may have actively discouraged. Most CTOs who fail do not fail because they lack technical skill. They fail because they do not recognise or survive the transitions between stages.
This chapter maps those stages. Not as a prescription -- the path is not always linear, and some of the best CTOs in the industry have deliberately moved backward rather than forward. But as a diagnostic. If you can name the stage you are in, you can see the transition coming. And if you can see it coming, you are less likely to be destroyed by it.
## Four Different Jobs in Four Years
Evan Cooke, co-founder of Twilio, put the problem bluntly at First Round's CTO Summit in 2024: the enormous scope of change in the CTO role does not get enough recognition.\\] Cooke described it as three careers compressed into one tenure. The first career is the engineer -- in the code all day long. The second is the manager -- one morning you wake up and realise your entire day is meetings, you are managing 20 or 50 people, and you are buried in one-on-ones and recruiting. The third is the executive -- you have finally hired a VP of Engineering, and now you are confused about how to continue moving the business forward with the same momentum.\\]
Daniel Jarjoura, who runs a ten-week experiential course for startup CTOs, quantified the cycle: a founding CTO changes jobs every time the company reaches a new growth stage, roughly every 18 months. If everything goes well, a founding CTO goes from coding most of the time to being completely out of the code in five years or less.\\] The 18-month figure is an approximation -- hypergrowth compresses it, slow burns stretch it -- but the underlying dynamic holds. The company does not pause and announce that it has entered a new stage. It grows, and the CTO's job transforms around them whether they are ready or not.
The ambiguity is not new. When Werner Vogels, Amazon's CTO, wrote about CTO role types in 2007, he opened by quoting Nathan Myhrvold, the former CTO of Microsoft, who when asked to define the role responded with a two-word answer that still resonates: "Hell if I know."\\] Vogels was drawing on a 2002 paper by Tom Berray and Raj Sampath that attempted to classify CTOs into four archetypes -- Infrastructure Manager, Technology Visionary, External-Facing Technologist, Big Thinker -- none of which quite captured the startup version of the role.\\]
Two decades later, the taxonomy has sharpened. CTO coach Viktor Nyblom identifies four sequential stages, each triggered by the company's growth, each requiring fundamentally different skills.\\] Jarjoura's research independently maps almost the same stages, adding the quantitative dimension of how much time the CTO spends writing code at each one.\\] The convergence is striking. Two practitioners working from different client bases arrived at essentially the same model:
| Stage | Company size | Revenue range | Coding time | Primary activity |
| -------------- | ---------------- | ------------- | ----------- | --------------------------------------- |
| The Coder | 1--15 employees | €0--3M | 70%+ | Building the product |
| The Manager | 15--45 employees | €3--15M | 10--40% | Building and managing the team |
| The Director | 45--250 employees | €15--100M | <10% | Leading leaders, setting strategy |
| The Strategist | 250+ employees | €100M+ | 0% | Culture, multi-year vision, board-level |
Sources: Nyblom (2023) for stages, company size, and revenue ranges; Jarjoura (2021) for coding time allocation.\\]\\]
Each stage has a distinct failure mode -- a trap that catches CTOs who have mastered the current stage but not yet recognised that its demands are shifting.
**The Coder** is the founding builder. Vadim Kravcenko described the stage with the candour of someone who lived it: "In 2017, I found myself stepping into the shoes of a CTO for the first time. I joined a small startup as a senior developer, and before I knew it, I was handed the reins of the tech team. Having the CTO title sounded cool, but in reality, it was more of a tech lead role."\\] That gap between the title and the daily work is characteristic. The CTO at this stage writes code, does DevOps, handles security, interviews candidates, fields customer support tickets, and makes architecture decisions -- often all in the same day. Speed-of-iteration is the survival metric. Nyblom is direct: launching in four months instead of eight could be the difference between traction and death.\\] The trap at this stage is premature optimisation -- investing in elegant architecture when the product does not yet have revenue. The CTO who spends three months building a microservices infrastructure for an MVP that may pivot next quarter has confused engineering quality with business survival.
**The Manager** emerges when the team outgrows what one person can coordinate. Sub-teams form. Pull request review becomes impossible to do solo. The CTO's job shifts from writing code to getting other people to write code together -- and the difference between those two activities is larger than it appears from the outside.\\]
The technical work itself changes character. At the Coder stage, the CTO writes greenfield features and makes architecture decisions. At the Manager stage, a growing proportion of the technical work is rework -- paying back the shortcuts taken for speed during the Coder stage. The CTO is still writing code 40% of the time, but the nature of that code has shifted from building to maintaining, and the other 60% is consumed by training developers, reviewing pull requests, documenting processes, and conducting the hiring that the growing team demands.\\]
Jarjoura identifies a specific failure mode at this transition that he calls the "oracle trap": the CTO, who built the original system and knows it best, spends most of their time answering questions rather than building systems that answer questions. Documentation is insufficient, knowledge is locked in one head, and every decision waits on the bottleneck.\\] Some early team members leave during this stage -- they joined a startup where they were part of everything, and now they are part of one thing. Nyblom normalises this: developers, like CTOs, have a preferred stage.\\]
**The Director** is where, in Nyblom's words, the largest shift in the CTO's journey takes place.\\] The company enters its growth phase. Linear growth becomes exponential. The CTO disconnects from code to focus on leading leaders -- not engineers, but the managers and team leads who manage engineers. Security, privacy, and compliance become real concerns; GDPR compliance, for instance, can no longer be skimmed over with a checkbox. Two paths emerge: if the CTO wants to stay close to technology, an R&D or exploration role; if more drawn to people and process, the business side of the organisation. It is common to bring in a VP of Engineering at this stage, and the timing of that hire matters enormously -- too early and the CTO loses ownership before the organisation needs the structure; too late and the CTO burns out trying to manage at a scale their methods cannot support.
The core problem is that the tools that used to work -- managing every situation directly, staying close to the code, making all the decisions -- no longer work. Communication silos form between teams. Processes, not code, need rework. A shift from tactics to strategy has to happen, and the CTO who resists it becomes the organisation's bottleneck at a scale where bottlenecks are fatal.\\]
**The Strategist** leads an engineering organisation of hundreds. Directors report to the CTO with their own budgets, targets, and hierarchies. The CTO's primary responsibility is ensuring technology strategy aligns with long-term business goals -- multi-year goals, not sprint goals. Build-versus-buy decisions at this scale mean acquiring companies, not choosing libraries.\\] The challenge is maintaining innovation pace as internal bureaucracy grows. Nyblom offers a blunt diagnostic: if a company employs a Head of Innovation, it signals that the CTO is the wrong person for the current stage.\\]
The model is a simplification. Real companies do not announce when they have crossed from one stage to the next. Revenue ranges overlap. Team sizes vary by industry -- a healthcare SaaS company at €10M ARR may have a much smaller engineering team than a consumer social product at the same revenue because the sales cycle, compliance burden, and customer concentration are different. But the simplification is useful precisely because most CTOs have no map at all. A rough map beats navigating blind.
## Not Every Path Goes Up
The stage model implies a progression: Coder to Manager to Director to Strategist, each a step on a ladder. Sergio Visinoni, a CTO practitioner, offers a correction.
Visinoni identifies five CTO archetypes, three of which map to Nyblom's stages: the Co-Founder CTO (roughly the Coder), the Scale-Up CTO (the Manager), and the Strategic CTO (spanning the Director and Strategist).\\] The common progression runs through those three. But Visinoni adds two archetypes that the stage model misses.
The first is the Tech Visionary CTO -- a role in which the CTO does not manage the engineering team at all. A VP of Engineering handles execution. The CTO leads a small team of skilled engineers focused on evaluating new technology, prototyping, and feeding the organisation with technical insight. This is not a failure to progress through the stages. It is a deliberate lateral move. It also requires high organisational maturity: egos, as Visinoni notes, can easily get in the way.\\]
The second is the CIO Disguised as CTO -- a role found in companies where technology is a support function rather than the core product. The CTO works mostly with vendors and integrators, builds little custom technology, and focuses on keeping costs low. This is less an archetype than a diagnostic: if the description fits your job, the problem may be the company's relationship with technology, not your capability.
The point is not that Visinoni's model is superior to Nyblom's. It is that the CTO path has legitimate branches. The ladder is real, but so are the side doors. Brockman's career -- as we are about to see -- is the clearest demonstration of what happens when a CTO is self-aware enough to take one.
## Brockman's Arc: Self-Awareness Over Progression
Greg Brockman joined Stripe in 2010, when the company had roughly five people. He designed the server architecture, built the credit card vault, and produced the internal abstractions that the company's early product ran on. He also -- organically, without planning it -- accumulated responsibilities that had nothing to do with code: recruiting, culture-building, making the company's first T-shirts. He described it later as having a strong vision of the environment he wanted to be part of, and being willing to do whatever was needed to create it.\\]
By 2013, the accumulation had become the job. He was spending his time on one-on-ones, recruiting, and organisational shaping. The Tuesday burnout cycle was the symptom, but the underlying condition was structural: the role he had grown into was, in all but name, the VP of Engineering role. He had not set out to become a people manager. The company's growth had drafted him into it.
He faced what he described as a choice between the technical route and the people route. His answer was candid: he had never found anything he loved more than writing code.\\] Rather than force himself into a role that drained him, he hired someone who wanted it. After 18 months of meeting professional managers, Brockman found Marc Hedlund, who went through a four-day interview process of back-to-back one-on-ones with all 25 engineers. Once Hedlund was in place, Brockman transferred his one-on-ones. Then recruiting. Then he looked at what was left and realised the role he had developed organically was almost entirely the standard VP Engineering role.\\]
The delegation itself taught him something. He identified two approaches that work: delegate completely, or stay involved in all the details for one area. What does not work is what he called "sparse micromanagement" -- jumping in to a random issue, overturning all the decisions, and then disappearing. That, he said, is universally the worst approach.\\] Sparse micromanagement is the default behaviour of a CTO who has delegated in theory but not in practice -- who has hired a VP of Engineering but cannot resist second-guessing. It corrodes trust faster than never delegating at all, because it is unpredictable. The team never knows which decisions are theirs and which will be reversed.
With management off his plate, Brockman expected a role vacuum. He went on what he called a "CTO vision quest," interviewing roughly 20 CTOs and VPs of Engineering about how they defined their jobs. He went in expecting every CTO to be the chief architect. To his surprise, he found only one who was. Everyone else saw themselves as facilitators of the technology organisation -- coordinators, connectors, enablers -- not the person writing the most important code.\\]
This finding challenged a deep assumption. The engineer who becomes CTO typically assumes that being CTO means being the best and most important engineer. The vision quest data said otherwise. For 19 out of 20 CTOs, the role was organisational, not architectural. The one exception proved that the architectural CTO exists -- but as a rare variant, not the default.
Brockman chose his own path anyway. He identified four ways to know what is happening in an engineering organisation: doing the work, talking to many people, observing the work, or planning the work. He realised he was doing none of them.\\] He chose the first. He went back to code.
The insight he drew from the experience became one of the most cited observations in CTO practitioner literature: "It's not about time management, it's about energy management. It's important to find activities that recharge you (independent of leverage) so that you have the energy to deal with the high-leverage draining stuff."\\]
In 2015, Brockman co-founded OpenAI. The genesis was a dinner in August 2015 -- Elon Musk, Sam Altman, Ilya Sutskever, Brockman, and others. The first office was Brockman's apartment. The team showed up on January 4, 2016.\\]
His initial role was instructive. He described it as doing whatever was needed to remove all non-research tasks from Sutskever's plate. When Sutskever and John Schulman needed a whiteboard, Brockman got them one. This was the Coder stage stripped to its essence -- not writing code yet, but clearing the path for the people who would. When engineering became a bottleneck on research, he and Sutskever swapped roles. Brockman went back to the code and built the Gym library, then Universe.\\]
At OpenAI, he found a repeatable pattern that had first emerged at Stripe: focus single-mindedly on the software, shut out all distractions, work from wake until sleep. He operated on a block-time basis -- a single meeting would kill productivity for an entire morning or afternoon. His rule: restrict meetings to early morning or after lunch, no more than three per day, no meeting blocks more than every other day.\\] This was not anti-social behaviour. It was a CTO who understood the stage he worked best in, designing his schedule to stay in it.
His closing line in the 2017 blog post that described this arc: "What my role will look like from here, I have yet to define fully. I'm too busy coding."\\]
The arc continued. In November 2023, the OpenAI board ousted Sam Altman; Brockman quit in solidarity; both were reinstated days later. In August 2024, Brockman took a sabbatical -- his first in nine years.\\] He returned in November 2024 as President, focused on key technical challenges, at a company now valued at $157 billion with 500 million weekly ChatGPT users.\\] \[REVIEW: Brockman's current role and OpenAI's valuation should be verified at time of publication -- the situation was volatile through 2024.\]
Mapped against Nyblom's stages, Brockman's trajectory is unusual. He moved from Coder (Stripe 2010--2013) to Manager (the Tuesday burnout period) to the threshold of Director (hiring the VP Engineering, doing the vision quest) -- and then deliberately reversed. He never fully entered the Strategist stage. At OpenAI, he returned to the Coder stage and did his most impactful work from there.\\]\\]
Paul Graham's 2024 essay "Founder Mode" -- which argued that conventional management wisdom pressures founders into delegating too much, too early -- maps onto Brockman's experience.\\] Brockman's Tuesday burnout was the failure mode Graham describes: a technical founder forced into full management mode by the sheer growth of the company. The VP Engineering hire was the correction -- not retreating from leadership, but finding the structure that let him lead from where he had the most impact.
But the neat version of this story -- "follow your energy, stay in the code" -- is too simple. Chad Dickerson, former CEO of Etsy, has argued that founder mode only works for an exceptional few with the right conditions, and that without those conditions it becomes an excuse for bad behaviour.\\] Noam Wasserman of Harvard has made the complementary point: founders who excelled at the early stages but lack what the next stage demands may be the ones who drive the company into the ground.\\] Brockman's return to code worked because he was self-aware about his strengths _and_ because he hired the right person to cover his gaps. Without Marc Hedlund, the story ends differently.
The lesson is not "stay in the code." The lesson is that the four-stage model is a map, not a mandate. Some CTOs will progress through every stage. Some will find their optimal stage and stay there. Some will oscillate. The variable that predicts success is not how far up the ladder you climb. It is whether you understand which stage you are in, which stage the company needs, and whether those two things match.
## The Transitions Kill More CTOs Than the Stages
CTO coach Viktor Nyblom reports that the transitions between stages are usually where his clients reach out to him -- not the stages themselves.\\] The data supports this. Adelina Chalmers, who has spent more than a decade helping startups secure investment, found that most founding CTOs are fired or moved sideways within three to five years.\\] The reasons are specific and consistent.
At the Coder-to-Manager transition, the failure is identity. The CTO cannot stop coding. They built the system, they know it best, and writing code still feels like the most valuable thing they can do. Jarjoura's oracle trap operates here: the CTO becomes the single point of knowledge, answering every question rather than building documentation and processes that distribute knowledge across the team.\\] Hiring is delayed because the CTO believes they can still do the work of two or three engineers. Delegation is resisted because -- as Brockman admitted -- engineers struggle to distinguish "not the way I'd do it" from "bad."\\]
At the Manager-to-Director transition, the failure is scale. The CTO is managing 50 people the way they managed 15 -- through direct relationships, individual one-on-ones, and personal involvement in technical decisions. Nyblom is precise: the tools that used to work no longer work.\\] The CTO needs to hire a VP of Engineering, build a management layer, and start leading through leaders rather than through individuals. Those who resist this transition become the organisational bottleneck at the exact moment the company can least afford one.
At the Director-to-Strategist transition, the failure is communication. This is where Chalmers' data cuts deepest. The founding CTOs who were replaced or sidelined were seen by their boards as arrogant, as alienating the board with jargon, as failing to talk about the business outcomes of technology, as telling the board "you have to trust me" without ever making a business case, and as consistently under-delivering with no explanation or mitigation plan.\\]
Cooke identified the same pattern from a different angle. He listed five failure modes facing later-stage CTOs: under-communicating technical challenges to non-technical colleagues, saying "no" too often, failing to transition to long-term planning, making poor senior hiring decisions, and failing to make effective use of their time.\\] He traced all five to two root causes.
The first: not knowing fellow leaders -- the CMO, the CRO, legal -- well enough to understand what they need. Cooke's recommendation was specific: meet with the CMO to support a conference, meet the CRO to understand the sales cycle, support legal on IP strategy. Build relationships with the management team as deliberately as you once built relationships with your engineering team.\\]
The second root cause is subtler and more consequential: misunderstanding the needs of the company as it scales. Board meetings shift from product and engineering to sales and marketing as revenue grows. CTOs who interpret that shift as marginalisation have misread the room. Cooke offered a framework that deserves attention: as you build a company, you are generating predictability where it did not exist. Predictable growth leads to predictable revenue, which leads to predictable sales, which leads to predictable product, which leads to predictable engineering, which leads to predictable hiring.\\] The board's attention follows the predictability frontier -- whichever function is the least predictable gets the most scrutiny. Early on, that is the product and the technology. Later, it is sales and go-to-market. The CTO who takes this personally -- who sees reduced board attention as reduced value -- has confused visibility with importance. Engineering is not less valued. It has become more predictable. That is a success, not a demotion.
The pattern across all three transitions is the same. The CTO optimised for the current stage's demands and did not see the next stage's demands approaching until they were already being evaluated against them. The transitions are not surprises -- they are triggered by company growth that is visible months in advance. But they require the CTO to do something that is genuinely hard: give up the skills that made them successful and invest in skills they have not yet proven they can develop.
The mechanism is worth naming precisely, because it explains why smart, capable people fail at transitions that look obvious in hindsight. At each stage, the CTO's value comes from a specific set of activities. At the Coder stage, value comes from writing code. At the Manager stage, from building and coordinating teams. At the Director stage, from setting strategy and hiring leaders. The activities that create value at each stage are not merely different from those at the previous stage -- they are often in direct tension with them. The CTO who continues to write code at the Manager stage is not just failing to manage; they are actively competing with their own team for the work the team was hired to do. The CTO who continues to manage individuals at the Director stage is not just failing to set strategy; they are undermining the managers they hired by refusing to let them manage.
Each transition, in other words, requires the CTO to stop doing the thing they are best at and start doing something they have never done. The identity cost is real. The competence cost is real. And the only way to learn the new skills is to practise them before they feel natural -- which means performing visibly worse at the new job than you were at the old one, for a period measured in months, while the company continues to grow and the board continues to evaluate.
[Chapter 10](10-business-acumen-gap.html) of this book examines the business acumen gap -- the communication failures that Chalmers documented -- in full. For now, the point is narrower. The stages are predictable. The transitions are predictable. The failure modes at each transition are predictable. What is not predictable is whether any given CTO will see the transition in time.
## Finding Yourself on the Map
The most useful thing this chapter can give you is a diagnostic. The stages are not abstractions -- they are observable conditions with specific indicators.
You are in the **Coder** stage if you write code most days, spending 70% or more of your time in the codebase. Your team is under 15 people. You are the primary decision-maker on stack, architecture, and technical direction. You handle customer support escalations personally. There are no engineering managers between you and the developers.
You are in the **Manager** stage if your coding time has dropped to somewhere between 10% and 40% and is still falling. Your team is 15 to 45 people, with sub-teams forming. You spend significant time on one-on-ones, hiring, and process. You review pull requests but cannot review all of them. Original team members may be feeling disconnected from the broadening organisation.
You are in the **Director** stage if you rarely write production code -- less than 10% of your time. Your team is 45 to 250 people. You manage managers, not individual contributors. You have hired or need to hire a VP of Engineering. Security, compliance, and cross-team communication are major concerns.
You are in the **Strategist** stage if you do not write code. Your organisation exceeds 250 people. You lead directors with their own budgets and hierarchies. Your decisions operate on multi-year time horizons. Your primary challenge is maintaining innovation pace against growing bureaucracy.
The transition warning signs are more diagnostic than the stages themselves:
* You are the bottleneck on every technical decision, and the team waits for your answers instead of finding them. _(Coder → Manager)_
* Your one-on-ones are burning you out -- you have your own version of Brockman's Tuesdays. _(Manager → Director)_
* The board does not understand what engineering is doing, and you have been told -- or suspect -- that you speak in jargon when you present. _(Director → Strategist)_
I have been in the Manager stage twice. The first time, I helped build Ready Set Rocket, a digital agency, from seven people to more than 50 -- the full arc from a team small enough to fit around one table to one large enough that sub-teams formed, process became necessary, and the people who had joined when everyone knew everything started to feel the distance. The second time is now, at CorralData, where I am CTO of a healthcare B2B SaaS company scaling through the early millions in ARR. The transitions were familiar the second time -- I recognised the oracle trap faster, knew earlier when to stop reviewing every pull request, felt the Manager-stage gravity pulling me away from code with less surprise. They were not painless. Recognition and pain are compatible.
I have also seen the later stages from the inside, though not from the CTO seat. At Codecademy, as an Engineering Manager, I watched the Director-stage challenges play out at close range: the shift from managing individuals to managing managers, the introduction of process that the early team resented, the growing gap between what the engineering organisation was doing and what the rest of the company understood about it. At the New York Times -- a 3,000-person company with an engineering organisation of 500 to 1,000 people -- I was a Senior Engineering Manager on the Storylines team. The Strategist stage at full scale looked different from anything the startup world prepares you for: multi-year planning horizons, budget politics, and an immense distance between strategic decisions at the top and the engineer's daily experience at the keyboard.
I have not held the CTO title at every stage. But I have been inside the building at each one -- not as an observer, but as someone whose work depended on understanding the stage the organisation was in. The model maps to real companies, with real friction at the boundaries.
The disorientation you feel -- if you feel it -- is not personal. The role changed. Not your competence. The job you were hired to do, or the job you assumed when you co-founded the company, has been quietly replaced by a different job with different success criteria. You are not bad at your job. Your job is new. And it will be new again in 18 months.
The stages are the map. But a map does not explain how you got to the trailhead. Most startup CTOs did not plan this career. There was no CTO track at university, no certification programme, no gradual apprenticeship. They were the best engineer -- or the only engineer -- and the title followed. The absence of preparation is not their personal failure. It is the universal condition. And what that accidental entry does to the person holding the title turns out to shape everything that follows.
## Frequently Asked Questions
1. _What does a startup CTO actually do?_
The startup CTO role is really four different jobs compressed into a few years -- Coder, Manager, Director, and Strategist. In the earliest stage, you write most of the code. As the company grows, your job shifts to building teams, then leading leaders, and finally setting multi-year technology strategy. What kills most CTOs is not any single stage but the transitions between them.
2. _How does the CTO role change as a startup grows?_
At a startup with fewer than 15 people, the CTO spends 70% or more of their time coding. By the time the company reaches 45 employees, coding drops to under 10%. At 250-plus employees, the CTO writes no production code at all. Each stage demands entirely different skills -- the technical excellence that made you successful early on must be gradually replaced by people management, strategic thinking, and business communication.
3. _What are the four stages of a startup CTO?_
The four stages are Coder (1-15 employees, building the product hands-on), Manager (15-45 employees, building and coordinating the team), Director (45-250 employees, leading leaders and setting strategy), and Strategist (250-plus employees, multi-year vision and board-level leadership). Each stage has a distinct failure mode, and the transitions between stages are where most CTOs struggle or get replaced.
4. _Why do most startup CTOs get replaced?_
Most founding CTOs are fired or moved sideways within three to five years -- not because they lack technical skill, but because they fail to navigate the transitions between stages. Common reasons include inability to stop coding and start delegating, speaking in technical jargon to the board instead of business outcomes, and managing 50 people the same way they managed 15\. The gap is in business fluency and leadership adaptation, not engineering ability.
5. _What skills does a startup CTO need?_
The required skills evolve dramatically with each stage. Early on, you need deep technical ability and speed of execution. As you grow, you need hiring judgment, team-building, process design, and delegation. At the Director and Strategist stages, you need strategic thinking, board communication, vendor management, and the ability to translate technology decisions into business language. The CTO who tries to succeed with only technical skills will hit a ceiling.
## References
. Brockman, G. (2014, October 27). #define CTO. blog.gregbrockman.com.
. Cooke, E. (2024, March 6). This is how effective CTOs embrace change. First Round Review.
. Jarjoura, D. (2021). The startup CTO growth cycle. The Unicorn CTO.
. Vogels, W. (2007, July 11). The different CTO roles. All Things Distributed.
. Berray, T., & Sampath, R. (2002). The role of the CTO: 4 models. Brixton Spa.
. Nyblom, V. (2023, March 22). The four stages of a startup CTO. nyblom.io.
. Kravcenko, V. (2023, July 21). What does a CTO actually do? vadimkravcenko.com.
. Visinoni, S. (2024, February 21). The 5 archetypes of CTOs. Sudo Make Me a CTO.
. Brockman, G. (2017, January 9). #define CTO OpenAI. blog.gregbrockman.com.
. TechCrunch. (2024, August 6). OpenAI co-founder Schulman leaves for Anthropic, Brockman takes extended leave.
. CNBC. (2024, November 12). OpenAI co-founder Greg Brockman returns after three months of leave.
. Graham, P. (2024, September). Founder mode. paulgraham.com.
. Graham (2024); multiple commentators quoted in responses to "Founder Mode." Chad Dickerson and Noam Wasserman critiques cited in the essay's subsequent discussion. \\\[REVIEW: These critiques were widely reported but should be verified against primary sources -- Dickerson's and Wasserman's original statements should be located and cited directly.\]
. Chalmers, A. (2024, July 3). Most founding CTOs are fired or moved sideways within 3--5 years. Here's why! Medium.
Chapter 2: CTO by Accident
====================
may my mind stroll about hungry
and fearless and thirsty and supple
and even if it's sunday may i be wrong
for whenever men are right they are not young
-- e e cummings
may my heart always be open to little
Key Takeaways
* Almost nobody sets out to become a startup CTO. The three paths -- co-founder default, battlefield promotion, and growth overtaking -- all share one thing: no preparation and no training for what comes next.
* Becoming CTO is not a promotion; it is a career change. The skills that made you the best engineer on the team are largely irrelevant to the job you now hold.
* The startup CTO demographic -- 92 percent male, 76 percent white -- is not just an equity problem. It is a talent problem, because the narrower the pipeline, the weaker the average.
* Isolation begins on day one. You are no longer fully an engineer, not yet fully an executive, and there is no peer group waiting for you on either side of that bridge.
Vadim Kravcenko was a senior software engineer at a small Swiss startup when the Head of Development had a disagreement with management and left. Kravcenko pushed hard for the role -- five long meetings to convince the leadership team he could handle it. He got the title. And then: "I felt out of place and didn't really know what to do, as I was always a dev, so it took me quite a bit of time to really understand what I needed to be doing."\\]
David Mack, co-founder and CTO of SketchDeck, a Y Combinator-backed startup, describes the same disorientation from the other direction -- not a battlefield promotion but a founding role that nobody defined. "Founding a startup is an upside-down version of traditional employment," Mack writes. "Initially you've no idea if the company will take off nor if it'll ever turn into a full-time job, then as it grows you keep on being thrust into new and different jobs. You can accumulate responsibility faster than you can learn how to harness it."\\]
These two accounts -- the developer promoted into the CTO chair overnight, and the founder who drifted into the role as the company grew around them -- represent the two most common paths to the startup CTO title. Neither involves preparation. Neither involves training. Neither involves a moment where someone sits the new CTO down and explains what the job actually is.
This chapter is about that absence -- the fact that almost nobody who holds the CTO title at a startup was ready for it, and that this is not a personal failing but the universal condition of the role.
## Three Paths, No Map
The research reveals three distinct ways people become startup CTOs. None of them involves applying for the job.
The first is **co-founder default**. The startup has two founders: one who handles the business, one who handles the technology. The business founder becomes the CEO. The technical founder becomes the CTO. The decision is made in a conversation that takes less time than most architecture reviews. Stephan Schmidt, who has coached more than 80 CTOs, calls this "often the worst way to move forward."\\] His reasoning: "The role of the CTO changes a lot over a short amount of time. From an individual contributor writing code, to a DevOps person, to a process person, to a hiring manager, to a manager of managers -- often the first one in the company, with no guidance and help, to a strategy person in the first twenty months. The chance that your first hire can make the journey is slim -- and the decision to make that hire CTO feels random."\\] Schmidt adds the practical warning: "Giving a title is easy, taking the title away is difficult. Giving a child a lollipop is easy, taking it away is impossible without drama. Same here."\\]
The second path is **battlefield promotion**. The previous technical leader departs -- through burnout, co-founder conflict, or a better offer -- and the most senior remaining engineer steps up. Kravcenko's experience is the archetype. One day he was writing code and submitting pull requests. The next, he was responsible for the team, the architecture, the hiring, and the relationship with the CEO. "Sadly you will not be able to work alone anymore," Kravcenko reflects. "The whole workflow of getting a task, doing the task, submitting the job for review without zero human interaction is gone."\\] The stress, he discovered, was categorically different from anything he had experienced as a developer: "If you think you had stress when you couldn't fix a bug or couldn't finish enough tasks during a sprint, think again. Now you will be the shield for your developers, so everything negative to your team will go to you."\\]
The third path is **growth overtaking**. The CTO did not change. The company did. Mack describes this trajectory: the startup grows, the team grows, and the CTO who was effective at five people discovers that the job at fifteen people is a different job -- one that involves hiring, firing, process design, and people management rather than code. "Stepping aside from pure technical decisions, the life-blood of being a CTO is people management," Mack writes. "The majority of your day-to-day will be managing, leading, hiring and firing people. I've had to learn all of this on the way and it certainly could have been smoother."\\]
CTO Academy, a training organisation founded to address the preparation gap, identifies two archetypes of the accidental CTO: "the tech founder of a fast growth start-up who quickly finds that growth is outsprinting his or her skill set" and "the senior developer who has been rapidly promoted ahead of schedule but without the necessary rounded skills to cope."\\] The common thread: "They can feel out of their depth and the imposter syndrome looms large as they're suddenly in the spotlight."\\]
Mostafa Khattab, who was rapidly promoted to CTO at Wakecap Technologies in Dubai, kept a diary of the experience. His account captures the psychological weight that arrives with the title: "The real psychological impact was knowing that now I was responsible for everything and of course, I was also now responsible for everyone in these technical teams." His response was the one that most accidental CTOs default to: "I worked all the day and night, a big mistake, I was leading by day and coding by night which was the cause of mistakes and a real strain on my mental and physical health."\\] The pattern -- attempting to do the old job and the new job simultaneously, sleeping less rather than delegating more -- is the accidental CTO's first and most dangerous instinct. It works for weeks. It fails within months.
Kravcenko identifies the specific habit that the new CTO must break: "Desire to do everything yourself. Of course, you can do it better. Of course, you can do it faster. But your time is limited, and other more critical tasks at hand need to be prioritized."\\] The engineer's core strength -- the ability to solve problems personally, by writing the code -- becomes the CTO's core liability. Every hour the CTO spends solving a technical problem is an hour not spent on the activities that only the CTO can perform: hiring, communicating with the CEO, designing the team structure, and making the architectural decisions that will constrain the system for years.
| | AUTHOR: Your path to CTO at CorralData -- which of the three patterns does it most resemble? Was the title part of the founding agreement, or did it emerge as the company grew? What was the moment you realised the job was different from what you expected? |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## No Training, No Precedent
When Andy Skipper founded CTO Craft in 2017, he began by interviewing CTOs about their experience entering the role. "Speaking to several members of the forum about their experience as new CTOs, it's no surprise that almost all felt thrown in at the deep end and were given responsibility for anything and everything -- even things they weren't good at."\\] When he asked how much formal training they had received, "the resounding answer was none."\\]
The practitioners Skipper interviewed confirmed the pattern independently. Harel Malka, founder of Glow Digital Media, described the CTO transition as "a rollercoaster of a learning curve -- mainly, letting go, delegating and understanding that the CTO role can be like the three blind men feeling an elephant story -- everybody sees things differently." Alistair Stead, CTO of Kamet, said he needed "a framework of support to help me identify the places to focus my efforts and show progress."\\] Marcus O'Connell, a freelance CTO, wanted "guidance and discussion on relevant best practices for technical leadership and development processes, perhaps access to other experienced CTOs to discuss ideas with."\\] Each was describing the same void from a different angle: there was no map, no curriculum, and no community.
The answer should not be surprising, but consider what it means. The CFO has accounting credentials. The CMO has a marketing background. The General Counsel passed the bar. The CTO -- the person responsible for the technology that the entire business depends on, the team that builds it, and the architecture that constrains its future -- has no equivalent qualification, no standard curriculum, and no professional body that certifies readiness. The CTO arrives in the role with whatever they happened to learn as an engineer, and discovers on the job that engineering was the smallest part of what the role demands.
Will Larson, who has held engineering leadership roles at Digg, Uber, Stripe, Calm, and Carta, names the systemic problem: "Software engineering management, particularly in Silicon Valley, is exceptional for how inexperienced the typical manager is, and how little training we provide for this critical role."\\] His own experience was representative: "I first started managing in a vacuum, quickly becoming the only engineering manager in a struggling startup, and making it up as I went. I was a terrible manager, and I'm grateful for the folks who put up with me during that period."\\]
Camille Fournier, former CTO of Rent the Runway, frames the gap as a definitional problem. "The challenge with defining CTO is that if you look across the folks who hold that title you will see many different manifestations. Some are the technical cofounders. Others were the best of the early engineers. Some focus on the people and processes of engineering. Others focus on the technical architecture, or the product roadmap. Some CTOs have no direct reports, others manage the entire engineering organization."\\] The role has no standard definition because it has no standard preparation. Each CTO invents the job from scratch, inheriting whatever the previous occupant left behind -- or, more commonly, starting with a blank page.
Fournier's most important insight for this chapter: "CTO is not an engineering role. CTO is not the top of the technical ladder, it is not the natural progression for engineers over the course of their careers to strive to achieve."\\] The engineer who becomes CTO has not been promoted. They have changed careers -- from building systems to leading an organisation that builds systems. Schmidt puts it with characteristic directness: "This isn't a promotion -- it's a career change."\\]
Larson, writing the preface to his 2024 book _The Engineering Executive's Primer_, identifies the specific moment when the training gap becomes most acute: "As an engineering manager, you almost always have someone in your company to turn to for advice: a peer on another team, your manager, or even the head of engineering. But who do you turn to if you're the head of engineering?"\\] The question is not rhetorical. The CTO who has a problem with no obvious solution -- a failing architecture, a co-founder conflict, a team that is not shipping -- has no internal escalation path. The CEO does not understand the technical dimension. The board does not understand the day-to-day reality. The engineering team cannot be told that their leader is unsure. The CTO is, for the first time in their career, truly alone with the problem.
Kravcenko captures what the career change feels like from the inside: "As a software engineer, I imagine you were never taught the art of taking things under control and delivering a product, at least I didn't learn this at university. It was mostly about bits and bytes and writing assembly by hand."\\] His solution -- the same solution that every accidental CTO discovers -- was to learn on the fly: "Most of the stuff in the series comes from my personal encounters with the issues described. I had to learn things on the fly."\\]
| | AUTHOR: Your preparation -- or lack of it. Did your AI background at Manchester prepare you for the CTO role, or did it prepare you for a different job entirely? What was the biggest gap between what you knew and what the role required? |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Who Holds This Job
The CTO population is narrow in ways that matter for both the reader and the industry.
Zippia's analysis of more than 8,600 CTO profiles in the United States finds that 92% are men and 76% are white, with an average age of 51 at established companies.\\] At startups and scale-ups, the population skews younger -- CTO Craft's 2023 survey of 600 global engineering leaders found 55% aged 36 to 45, with 23% aged 46 to 55.\\] Korn Ferry's analysis of the top 1,000 US companies found that women hold fewer than one in five CIO or CTO roles.\\] At European venture-backed startups, the numbers are starker: a 2018 Atomico study found just one female CTO out of 175 at VC-backed European tech companies.\\]
These numbers describe a population that is overwhelmingly white, male, and in their late thirties to mid-forties. They do not describe a population that should be overwhelmingly white, male, and in their late thirties to mid-forties. The CTO Craft 2024 compensation survey reveals one consequence of this narrowness: male CTOs received 2.3 times the equity cash value of female CTOs -- a gap that compounds over the lifetime of a startup.\\] The EEOC's 2024 analysis of the high-tech workforce found that the representation of Black workers at 7.4% was "virtually unchanged from 2005 to 2022."\\] The pipeline is not fixing itself.
The gap between who holds the CTO title and who could hold the CTO title is one of the industry's most consequential structural failures -- and the "accidental CTO" pattern is part of the mechanism. When the CTO is chosen by default (the most technical co-founder), by battlefield promotion (the most senior remaining engineer), or by growth overtaking (the person who was already there), the selection criteria are proximity and seniority, not capability. The people with proximity and seniority in most tech companies are, overwhelmingly, white men. The path to the CTO role was never designed. It was inherited -- and the inheritance reflects the demographics of who was already in the room.
The educational profile reinforces the pattern. Zippia finds that 64% of CTOs hold a bachelor's degree and 21% a master's -- but the Stack Overflow Developer Survey shows that 49% of developers learned to code at school, while 82% rely on online resources.\\] The CTO role requires skills -- people management, board communication, financial literacy, organisational design -- that are not taught in computer science programmes and are rarely acquired through self-directed online learning. The accidental CTO is not just unprepared for the role. They are unprepared in ways that their education and career path did not equip them to recognise.
The reader of this book is statistically likely to fit the demographic profile described above. The responsibility that comes with fitting the profile is to recognise it as a structural artefact, not a meritocratic outcome -- and to build a team and a culture, as [Chapter 11](11-building-engineering-team.html) will describe, that does not reproduce the same pattern.
| | AUTHOR: Your perspective on the demographics of the CTO role -- as someone who studied AI at Manchester and came to the role through journalism-adjacent data work and startup experience. Does the demographic profile match your experience of the CTO community? What does the narrowness of the population mean for the healthcare vertical specifically? |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## Before You Sign
The moment before you accept the CTO role is the moment of maximum leverage. Every term you fail to negotiate now becomes a term you will wish you had negotiated when the relationship changes -- when the VPE is hired above you, when the board composition shifts, when the company is acquired and your unvested equity is on the table.
The first principle is non-negotiable: the company's lawyer is not your lawyer. José Ancer, a startup attorney, states it with an analogy that should end the discussion: "The family therapist does not represent one spouse or the other. She represents the family, as an entity." The company's counsel represents the entity -- the corporation -- not the founders as individuals.\\] Naval Ravikant, founder of AngelList, is blunter: "Don't just go with the lawyer that the VCs insist upon. These lawyers will work with the VC on a hundred financings and with you on only one."\\] Hire your own employment attorney. The cost to review a startup employment agreement or offer letter is typically $750 to $1,250 for a flat-fee review, rising to $3,000--$5,000 if negotiation support is required.\\] This is the best investment you will make in the entire role.
What to negotiate depends on whether you are a co-founder or a hired CTO. The structures are different and the leverage is different.
For the **co-founding CTO**: the equity split is the first conversation. Y Combinator's advice is that equal splits are usually the right answer: "This is a case where the simple solution -- to just split it equally -- is probably the best one." Michael Seibel adds the diagnostic: "If you aren't willing to give your partner an equal share, then perhaps you are choosing the wrong partner."\\] Wasserman's research shows that 73% of founding teams set the equity split within a month, most of them permanently -- and premature splits are among the most common and most consequential mistakes founders make, because they "tend to plan for the best that can happen" and assume early commitment levels will persist.\\] Beyond the split: establish a founders' agreement that covers reverse vesting (four-year, one-year cliff is standard), IP assignment, decision-making authority, a conflict resolution mechanism, and termination provisions. The UPenn Law Entrepreneurship Clinic provides a free annotated template that covers all of these.\\] Do not skip the conflict resolution clause. You will need it.
For the **hired CTO**: think in percentages, not share counts. Mary Russell of Stock Option Counsel advises: "Think of yourself as a late-stage founder and negotiate for a specific percentage ownership in the company."\\] Appendix C provides the benchmarks: a hired CTO at Series A typically receives approximately 1.0% (Index Ventures data), with a four-year vesting schedule and one-year cliff. The critical negotiation points beyond the equity number are: double-trigger acceleration (partial or full vesting if the company is acquired and you are subsequently terminated -- investors prefer double-trigger over single-trigger, so push for it early); an extended post-termination exercise period for vested options (the standard 90 days is insufficient for ISOs with AMT exposure; negotiate for 12 months or longer); severance terms (six to twelve months of salary and benefits, triggered by termination without cause or constructive dismissal); and the scope of any non-compete and non-solicitation clauses.\\]
For both: negotiate the title-authority gap. The CTO title without authority over technical decisions, hiring, and architecture is a title without a function. Define in writing -- in the offer letter, the employment agreement, or the founders' agreement -- what decisions the CTO owns, what budget authority they hold, and what their reporting relationship is. The CTO who accepts a title on a handshake and discovers six months later that the CEO makes all technical decisions has accepted a role that does not exist.
Vadim Kravcenko, who writes the "No-Bullshit CTO Guide," provides the equity benchmarks for the gap between the two scenarios: a CTO working for no salary should expect 25--35% (co-founder level); a CTO at full salary, up to 5%; a CTO at 50% salary, between 7% and 15%.\\] The numbers scale with risk. The CTO who takes below-market compensation is making an investment, and should understand the implied value of that investment using the framework in Appendix C.
| | AUTHOR: What you negotiated when you joined CorralData -- or what you wish you had negotiated. The reader who is about to accept a CTO role for the first time needs to hear from someone who has done it, including the things you got wrong. If there were terms you did not negotiate that you later wished you had, those are the most valuable sentences in this section. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Loneliness Starts Here
Schmidt, writing from his experience coaching CTOs, identifies a feature of the accidental CTO's experience that most guides overlook: the isolation begins immediately. "Nobody talks about CTO loneliness," he writes. "\`It's not in the job description. It's not in the leadership books. But when I coach CTOs, it comes up constantly. Not in the first session. Usually by the third or fourth, when trust is built. 'I feel completely alone in this.'\`"\\]
The loneliness is structural, not personal. Schmidt traces its mechanics: "Before being a CTO, they could talk to peers about their problems, they could bubble up problems they could not solve to their boss. The CTO is the first position they could get fired because the CEO just lost trust -- not because of their performance. Political games set in -- and you're alone."\\] The engineer who became CTO has lost their peer group (they now manage their former peers), lost their escalation path (there is no one above them to absorb technical problems), and gained a set of concerns -- about the business, about the board, about the co-founder relationship -- that they cannot share with their team without creating anxiety.
Schmidt's formulation captures the paradox: "You speak a different language. Half your job is translation. Explaining technical reality to people who don't want to hear it. Explaining business constraints to engineers who think product is the enemy. You're the bridge. Bridges are lonely places."\\] The imposter syndrome, he notes, is a rational response to the situation: "Most CTOs got here through technical excellence. Now you're doing a job you were never trained for. Managing people, navigating politics, presenting to boards. Every day feels like a test you didn't study for. And you can't admit it."\\]
[Chapter 15](15-cto-burnout-isolation.html) will address the loneliness and burnout dimensions in depth. Here, the point is simpler: the isolation is not a sign that the CTO is doing something wrong. It is a structural feature of a role that sits at the intersection of technical, business, and people challenges with no natural peer group inside the company. Knowing this from the beginning -- naming it before it becomes a crisis -- is the first act of self-preservation.
Schmidt describes the feedback loop that connects isolation to burnout: "It starts with overwhelm. Too many decisions, too many people, too many fires. You work longer hours to keep up. The longer hours cut into relationships. Fewer relationships means less support. Less support means more stress. More stress means more burnout. The cycle accelerates."\\] His warning: "Most CTOs who burn out don't see it coming. They're too busy coping to notice the pattern."\\]
Schmidt's own path into the CTO role illustrates the absurdity of how the title is often acquired. "I started in the 90s in an internet startup as a developer. After some time, my boss told me to hire more students -- so I became a manager. When I had to go to a trade fair and talk to Oracle and IBM, I asked my boss for a business card to look more professional, and a job title. He told me to choose one."\\] The accidental CTO is not a modern phenomenon. It is as old as the startup itself.
| | AUTHOR: Your experience of isolation in the role -- even briefly. Did it arrive immediately or build over time? Is the "bridge" metaphor accurate to your experience of translating between the technical and business dimensions at CorralData? |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
The accidental CTO is the norm, not the exception. The person who arrives in the role prepared -- with management training, leadership experience, a clear understanding of the job's scope, and a peer network to draw on -- is the rarity. The rest of us learn on the fly, making mistakes that feel personal but are structural, experiencing isolation that feels unique but is universal, and carrying a title that describes a job nobody fully defined before handing it to us.
This book is the playbook that does not exist. [Chapter 1](1-four-stages-cto-evolution.html) provided the map -- the four stages of the CTO's evolution. This chapter has named the starting condition: you are here, you were not ready, and almost nobody else was either. [Chapter 3](3-ceo-cto-relationship.html) addresses the first and most consequential challenge of the role: the relationship with the person who gave you the title.
## Frequently Asked Questions
1. _How do people become startup CTOs?_
Most startup CTOs arrive through one of three paths -- co-founder default (you were the technical one), battlefield promotion (the company grew and you were the most senior engineer), or growth overtaking (you joined as a developer and the startup expanded around you). Formal preparation for the role is extremely rare. The accidental CTO is the norm, not the exception.
2. _What is an accidental CTO?_
An accidental CTO is someone who received the title without formal leadership training or deliberate career planning for the role. They were typically the best or only engineer at a startup, and the title followed the responsibility. This is the overwhelmingly common origin story -- most CTOs did not set out to become CTOs, and the absence of preparation is the universal condition, not a personal failing.
3. _Do you need a computer science degree to be a CTO?_
No. While many CTOs have technical degrees, what matters far more is adaptability, willingness to learn beyond engineering, and the ability to grow with the company. The CTO role demands skills -- people management, business communication, strategic thinking -- that no computer science programme teaches. Self-taught developers, bootcamp graduates, and career-changers have all become successful CTOs.
4. _What is the typical background of a startup CTO?_
The typical startup CTO was a senior engineer or technical co-founder who got the title because they were the most technical person in the room when the company was small. They usually have strong hands-on engineering skills but limited formal management or leadership training. The role finds them rather than the reverse, and their first year as CTO is spent learning a job nobody fully defined before handing it to them.
5. _Can a software engineer become a CTO?_
Yes -- in fact, most startup CTOs were software engineers first. The challenge is not the starting point but the growth required. Moving from engineer to CTO means developing skills in hiring, team management, business communication, board presentations, and strategic planning. The engineers who make the transition successfully are those who recognise early that the CTO role is a leadership position that happens to require technical knowledge, not a senior engineering position with a better title.
## References
. Kravcenko, V. (2024, April 27). How to become a CTO: Clear career path and tips \\\[Q&A\]. _vadimkravcenko.com_.
. Mack, D. (2018, February 13). What I wish I knew when I became CTO. _SketchDeck Developer Blog_ (Medium). -- Mack was co-founder and CTO of SketchDeck (YC W14).
. Schmidt, S. (2024, May 13). Startup CTO hiring: 8 better options than promoting devs. _AmazingCTO_. -- Schmidt is a 3x founder, former CTO of brands4friends (eBay subsidiary), and has coached 80+ CTOs.
. Kravcenko, V. (2018; updated 2023, May 7). Lessons learned from becoming CTO of a small startup. _vadimkravcenko.com_.
. CTO Academy. What is an accidental CTO? -- See also: Are you an accidental CTO?
. Khattab, M. (2020, July). Diary of an accidental CTO, Part 2\. _CTO Academy_. -- Khattab was CTO at Wakecap Technologies, Dubai.
. Skipper, A. (2017, June 22). Introducing CTO Craft: A nudge in the right direction for tech leaders. _CTO Craft_ (Medium). -- Skipper is former CTO of Comic Relief and founding CTO of Made.com.
. Larson, W. (2018, July 1). My rails for engineering leadership. _Irrational Exuberance_ (lethain.com). -- See also Larson, W. (2024). _The Engineering Executive's Primer_. O'Reilly Media.
. Fournier, C. (2015, February 8). On the role of CTO. _Elided Branches_. -- Fournier was CTO of Rent the Runway. See also Fournier, C. (2017). _The Manager's Path_. O'Reilly Media.
. Schmidt, S. First-time CTO: Survival guide for new CTOs. _AmazingCTO_.
. Kravcenko, V. (2022, June 4; updated 2024, July 10). No bullsh_t CTO / tech lead guide._ vadimkravcenko.com\*.
. Zippia. Chief technology officer demographics and statistics \\\[2026\]. -- Based on analysis of 8,676+ CTO resumes, cross-referenced with BLS and Census data.
. CTO Craft / Albany Partners. (2023). Compensation survey. -- n=600 global engineering leaders. Atomico finding cited within. See also CTO Craft 2024 survey:
. Korn Ferry analysis, reported by CIO Dive. (2024, February 14). Women hold fewer than 1 in 5 CIO, CTO roles.
. U.S. Equal Employment Opportunity Commission. (2024). Diversity in high tech. -- Based on mandatory EEO-1 employer reports.
. Stack Overflow. (2024). Developer survey -- Developer profile. -- 65,000+ respondents from 185 countries.
. Ancer, J. (2015, July 18). A startup lawyer is not a founder's lawyer. _Silicon Hills Lawyer_.
. Ravikant, N. Cited in Ancer (2015). See also Westaway, K.: "The startup's lawyer is not your lawyer."
. Bosin, A. S. (NJ/NY startup employment attorney). Flat-fee review $750--$1,250\. See also ContractsCounsel: complex/executive reviews $1,000--$5,000+.
. Y Combinator. How to split equity among co-founders. _YC Startup Library_. -- See also Seibel, M. Co-founder equity mistakes to avoid.
. Wasserman, N. (2012). _The Founder's Dilemmas_. Princeton University Press. 73% of founding teams set equity splits within one month. See also Startup Lessons Learned:
. UPenn Law Entrepreneurship Clinic. Annotated founders' agreement template.
. Russell, M. Stock Option Counsel P.C. Joining an early-stage startup: negotiate your equity wisely.
. Cooley GO. Single and double trigger acceleration. -- See also Morrison & Foerster ScaleUp on acceleration terms:
. Kravcenko, V. How much equity should a CTO ask for? _vadimkravcenko.com_.
. Schmidt, S. (\~2024). CTO loneliness: Why tech leaders suffer in silence. _AmazingCTO_.
Chapter 3: The Relationship That Defines Everything
====================
> All happy families are alike; each unhappy family is unhappy in its own way.
-- Leo Tolstoy
Anna Karenina, 1878
Key Takeaways
* The CEO-CTO relationship is built on three structural tensions -- mismatched expectations, power asymmetry, and the risk of becoming a mere implementation arm -- and ignoring any one of them will eventually destroy the partnership.
* The most useful CTO response to an unreasonable request is not "no" but "Here is what that would take -- what do you think?" It reframes the conversation from opposition to shared problem-solving.
* Disagree and commit is not compliance; it is a discipline. You argue your position fully, and then if the decision goes the other way, you execute as though it were your own idea -- because to your team, it is.
* The founder relationship needs its own recurring maintenance. A sixty-to-ninety-minute weekly sync focused on the relationship itself -- not the roadmap -- is the single highest-leverage meeting on your calendar.
Garry Tan, now president of Y Combinator, published an essay in 2017 that began with a description most founding CTOs will recognise but few will admit to: "Here's how it felt in the weeks before I resigned from my last startup: I couldn't sleep. I couldn't eat. Resting pulse at 120\. I had reached a point where I couldn't agree with my co-founder over the future of the company. I had to step away from the startup that I shed blood sweat and tears over for years."\\]
Tan's essay was the first time he had spoken publicly about the co-founder breakup at Posterous, the company he co-founded and where he served as technical lead. The conflict was not about code, or architecture, or technical decisions. It was about the relationship between two people who started a company together and discovered, under pressure, that they could not resolve their disagreements. "I learned the hard way," Tan wrote, "that if you haven't prepared for conflict in your co-founder relationship, you'll be at each other's throats right at the moment when you most need to be working well together."\\]
This chapter is about the CEO-CTO relationship -- the single most consequential dynamic in the startup. It fails more often than any technical system, it is harder to debug, and its failure modes are more predictable than most CTOs realise. The purpose is not to make the reader paranoid about their co-founder. It is to make them literate in the structural tensions that the relationship produces, so that when those tensions surface -- and they will -- the CTO has a framework for navigating them rather than being destroyed by them.
## The Structural Tensions
Adelina Chalmers, a consultant who coaches CTOs and advises boards under the name "The Geek Whisperer," has spent more than a decade studying why founding CTOs get fired. Her conclusion, drawn from working with dozens of CTOs and interviewing their investors, is consistent and specific: "CTOs got fired: 30% because they were NOT strategic. 70% because they could NOT communicate with the board and other non-technical stakeholders. 100% did NOT get fired because of their technical skills."\\]
The failure modes she identifies are not personality flaws. They are communication patterns that emerge when a technically oriented person is placed in a business relationship without preparation for the translation work it requires. The CTOs who were fired were seen as "\`arrogant -- showing disdain towards board and ELT members who were non-technical; alienating the board with geek speak; not talking about the business outcomes of tech; and saying to the board things like 'You have to trust me' without ever making a business case.\`"\\] [Chapter 10](10-business-acumen-gap.html) will address the communication skills in depth. Here, the concern is the relationship dimension -- how these patterns develop between the CTO and the CEO specifically, and why they are structural rather than personal.
The CEO-CTO relationship contains at least three built-in tensions that do not require anyone to behave badly to produce conflict.
The first is the **expectations mismatch**. Fred Wilson, co-founder of Union Square Ventures, describes the standard startup trajectory: "The ideal web/mobile startup will have a CEO/founder who will also wear the VP Product hat. It will have a technical co-founder who will wear both the CTO and VP Eng hats."\\] In the early days, this works. The technical co-founder builds the product, manages the small team, and makes the architectural decisions. But as the company grows, the role splits -- and the split reveals a mismatch that was invisible when one person was doing everything. Wilson's observation is direct: "It is very rare to find a person who can do both the VP Eng and CTO jobs at the same time. They require very different skills and very different time allocations."\\]
Mark Suster, a venture capitalist who was twice a startup founder, identifies the CEO's contribution to this mismatch: "The problem that many inexperienced startup CEO's make is confusing these people for the people who lead the technology team. Most often they are not. Your deepest thinkers on technology architecture are seldom good team leaders."\\] The CEO who expects the CTO to be both the visionary architect and the day-to-day engineering manager is setting up a conflict that will surface when one of those functions starts failing -- which it inevitably will, because they require fundamentally different skills and fundamentally different uses of time. Suster's formulation is blunt: "CTO's max out at about 3 direct reports. Remember, management is often a hassle for CTO's, not a sign that you respect them by giving them people who report to them."\\]
The second tension is **power asymmetry**. Chalmers captures this with a diagnostic that should make every CTO uncomfortable: "\`If your CTO gets 5 minutes to give the 'tech update' at SLT that everyone glazes over, yet you spend 1+ hours on other things from other departments, you don't have a CTO.\`"\\] The technical co-founder who holds the CTO title but is treated as a senior developer -- consulted on implementation but excluded from strategy -- is experiencing a power imbalance that will produce resentment, withdrawal, or both. Camille Fournier, former CTO of Rent the Runway, names the structural version of this problem: "The CTO who does not also have the authority of management must be able to get things done purely by influencing the organization. If the managers won't actually give people and time to work on the areas that the CTO believes are important, the CTO is rendered effectively powerless."\\]
The third tension is **the implementation-arm dynamic** -- the CEO who goes directly to engineers with pet projects, bypassing the CTO entirely. Chalmers documents this as the single most common way founders sabotage their own engineering organisations: "A CEO or COO or some co-founder goes directly to an engineer or a specific group of engineers with a pet project and asks them to drop everything and work on this now. They cut across everyone and everything -- the CTO or VP Engineering is not informed and the founder basically ignores all processes, rules or hierarchies involved."\\] The CEO who does this is not being malicious. They are reverting to the behaviour that worked when the company was five people and the fastest way to get something done was to ask an engineer directly. The behaviour that scales at five people becomes organisational sabotage at fifty.
| | AUTHOR: Your experience of these three tensions at CorralData -- the expectations mismatch, the power dynamic, and the implementation-arm problem. Which has been most visible? How did you recognise it? The reader at your stage needs to see the tensions named in a specific, current context. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## What Co-Founders Actually Fight About
Esther Perel, the therapist and relationship expert who has worked extensively with co-founding pairs, identifies three hidden categories beneath most co-founder fights: power and control, care and closeness, and respect and recognition. The surface argument -- about a feature priority, a hiring decision, a strategic direction -- is rarely about the thing itself. It is about one of these underlying dynamics.\\]
The power dimension manifests as: "Technical and non-technical co-founders argue over who is more essential to the company. Whether it's the engineer building the product or the sales and marketing whiz running the business, these discussions about who's working harder or adding more value often boil down to a question of who needs who more."\\] The CTO who feels that the CEO could not function without the technology -- and who resents that this dependency is not acknowledged -- is operating in the power dimension.
The care dimension manifests as exclusion. Perel's diagnostic question cuts to the heart of it: "I often ask co-founders this telling question: What hurts you more? The fact that they did it in the first place -- or that they did it without you? The former is an issue of power, the latter is an issue of care and closeness."\\] The CTO who discovers that the CEO made a strategic decision in a board meeting without consulting them is not angry about the decision. They are hurt about the exclusion.
The respect dimension manifests as invisibility. The CTO whose contributions are not recognised in board meetings, whose technical achievements are attributed to "the team" while the CEO's sales achievements are attributed to the CEO personally, is experiencing a respect deficit that will eventually surface as cynicism or withdrawal -- two of the three dimensions of burnout that [Chapter 15](15-cto-burnout-isolation.html) will address.
Tan's experience at Posterous illustrates how these dynamics compound: "Success will cover up many sins. When things are going up and to the right, things might be going wrong underneath and you won't be aware of it. It's the black ice of startups."\\] The co-founders who never fought during the growth phase are not conflict-free. They are conflict-deferred. The debt accumulates invisibly and comes due when the company hits its first serious challenge.
Rachel Lockett, a coach who has worked with co-founders at Pinterest and Stripe, provides a case study that captures the compounding dynamic: "The CTO confided in me that he planned to go to the board and kick out the CEO because he was no longer a fit for his role. These two people were good friends from college." When Lockett investigated, she discovered that the CEO hated his own role -- he missed being technical and was depleted by board management and team leadership. "When you're not honest about how you're growing," Lockett observes, "it's on your co-founder to be the person to tell you."\\] The CTO who was preparing a boardroom coup was actually dealing with a co-founder who needed a role change -- but neither had the language or the structure to surface that conversation before it became a crisis.
| | AUTHOR: A moment of co-founder tension at CorralData -- even a small one -- that illustrates one of Perel's three categories. The reader needs to see the pattern in a recognisable, non-catastrophic context. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## The Weight of the Role on Both Sides
Tom Blomfield co-founded Monzo, the UK digital bank, as CEO. His co-founder and CTO, Jonas Templestein, built the technical infrastructure. By all accounts, their relationship was strong -- Blomfield credits Templestein as "even more passionate" about culture than he was.\\] The co-founder dynamic was not the problem. The role was.
Blomfield's account of his departure is the most detailed founder-burnout narrative in the UK startup ecosystem: "I stopped enjoying my role probably about two years ago, as we grew from a scrappy startup that was iterating and building stuff people really love, into a really important UK bank. The things I enjoy in life is working with small groups of passionate people to start and grow stuff from scratch."\\] The CEO role at a scaled company -- regulatory burden, board management, process design, crisis communication -- had nothing to do with the builder identity that brought Blomfield to the role. "When you get to that size, it's about people management. You spend almost no time on product or customers really. It's about process, a lot of process, extraordinary amount of regulation."\\]
When COVID hit in March 2020, a funding round collapsed, revenue dropped 50% in one week, and the pressure became unsustainable. "I wasn't sleeping, which impacted my decision-making, I was anxiety-wracked and never switched off from work."\\] Blomfield stepped down as CEO, took a transitional role, and eventually walked away from roughly four million unvested shares. His assessment in retrospect: "As CEO, I never switched off. I found it impossible to stop thinking about the latest problem."\\]
The Monzo story matters for this chapter not because the co-founders fought -- they did not -- but because it illustrates what happens when one partner in the relationship is destroyed by the role itself. The CTO who watches their CEO co-founder burn out is losing their most important professional relationship, their strategic partner, and their buffer against the board -- simultaneously. The CTO who does not notice the CEO's burnout, or who notices it but does not have the relationship infrastructure to address it, will discover the problem only when the CEO announces their departure.
Blomfield had an earlier experience that is more directly instructive. Before Monzo, he was CTO at Starling Bank under CEO Anne Boden. He lasted six months: "I just thought, I can't work with this person -- it's really damaging to me and my mental health -- and so I resigned."\\] The Starling departure was a classic CEO-CTO conflict -- a relationship that could not sustain disagreement. The Monzo departure was something different: a relationship that worked until the role consumed one of the partners. The CTO needs to understand both failure modes.
## The Data on What Happens When It Breaks
Sam Altman, speaking from his experience as president of Y Combinator, states it plainly: "In YC's case, the number one cause of early death for startups is cofounder blowups."\\] Paul Graham, co-founder of YC, lists "fights between founders" among his eighteen mistakes that kill startups and offers the analogy: "Cofounders are for a startup what location is for real estate. You can change anything about a house except where it is."\\]
Noam Wasserman's research, based on roughly 10,000 founders across 6,000 US tech and life sciences startups, provides the quantitative foundation. Eighty-four percent of startups have co-founders. Seventy-three percent of founding teams split equity within one month of formation, most setting it in stone with no mechanism for adjustment. And a finding that should concern every co-founding pair: each additional social relationship in the founding team -- a friendship, a family connection, a prior working relationship -- increases the likelihood of a co-founder's departure by 30% after the initial honeymoon period.\\] The teams with the deepest personal bonds are, after six months, the least stable. The closeness that made them co-found together becomes the emotional intensity that makes disagreement feel like betrayal.
Wasserman's most cited finding -- that 65% of startup failures are caused by people problems -- deserves a caveat. The statistic originates from a 1989 survey of 49 venture capitalists by HBS professor William Sahlman, measuring VC _perceptions_ of failure causes rather than a direct empirical measurement.\\] The figure is useful as a signal of how investors think about startups -- and investors who believe that people problems are the primary failure mode will intervene accordingly, which shapes the reality even if the original data is perception-based.
The CB Insights analysis of 101 startup post-mortems provides a complementary view: "not the right team" ranks as the third most common reason for failure at 23%, behind "no market need" (42%) and "ran out of cash" (29%).\\] Mark Suster provides the practitioner's version: "I promise you, for as great as you feel about your current partnership agreement -- I meet far more people who had problems with theirs than founders who didn't have problems. People just don't talk about it publicly."\\]
## Learning to Say No
The CTO who cannot say no to the CEO will burn out. The CTO who says no without translating it into business terms will be fired. The space between these two failures is where the CTO must learn to operate.
Jeff Bezos's "disagree and commit" principle, formalised in his 2016 letter to Amazon shareholders, provides the foundational framework. The principle works in both directions: the CTO should commit to the CEO's decision after expressing disagreement, and the CEO should commit to the CTO's recommendation in their area of expertise. Bezos's own example: he greenlit an Amazon Studios project he personally doubted, writing back to the team: "I disagree and commit and hope it becomes the most watched thing we've ever made."\\] The principle only works if both parties practice it. The CEO who expects the CTO to disagree and commit but never reciprocates is running an autocracy, not a partnership.
Cedric Chin, writing about the practical difficulty of executing this principle, identifies the failure mode that most CTOs fall into: publicly undermining the decision they disagreed with. He cites Andrew Bosworth of Meta: "Many leaders sell out their management and rally the team. They say management sucks, but don't worry, we will make progress in spite of them. This approach is staggeringly effective. Until it isn't."\\] The CTO who disagrees with the CEO's direction and then signals that disagreement to the engineering team -- through tone, through body language, through the conspicuous absence of enthusiasm -- is poisoning the execution of a decision they committed to support. Chin's resolution: express disagreement clearly, ask for the CEO's reasoning, then commit genuinely and execute. And know that there is a point at which the only honest response is departure: "Staying when you can no longer commit is a disservice to yourself, to your company, and to the subordinates who might not share your views."\\]
Evan Cooke, technical co-founder of Twilio, provides the practical reframe that makes "no" productive rather than adversarial. Instead of blocking a request, the CTO translates it: "Well, here's what that would take -- what do you think?"\\] The sentence turns a gate into a negotiation. The CEO who hears "no" hears obstruction. The CEO who hears "that would take six weeks and require postponing the billing feature" hears a trade-off -- and trade-offs are the language of business.
Bezos adds one more principle that applies directly to the CEO-CTO dynamic: teams should "recognize true misalignment issues early and escalate them immediately." His warning: "The default dispute resolution mechanism for this scenario is exhaustion. Whoever has more stamina carries the decision."\\] The CTO who loses arguments not because the CEO was right but because the CTO ran out of energy to fight is experiencing the exhaustion mechanism. The antidote is escalation -- to a board member, to an advisor, to the structured conversation that the next section describes.
| | AUTHOR: Your practice for saying no -- or for translating disagreement into business terms. Has the Cooke reframe ("here's what that would take") worked for you? Is there a specific moment where you held the line or chose to disagree and commit? The reader needs to see this operating in a real co-founder relationship. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## The Structured Conversation
Tan's central lesson from Posterous applies to every co-founder pair: "Most people think of good co-founding pairs in purely functional terms -- a business person paired with a technical person. This is deeper than that."\\] The functional complement -- one builds, one sells -- is necessary but insufficient. The relationship requires maintenance, and most co-founding pairs do none.
Amy Buechler, a founder coach referenced by Y Combinator in its official co-founder guidance, developed the "Founder Sync" -- a recurring, protected meeting dedicated entirely to the co-founder relationship. "One of the things that's surprised me in my coaching work is how often cofounder conflict is not because of a failing relationship, but because of a lack of process -- a lack of routine, built-in collaboration. Founders mistake their bad relationship habits for a bad relationship."\\]
The Founder Sync covers six areas: alignment on strategy, existential threats, accountability, bidirectional feedback, management support, and trust. Buechler recommends 60 to 90 minutes weekly. "Psychologically, Founder Syncs are soothing. Their consistency relieves anxiety."\\] The CTO who has a structured weekly conversation with the CEO about the state of the relationship -- not the state of the product, not the sprint review, not the fundraise update, but the relationship itself -- is building the infrastructure that prevents Tan's crisis from developing.
Lockett reinforces the principle: "People think if they don't argue, they have a healthy relationship. That just means there's a lot going unsaid and resentment is building. You need healthy conflict to make good decisions."\\] The structured conversation creates a container for that healthy conflict. Without it, the conflict either goes underground (producing withdrawal and resentment) or erupts unpredictably (producing the crisis that Tan described).
Matt Munson, a two-time founder who coaches co-founding teams, recommends a three-step process for periodic deeper check-ins: journal independently on a set of alignment questions, swap answers before meeting, then schedule two to three sessions of 60 to 90 minutes to discuss where answers diverge or surprise. The output: a one-page alignment document that captures shared values, role boundaries, decision-making rules, and what each person is willing to sacrifice.\\] His assessment of the cost of skipping this work: "Every hour you spend exploring values on the front end will save you 10+ hours down the line."\\]
Y Combinator publishes its own set of ten questions for co-founders, including: "How will we split up equity? What will our roles and titles be? What will we do if we're having trouble agreeing? What happens if we decide we don't want to work together anymore?"\\] The fact that Y Combinator -- which has seen more co-founder relationships than any other institution -- considers these questions essential enough to publish as a checklist suggests that most co-founding pairs have not asked them. The CTO who has not had an explicit conversation about equity split, role boundaries, and conflict resolution mechanisms is operating without the equivalent of a vesting schedule for the relationship: no structure, no milestones, and no exit clause.
| | AUTHOR: Your co-founder relationship maintenance practice -- do you have a structured check-in? If so, what does it cover? If not, what has prevented it? The reader needs to see the structured conversation being used (or its absence being felt) by a working CTO at your stage. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
The CEO-CTO relationship is the startup's first architecture. Like any architecture, it can be designed deliberately or it can emerge by default. The default version works when the company is small, the problems are technical, and the co-founders are in the same room solving them together. It breaks when the company grows, the problems become political, and the co-founders discover that the functional complement -- one builds, one sells -- is not enough to sustain a partnership under pressure.
The CTO who understands the structural tensions (expectations mismatch, power asymmetry, the implementation-arm dynamic), who can diagnose what co-founder fights are actually about (power, care, or respect), who has learned to say no in business language rather than technical language, and who maintains the relationship through structured conversation rather than crisis management -- that CTO has built the foundation for everything this book describes. The operational chapters (Part II), the business acumen chapters (Part III), and the personal survival chapters (Part IV) all rest on this foundation. Without it, every framework in this book is an abstraction. With it, the CTO has a partner -- and a partnership is the only structure strong enough to survive what comes next.
## Frequently Asked Questions
1. _How should a CEO and CTO work together?_
The CEO-CTO relationship works best with explicit agreements on decision rights -- who owns which decisions, how disagreements are resolved, and what information flows between the two roles. The most effective co-founder pairs establish a disagree-and-commit protocol before conflicts arise, maintain regular one-on-one meetings focused on alignment rather than status updates, and build trust through transparency about what each person does not know.
2. _What causes conflict between startup co-founders?_
The most common sources of co-founder conflict are misaligned expectations about roles and decision authority, different risk tolerances (especially around technical debt and speed), unequal perceived contributions, and failure to discuss equity and compensation openly. Many conflicts that appear to be about specific technical or business decisions are actually about undefined boundaries and unspoken assumptions about who has the final say.
3. _What does disagree and commit mean?_
Disagree and commit is a decision-making protocol where team members voice their disagreements fully during discussion, but once a decision is made, everyone commits to it completely -- including those who disagreed. It prevents two toxic patterns: false consensus (where people agree publicly but sabotage privately) and endless debate (where decisions are relitigated after being made). The key is that disagreement must happen before the decision, not after.
4. _How do you handle disagreements with your co-founder?_
The best approach is to pre-establish decision-making protocols before conflicts arise. Define clear ownership areas -- the CTO typically owns technical architecture and engineering team decisions, while the CEO owns business strategy and go-to-market. For decisions that span both domains, agree in advance on a tiebreaker mechanism. When disagreements do arise, focus on the decision criteria rather than the positions, and commit fully once a decision is reached.
5. _When should a CTO push back on the CEO?_
A CTO should push back when a decision risks irreversible technical damage, when timelines are physically impossible, when security or data integrity would be compromised, or when the long-term cost of a shortcut vastly exceeds the short-term benefit. The key is how you push back -- present trade-offs and alternatives rather than simply saying no, use business language to explain technical consequences, and reserve your strongest objections for decisions that truly cannot be reversed.
## References
. Tan, G. (2017, February 18). Co-founder conflict. _TechCrunch_ / _Medium_ (Initialized Capital). -- Tan is co-founder of Posterous and current President of Y Combinator.
. Chalmers, A. (\~2023). LinkedIn post on CTO firing statistics. -- Chalmers ("The Geek Whisperer") is Top 50 Most Influential Women in UK Tech (2022, 2023), lectures at Oxford and Cambridge.
. Chalmers, A. (2024, July 3). Most founding CTOs are fired or moved sideways within 3--5 years. Here's why! _Medium_.
. Wilson, F. (2011, October 31). VP Engineering vs CTO. _AVC_ (MBA Mondays). -- See also Wilson, F. (2012, January). The management team -- while building usage. _AVC_.
. Suster, M. (\~2010). Want to know the difference between a CTO and a VP Engineering? _Both Sides of the Table_.
. Fournier, C. (2015, February 8). On the role of CTO. _Elided Branches_. -- Fournier's advice: "My advice for aspiring CTOs is to remember that it's a business strategy job, first and foremost."
. Chalmers, A. How founders sabotage engineering delivery without any malice. _Medium_.
. Perel, E. (\~2019). How to fix the co-founder fights you're sick of having -- Lessons from couples therapist Esther Perel. _First Round Review_.
. Lockett, R. (\~2025). Five practices to strengthen your co-founder relationship. _First Round Review_.
. De Rycker, S. (interviewer). (2022, January 13). Tom Blomfield, Monzo. _Accel Secrets to Scaling_.
. O'Hear, S. (2021, January 20). Monzo founder Tom Blomfield is departing the challenger bank. _TechCrunch_.
. Blomfield, T. (\~2021). Former Monzo CEO Tom Blomfield on falling out of love with your work \\\[Interview\]. _Secret Leaders Podcast_, Season 7 premiere.
. Blomfield, T. (2021). As CEO, I never switched off. _Management Today_.
. Blomfield, T. Various podcast appearances, referring to Anne Boden and Starling Bank departure. Reported in Bartlett, S. (2021). E86: Monzo CEO on death threats, depression & digital banking wars. _The Diary of a CEO_. Also cited in Sifted:
. Altman, S. (2014). How to start a startup, Lecture 2\. _Stanford / Y Combinator_.
. Graham, P. (2006, October). The 18 mistakes that kill startups. _paulgraham.com_. -- See also Graham, P. (2009, February). Startups in 13 sentences.
. Wasserman, N. (2012). _The Founder's Dilemmas: Anticipating and Avoiding the Pitfalls That Can Sink a Startup_. Princeton University Press. Based on \~10,000 founders across \~6,000 US tech and life sciences startups. See also Hellmann, T., & Wasserman, N. (2014). The first deal: The division of founder equity in new ventures. HBS Working Paper No. 14-085\.
. Sahlman, W. (1989). What do venture capitalists do? Harvard Business School. Survey of 49 leading VCs; 65% ranked "ineffective senior management" as the primary cause of startup failure.
. CB Insights. The top 20 reasons startups fail. Analysis of 101 startup post-mortems.
. Suster, M. (\~2011). The co-founder mythology. _Both Sides of the Table_.
. Bezos, J. (2017, April). 2016 letter to shareholders. _About Amazon_. -- Under "High-Velocity Decision Making."
. Chin, C. (2019). The hard thing about disagree and commit. _Management for Startups_. -- Cites Andrew Bosworth (Meta VP) on the destructive pattern.
. Cooke, E. (\~2015). This is how effective CTOs embrace change \\\[CTO Summit talk\]. _First Round Review_. -- Cooke was technical co-founder of Twilio.
. Buechler, A. (2024, March 9). The Founder Sync. _The Founder Coach_. -- Referenced by Y Combinator in official co-founder matching documentation.
. Munson, M. (\~2023). 10 questions every startup founder should discuss. _mattmunson.me_. -- Munson is a 2x exited founder and CEO coach at Sanity Labs.
. Y Combinator. (2023, April 27). 10 questions to discuss with a potential co-founder. _YC Blog_. -- Google Doc template:
## Part II: Building and Shipping
Chapter 4: Your First Technical Decisions Are Business Decisions
====================
> It seems that perfection is attained not when there is nothing more to add, but when there is nothing more to take away.
-- Antoine de Saint-Exupéry
Terre des hommes, 1939
Key Takeaways
* Instagram launched on Django, PostgreSQL, and Redis -- a stack so boring it was practically invisible. What it bought them was speed to market and a team that could hire anyone, which mattered far more than architectural elegance.
* Every startup has a limited number of innovation tokens to spend, and the right place to spend them is on your product, not your stack. Choose boring technology for everything that is not your competitive advantage.
* The most important property of an early-stage technical decision is not whether it is optimal but whether it is reversible. Decisions you can undo cheaply buy you the right to be wrong -- which at a startup you will be, frequently.
* Build versus buy is not a technical question; it is a capital allocation question. The answer depends on where your product ends and your infrastructure begins.
In October 2010, Instagram launched with two engineers and a single server in Los Angeles. The stack was Django, PostgreSQL, Redis, and nginx -- technology so established that no one at a conference would ask a follow-up question about any of it. Mike Krieger, Instagram's co-founder and technical leader, had a phrase for the philosophy behind these choices: "Do the simple thing first."\\]
Eight years later, Instagram had more than 450 engineers, one billion monthly active users, and had migrated from Amazon's cloud to Facebook's data centres. The engineering team had replaced the task queue (Gearman to Celery and RabbitMQ), added Cassandra alongside PostgreSQL, rebuilt the search system four times, and completed a migration from Python 2 to Python 3 that produced a 12% CPU savings and 30% memory improvement.\\] What they had not replaced was the fundamental architecture. Django and PostgreSQL -- the boring choices from day one -- were still running the product. Krieger's description of the journey: "The users are still in the same car they were in at the beginning of the journey, but we've swapped out every single part without them noticing."\\]
The Instagram stack was not an engineering decision. It was a business decision. Krieger did not choose Django because it was the best web framework. He chose it because it was well-understood, operationally quiet, and let a two-person team focus on the product rather than the infrastructure. Every hour not spent debugging an unfamiliar database was an hour spent building the feature that would determine whether the company survived. The stack choice was a bet on what mattered most -- speed to learning -- and it paid off for eight years.
This chapter is about making those bets well. Stack selection, MVP architecture, build-versus-buy -- these feel like engineering decisions, and they are. But they are business decisions first, and the CTO who treats them as purely technical will make choices that are elegant, well-reasoned, and wrong for the company.
## Every Stack Choice Is a Bet
Dan McKinley, an engineer at Etsy during the period when the company scaled from a struggling marketplace to an IPO-track business, published an essay in 2015 called "Choose Boring Technology." It became the most widely cited piece of engineering strategy advice in the startup world, and for good reason: it named something that experienced engineers knew intuitively but had never formalised.\\]
McKinley's central argument is that every organisation has a finite capacity for novelty -- what he calls "innovation tokens." A startup might have three. Spend one on an unfamiliar database, another on a new programming language, a third on a deployment tool that has existed for less than a year, and you have used your entire budget for the unexpected before writing a line of product code. "If you choose to write your own database," McKinley writes, "oh god, you're in trouble."\\]
The cost is not the technology itself. It is the unknown unknowns. A known unknown -- what happens when this database hits 100% CPU -- can be researched. An unknown unknown -- a garbage-collection pause triggered by a write pattern nobody anticipated -- cannot be researched because nobody knows to ask the question. For mature technology, the set of unknown unknowns is small and shrinking. For new technology, it is large and growing. McKinley's formulation: "'\`Boring' should not be conflated with 'bad.' There is technology out there that is both boring and bad. You should not use any of that. But there are many choices of technology that are boring and good, or at least good enough.\`"\\]
McKinley credits this philosophy to Kellan Elliott-McCrea, who was CTO of Etsy during the scaling period that Chapter 6 described. Elliott-McCrea's influence on Etsy's engineering culture was the origin of the "boring technology" tradition -- the recognition that operational predictability is an engineering asset, not an engineering compromise.\\] Etsy's early years provided the cautionary tale. The company hired Python programmers and then searched for something to give them to do in Python, which led to a pointless middleware layer that took years to remove. Meanwhile, search latency was running at two minutes at the 90th percentile.\\] The technology choice created the problem. The business paid the cost.
Krieger's Instagram embodied McKinley's framework before McKinley wrote it. The philosophy -- choose technology whose failure modes you understand, spend your innovation budget on the product rather than the infrastructure -- produced a specific set of decisions. PostgreSQL for the core data store, because its behaviour under load was well-documented and its scaling patterns (connection pooling via Pgbouncer, eventual sharding) were proven. Redis for caching and real-time operations, because it was fast, simple, and the team understood it. Django for the web layer, because it favoured pragmatism and let the team hire easily. Krieger articulated the reasoning on the Instagram engineering blog: "A large part of how we've been able to scale Instagram with very few engineers is by choosing simple, easy-to-understand solutions that we trust."\\]
The phrase "solutions that we trust" is doing the important work in that sentence. Trust, in an engineering context, means you know how the technology will break. You have seen its failure modes. You can diagnose a problem at 3 a.m. without reading the source code. That trust is not a property of the technology. It is a property of the team's experience with the technology. A brilliant database that nobody on your team has run in production is not trustworthy. A mediocre database that your team has operated for three years is.
Krieger also warned about a subtler trap: coupling your hiring strategy to your technology stack. He recalled advice from Kevin Rose, founder of Digg: "one of the biggest mistakes they made early on was recruiting engineers who were too finely matched to the technology that they were using." The problem: "if people tie their own job security to, say, staying on PHP, you'll end up making the wrong technology choices."\\] The technology should serve the business. When the team's identity becomes inseparable from the technology, the technology starts dictating the business -- and the CTO loses the ability to make the pragmatic changes that scaling will eventually demand.
This is where the business lens sharpens the engineering decision. The CTO choosing a stack at the founding stage is not optimising for architectural elegance. They are optimising for the speed at which the team can build, ship, and learn -- because every week spent debugging infrastructure is a week not spent discovering whether the product has a market. Krieger, looking back, described the discipline: "The goal is not to set up Nagios or Munin. The goal is to ship software so that you can get people using it."\\]
Benjamin Jordan, CTO of Big Run Studios, a mobile game developer, offers a useful provocation against taking this framework too seriously. In a deliberately self-undermining essay, Jordan argues that CTO expertise on technology selection is largely survivorship bias: "I _assume_ I know what I'm talking about simply because of a small modicum of success." His claim: "a dartboard is all you need to determine a starting point for your tech, because we are forced to consider that, just perhaps, initial tech choices don't matter at all."\\] He points to Google running Java on mobile hardware, Zynga building an empire on Flash, and Facebook pushing PHP beyond any reasonable limit. People figure things out. Almost any software can evolve into any other if the team is strong enough.
Jordan's argument is not quite what it appears. He is not saying technology choices are meaningless. He is saying that the _workflow_ -- iteration speed, learning culture, willingness to replace what does not work -- matters more than the starting point. "If you add five seconds to your iterative cycle, you've just shot yourself in the foot. Think about multiplying that five seconds by the hundred times per day that you need to do it."\\] This is actually McKinley's point stated from the other direction: boring technology is valuable not because it is boring but because it minimises friction in the iteration cycle. The starting technology matters less than most CTOs believe. The speed at which the team can iterate on that technology matters more than almost anyone admits.
| | AUTHOR: The CorralData stack choice belongs here -- FastAPI, LangGraph, LangSmith, and the decision to build on Python in a healthcare B2B context. What drove the choice? Was it the team's familiarity, the library availability, the hiring pool? Was there a moment where a more technically ambitious choice was available and the author chose the pragmatic one? The reader needs to see this philosophy applied in the author's own context. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The MVP Is Supposed to Be Wrong
The Instagram stack survived because it was boring. But the Instagram product survived because it was incomplete. The first version of Instagram did not support video -- even though the technology existed -- because uploads were slow, they failed more often than they succeeded, and the experience did not meet Krieger's standard. "We chose not to in the first version," he told Fast Company in 2018, "because we couldn't deliver a great experience."\\] The decision to exclude video was a product decision, not an engineering one. It was also a business decision: every feature that delays launch is a feature that delays learning.
Reid Hoffman, co-founder of LinkedIn, coined the formulation that has become startup scripture: "If you're not embarrassed by the first version of your product, you've launched too late."\\] The phrase is older than most people realise -- Hoffman says he first used it "more than a decade" before his 2017 essay, placing it somewhere around 2005--2007\. His explanation of the logic is more nuanced than the soundbite suggests. Three themes drive it: the importance of speed, the certainty that your assumptions about customers are wrong, and the cost of delaying the feedback loop. "If you're willing to be embarrassed," Hoffman writes, "you gain speed and flexibility."\\] Eric Ries, who developed the Lean Startup methodology, offered Hoffman a corollary: "No matter how long you wait to release your first version, you will be embarrassed by it."\\]
The MVP paradox is that building the wrong thing -- deliberately, knowingly -- is often the correct business decision. The first version of Dropbox was not a product. It was a three-minute screencast. Drew Houston, Dropbox's founder, could not demonstrate a working prototype because the product required solving hard technical problems in file synchronisation that had not been solved yet. Instead, he recorded a video showing what the product would do. The video was targeted at the Digg community and was full of inside jokes and Easter eggs visible only to that audience. Overnight, the beta waiting list went from 5,000 to 75,000.\\] Houston did not build the product to test the hypothesis. He built a video. The video validated demand. Then he built the product.
Stripe's founding had the same structure. Patrick and John Collison built an API that reduced payment integration from weeks of work to seven lines of code. But the backend was not automated. When someone signed up, Patrick would call a friend who would manually create a merchant account. The product that felt instantaneous to the developer was, behind the scenes, a manual process held together by phone calls.\\] Paul Graham, who funded Stripe through Y Combinator, gave this technique a name: the "Collison installation." When anyone agreed to try Stripe, the Collisons would say "Right then, give me your laptop" and set the user up on the spot.\\] The technical sophistication of the product was not the point. The speed of getting it into someone's hands was.
Nick Swinmurn tested the Zappos hypothesis -- that people would buy shoes online -- without building a supply chain. He photographed shoes at local stores, posted the images on a website, and when someone ordered, he bought the shoes at full price and shipped them himself.\\] The unit economics were terrible. The learning was immediate: people would pay for shoes they had not tried on.
Martin Fowler, who has spent decades advising organisations on software architecture, makes the strongest architectural case for deliberate technical incorrectness. In his 2015 essay "MonolithFirst," he observes that "almost all the successful microservice stories have started with a monolith that got too big and was broken up. Almost all the cases where I've heard of a system that was built as a microservice system from scratch, it has ended up in serious trouble." His recommendation: "Don't be afraid of building a monolith that you will discard."\\] The monolith is architecturally wrong for the company you hope to become. It is architecturally right for the company you are now -- because it lets you ship faster, learn faster, and postpone the expensive architectural decisions until you have the information to make them well.
Emmett Shear's experience building Twitch illustrates what happens when the MVP reveals something the founders did not expect. Justin.tv, the predecessor product, had more than 20 million monthly active users but was not growing. A venture capitalist visited the office and delivered a blunt assessment: "You guys aren't growing, and on the Internet, not growing is dying. So your business is totally f\*\*\*ed."\\] The gaming section of Justin.tv -- roughly 400,000 monthly users, about 2% of the total -- was the only part of the product Shear was interested in running. He spun it out as Twitch. Within months, it was growing 30--40% per month. "Product/market fit," Shear observed, "is a little like falling in love. If you have to ask, don't worry, it will be clear."\\] The pivot was possible because the existing infrastructure could be repurposed. The MVP for Twitch was not a new product. It was a re-framing of an existing one.
The common thread across these examples is that the MVP's job is not to demonstrate engineering capability. Its job is to produce learning. The learning that Dropbox's video produced (75,000 signups) was worth more than any prototype could have delivered in the same timeframe. The learning that Stripe's manual backend produced (developers will integrate payments if it takes seven lines of code) was worth more than an automated system that took six months longer to build. The CTO who delays launch to build the "right" architecture is spending the company's money on a hypothesis about infrastructure when the company's survival depends on a hypothesis about the market.
| | AUTHOR: A CorralData MVP decision belongs here -- a moment where the team shipped something technically incomplete to learn from customers. Healthcare B2B has specific constraints (compliance, security, data handling) that complicate the MVP philosophy. The reader needs to see how "build the wrong thing first" works in a regulated context where certain things cannot be wrong. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Build What's Core, Buy Everything Else
Joel Spolsky, co-founder of Stack Overflow and Fog Creek Software, published two essays in the early 2000s that remain the clearest framework for the build-versus-buy decision. The first, "Things You Should Never Do" (2000), argues that rewriting working software from scratch is "the single worst strategic mistake that any software company can make." Old code, Spolsky writes, has been used, tested, and debugged. The odd formatting and unexplained conditionals are not signs of sloppiness -- "those are bug fixes." Throwing that code away means throwing away years of accumulated knowledge and giving competitors a two-to-three-year head start.\\]
The second essay, "In Defense of Not-Invented-Here Syndrome" (2001), provides the bright-line rule: "If it's a core business function -- do it yourself, no matter what." The corollary: everything that is not core should be bought, rented, or borrowed. "Pick your core business competencies and goals, and do those in house. If you're a software company, writing excellent code is how you're going to succeed. Go ahead and outsource the company cafeteria."\\] Spolsky's example: if you are building a game and cool 3D effects are your competitive advantage, write your own 3D engine. If the plot is your advantage, use someone else's engine and focus on the story.
The question the CTO must answer is not "can we build this?" The question is "is building this the best use of our engineering capacity?" Krieger described the discipline at early Instagram: "'\`We could figure out how to do our own push notifications. But Urban Airship is right here.' Put pride aside and keep your eye on your real goal.\`"\\] Every hour an engineer spends building authentication, analytics, or deployment infrastructure is an hour not spent on the product that differentiates the company. Peter Reinhardt, co-founder and CEO of Segment, a customer data platform, quantified the risk: "Say you have three engineers and one of them is working on building your analytics tool. Your ability to develop your product is now cut by 30% so you need 30% more runway."\\]
The decision changes as the company grows, and the CTO must recalibrate the framework at each stage. At the Coder stage -- a team of one to five -- the default should be to buy almost everything that is not the core product. Authentication, analytics, monitoring, email delivery, payment processing: none of these differentiate your product, and each of them will consume engineering weeks that you do not have. Krieger at early Instagram: "\`Early on, we thought, 'Well, we could figure out how to do our own push notifications. But Urban Airship is right here.'\`"\\] He described the temptation to over-build as "yak shaving" -- spending hours setting up Nagios when a simpler alerting tool could be running in minutes. "\`Finally I was like, 'I've got to get back to building the product.'\`"\\]
At the Manager stage, some infrastructure investments begin to pay for themselves. A CI/CD pipeline, an internal tool for a repeated workflow, a monitoring stack tailored to your specific failure modes -- these are worth building because the team will use them hundreds of times. But the test remains the same: is this core? At the Director stage, the calculus shifts again. The company may have enough scale that owning infrastructure becomes a competitive advantage rather than a distraction. The classic example is Dropbox, which saved nearly $75 million over two years by migrating from AWS to custom infrastructure -- but Dropbox's product _is_ storage infrastructure. Owning it was the core competency, not a diversion from it.\\]
David Heinemeier Hansson, creator of Ruby on Rails and co-founder of 37signals, provides the most detailed recent case study of a build-versus-buy reversal. In 2022, 37signals was paying more than $3.2 million per year for cloud services. DHH's assessment: "Renting computers is mostly a bad deal for medium-sized companies like ours with stable growth."\\] The company invested approximately $600,000 in Dell servers and migrated off the cloud entirely. Post-migration infrastructure costs dropped to roughly $360,000 per year -- an annual savings of nearly $2.9 million, with projected savings of more than $7 million over five years.\\]
The 37signals exit was the right decision for 37signals. It is not the right decision for most startups, and DHH himself identified the conditions. The cloud excels at two ends of the spectrum: very simple, low-traffic applications where operational simplicity genuinely saves money, and highly irregular workloads where burst capacity matters. For medium-sized companies with predictable, stable loads, the economics favour owning hardware.\\] Most pre-Series B startups are not in that position. They are uncertain about whether the product will exist in six months, and the cloud premium is an insurance policy against the need to think about infrastructure at all. The CTO who optimises hosting costs before finding product-market fit is solving the wrong problem.
There is a subtlety that Spolsky's bright-line rule does not capture: the line between "core" and "not core" moves. A feature that is not core at founding may become core at scale. Analytics was not core for Segment's customers -- until it was, and Reinhardt built a company around that realisation. Conversely, a feature that feels core at founding -- a custom deployment pipeline, a bespoke data pipeline -- may turn out to be commodity infrastructure that a third party can maintain better than you can. The CTO must revisit the build-versus-buy decision at every stage, not just at founding. Chapter 12 will revisit it again in the AI context, where a third option -- prompt -- is collapsing the cost of building certain categories of software to near zero.
The build-versus-buy framework introduced here will recur throughout the book. For now, the principle is simple. Ask: is this where our engineering capacity creates the most value? If the answer is yes, build it. If the answer is no, buy it, integrate it, and move on. The CTO's job is not to build everything. It is to build the right things.
| | AUTHOR: A CorralData build-versus-buy decision -- something the team chose to build that could have been bought, or something they bought that a more technically ambitious CTO might have built. The LangGraph/LangSmith choice is a natural candidate: why use LangChain's tooling rather than building a custom orchestration layer? What was the business reasoning? |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Reversibility Test
The decisions described so far -- stack selection, MVP scope, build versus buy -- share a property that most engineering discussions ignore: some of them can be undone and some cannot. A practical framework for early technical decisions must account for this difference, because the cost of a wrong decision depends entirely on how hard it is to reverse.
Jeff Bezos introduced the clearest formulation of this principle in his 2015 letter to Amazon shareholders. He distinguished between two types of decisions. Type 1 decisions are "consequential and irreversible or nearly irreversible -- one-way doors." These "must be made methodically, carefully, slowly, with great deliberation and consultation." Type 2 decisions are "changeable, reversible -- two-way doors." These "can and should be made quickly by high judgment individuals or small groups."\\]
Bezos's concern was not about technology. It was about organisational speed. "As organizations get larger," he wrote, "there seems to be a tendency to use the heavy-weight Type 1 decision-making process on most decisions, including many Type 2 decisions. The end result of this is slowness, unthoughtful risk aversion, failure to experiment sufficiently, and consequently diminished invention."\\] He added a footnote that is often overlooked: "Any companies that habitually use the light-weight Type 2 decision-making process to make Type 1 decisions go extinct before they get large."\\] The framework cuts both ways. Treating reversible decisions as irreversible kills speed. Treating irreversible decisions as reversible kills the company.
Kent Beck, writing about his experience at Facebook in 2015, applied the framework directly to software engineering. He identified irreversibility as one of four sources of system complexity -- alongside states, interdependencies, and uncertainty. His formulation: "When the effects of decisions can't be predicted and they can't be easily undone, decisions grow prohibitively expensive." The insight for engineers: "Irreversibility is absurd in the Fordist assembly line world but it's at least possible for computer systems." Software decisions can often be made reversible by design.\\]
Beck's distinction is practical: "Feature changes are irreversible, structure changes are reversible." A feature shipped to users creates expectations, generates data, and establishes contracts that are expensive to break. A structural change to the codebase -- refactoring a module, extracting a service, reorganising a directory -- can be undone without affecting the user. The CTO who treats structural decisions with the same gravity as feature decisions is wasting deliberation on two-way doors.\\]
Martin Fowler, writing four years earlier, reached the same conclusion from a different direction. In his essay "Is Design Dead?" he argued that designers "need to think about how they can avoid irreversibility in their decisions. Rather than trying to get the right decision now, look for a way to either put off the decision until later -- when you'll have more information -- or make the decision in such a way that you'll be able to reverse it later without too much difficulty."\\] Mary and Tom Poppendieck, drawing on lean manufacturing principles, formalised this as the "last responsible moment": schedule irreversible decisions for as late as possible, and use the intervening time to learn.\\]
Applied to the decisions this chapter covers, the reversibility test produces clear guidance.
Your database is close to a one-way door. Migrating from one relational database to another is possible but expensive. Migrating from a relational database to a document store -- or vice versa -- is a multi-quarter project that will consume engineering capacity and introduce risk. Choose your primary database carefully. This is a Type 1 decision.
Your programming language is a heavy two-way door. Rewriting a codebase in a new language is painful but not impossible -- Instagram migrated from Python 2 to Python 3 while serving hundreds of millions of users. But the hiring pool, the available libraries, and the team's accumulated expertise are all tied to the language. Introducing a new language is reversible in theory and expensive in practice. Treat it as a Type 1 decision at founding; treat additions of new languages as a careful Type 2 decision later.
Your API framework is a two-way door. Swapping a web framework -- Django for FastAPI, Express for Koa -- is a contained change that affects the team's development workflow but not the product's external behaviour. This is a Type 2 decision. Make it quickly.
Your cloud provider can be made reversible by design. If you build on Kubernetes with minimal use of vendor-specific services, moving from AWS to GCP is a logistics problem, not an architecture problem. If you build on AWS Lambda with DynamoDB and SQS, you have made the cloud choice nearly irreversible. The decision is not which cloud to use. The decision is how tightly to couple to it.
Your third-party integrations are two-way doors -- as long as you put an abstraction layer between your code and the vendor's API. Without that layer, every vendor dependency is a one-way door. With it, swapping vendors is a configuration change.
The practical framework for the CTO at the Coder stage: make Type 1 decisions (database, primary language, data model) carefully and early. Make Type 2 decisions (framework, tooling, third-party services) quickly and cheaply. Design for reversibility wherever possible -- abstractions over vendor APIs, infrastructure as code, configuration over hardcoding. And when you are unsure whether a decision is Type 1 or Type 2, default to treating it as Type 2 and shipping. The cost of a wrong reversible decision is low. The cost of deliberating a reversible decision as if it were irreversible is the time you did not spend learning.
| | AUTHOR: A specific CorralData example of the reversibility test in action -- a decision that felt irreversible but turned out not to be, or a decision that was treated as reversible and later turned out to have lasting consequences. The healthcare B2B context adds a layer: compliance and data architecture decisions may be less reversible than they appear. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Technology Evaluation Is Resource Allocation
The previous sections describe the founding CTO's first decisions. But the decisions do not stop. Every quarter brings new frameworks, new infrastructure services, new AI tools, and new arguments from the team about why the current stack is inadequate. The CTO who cannot evaluate new technology systematically will either adopt everything -- and drown in operational complexity -- or adopt nothing -- and fall behind. Both failure modes are common. Both are avoidable.
McKinley's "boring technology" thesis, already cited in this chapter, contains a metaphor that deserves its own weight: the innovation token. "Let's say every company gets about three innovation tokens," McKinley writes. "You can spend these however you want, but the supply is fixed for a long while."\\] If you spend a token on a novel database, you cannot also spend one on a novel deployment pipeline and a novel frontend framework without exhausting the team's capacity to absorb operational novelty. The question is not whether the new technology is better. The question is whether it is better enough to justify spending one of your finite tokens -- and whether the problem it solves is the problem most worth solving with scarce innovation budget.
Kellan Elliott-McCrea, whose tenure as CTO of Etsy gave rise to the philosophy McKinley codified, published the most actionable evaluation framework available: eight questions to ask before introducing any new technology.\\] The first two are the ones most CTOs skip: "What problem are we trying to solve?" and "How could we solve the problem with our current tech stack?" If the answer to the second question is "we could, it would just be ugly" -- that is almost always the right path. The ugliness is operational familiarity. The beautiful alternative is operational novelty, and operational novelty is where outages come from.
Elliott-McCrea's fifth question deserves particular attention: "Will this solution kill and eat the solution that it replaces?"\\] If the answer is no -- if the old system and the new system will coexist indefinitely -- then the new technology has not simplified the stack. It has doubled it. Every technology the CTO adds without removing its predecessor increases the surface area the team must understand, monitor, and debug at three in the morning. The CTO who introduces Kafka alongside RabbitMQ, or Redis alongside Memcached, has not made a technology decision. They have made a complexity decision -- and the complexity will compound.
The practical defence is the timebox. Before committing to any new technology, run a spike -- a one-to-two-week experiment, scoped to a single use case, producing a decision rather than production code. The spike answers three questions: does this technology solve the problem we think it solves? What operational cost does it introduce? And can the team adopt it without dedicated training? If the spike fails on any of these, the CTO has spent a fortnight rather than a quarter. If it succeeds, the CTO has evidence rather than enthusiasm.
### Vision Is Not a Document
The technology decisions described in this chapter -- stack, data model, build versus buy, reversibility, security posture -- are individual bets. Technical vision is the coherent thesis that connects them.
Will Larson, whose engineering strategy writing is the most rigorous in the practitioner literature, defines three layers: design specifications (individual decisions), engineering strategy (the principles that guide those decisions), and technical vision (where the technology and organisation should be in two to three years).\\] His method for producing all three is deliberately bottom-up: "Write five design documents, and pull the similarities out. That's your engineering strategy. Write five engineering strategies, and forecast their implications two years into the future. That's your engineering vision."\\] The vision is not handed down from the CTO's imagination. It is synthesised from the decisions the team has already made -- which means it describes reality rather than aspiration, and the team recognises themselves in it.
For the seed-stage CTO, the vision may be three sentences long: what the system must do in two years, what technical constraints it must operate within (HIPAA, real-time latency, multi-tenancy), and what the team must be capable of. It does not need to be a slide deck. It needs to be specific enough that when an engineer proposes adding a new technology, both the engineer and the CTO can point to the vision and ask: does this move us closer or further away?
Bryan Cantrill, CTO of Oxide Computer and the inventor of DTrace, offers the complementary frame. Where Larson builds vision from decisions, Cantrill builds it from values. His argument: every technology reflects the values of its creators -- composability, debuggability, performance, simplicity -- and the CTO's job is to articulate which values the team's technology should embody, then evaluate every technology choice against those values.\\] Oxide's public "Requests for Discussion" repository is one of the few real examples of this in practice: every significant technical decision is written up, debated, and archived in a format the entire company can read.\\] The writing is the vision. The vision is not a separate artefact.
The CTO who has a clear technical vision -- even a short one -- can delegate technology evaluation to the team. The engineer who wants to introduce a new tool can evaluate it against the vision's principles without requiring the CTO's approval for every experiment. The CTO who has no vision must make every technology decision personally, which does not scale past the first five hires. Vision is not a luxury. It is the mechanism by which the CTO stops being a bottleneck.
| | AUTHOR: CorralData's technical vision -- even the informal version. Where do you want the system to be in two years? What are the principles that guide your technology choices (e.g., boring infrastructure, novel only where it creates competitive advantage like the NL-to-SQL copilot)? Have you written this down, and if so, where does the team find it? The reader at a five-person startup needs to see what a lightweight technical vision looks like in practice. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Security and Compliance Are Architecture, Not Paperwork
There is a moment in the life of every B2B startup -- usually during a sales call -- when the CTO hears the question for the first time: "Do you have a SOC 2 report?" The conversation that follows determines whether the deal closes or stalls. And the CTO who has not thought about security and compliance as a first technical decision will discover, in that moment, that they have already made the decision -- by default, badly, and in a way that will take months and tens of thousands of dollars to undo.
Antigoni Sinanis, the first operations hire at Kolide (an eight-person startup), describes the experience: "I soon received my first security questionnaire from a prospective customer. It had over 100 questions, was full of acronyms I couldn't decipher, and asked for plans, policies, and procedures that I had never heard of. ... And then I noticed something: most of these questionnaires started by asking if we had a compliance audit report, usually SOC 2."\\] Christina Gilbert, co-founder and CEO of OneSchema, a YC-backed data infrastructure company, saw the same pattern: "From the earliest days of our business, we heard loud and clear from customers that the lack of SOC 2 Type II certification would block them from doing business with us."\\]
The CTO who treats compliance as paperwork to be handled later will face a specific and expensive problem: retrofitting security controls into an architecture that was not designed for them. Gilbert's testimony is the clearest cautionary tale: "If we hadn't been aware of the infrastructure considerations around SOC 2, we would've had to re-architect our system to handle multi-tenancy with data isolation and retention. Instead, we had the right architecture in place from the get-go."\\] The architecture decision -- how you isolate tenant data, how you handle encryption at rest, how you log access events -- is made at the founding stage whether you intend it or not. The CTO who makes it consciously saves the company a quarter of re-engineering work. AWS's official guidance puts it in institutional language: "Good security controls, data privacy, and data management should be foundational components of a SaaS application from the beginning."\\]
### Building Secure by Default
Emily Choi-Greene, a YC founder with a security engineering background, captures the tension between the startup community and the security community: "The advice from my security community ('WAIT!') alongside the startup community ('RIGHT NOW!') broke my brain."\\] Both sides have a point. Pursuing SOC 2 certification before you have revenue or enterprise customers is premature spending. But building secure by default -- encryption at rest, MFA enforced, audit logging from day one, least-privilege access controls, infrastructure as code -- costs almost nothing in engineering time and saves everything later.
The practical minimum for a five-person startup, before any formal certification, is straightforward. The Minimum Viable Secure Product (MVSP) checklist -- developed collaboratively by Google, Salesforce, Okta, and Slack, with CISA participation -- provides 24 controls across four areas and is explicitly designed for startups not yet mature enough to afford a full compliance process.\\] The Center for Internet Security's Implementation Group 1 (CIS IG1) defines 56 safeguards labelled "Essential Cyber Hygiene" for small organisations with limited resources.\\] Neither requires a budget. Both require discipline.
One architectural decision deserves specific attention because it affects every compliance framework you will ever pursue: **permissioning**. Enterprise customers will ask for role-based access control, attribute-based access control, team-level permissions, department-level permissions, customer-managed encryption keys, and permission structures you have not imagined yet. The permissioning system you build at the founding stage will be extended, patched, and cursed more than any other component of your application. Build it flexible from day one. Use a well-established authorisation model -- RBAC at minimum, with the ability to layer ABAC on top -- and abstract it behind a clean interface so that when the enterprise customer asks for a permission structure your current model does not support, the change is a configuration problem rather than an architecture problem. Permissioning is a one-way door disguised as a two-way door: the data model is easy to extend, but the assumptions baked into your access control logic spread throughout the codebase and become progressively harder to change.
| | AUTHOR: Your CorralData permissioning journey -- how has the model evolved as you've moved into healthcare enterprise? What did you build initially, what did the first big customer ask for that you didn't expect, and what would you do differently? |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
### The Compliance Ladder
Compliance certifications follow a predictable progression that maps to the startup's growth stage. The CTO who understands this sequence can plan ahead rather than scramble.
**Before revenue (Seed stage):** Build secure by default. Follow MVSP and CIS IG1\. Publish a vulnerability disclosure policy. Enforce HTTPS, MFA, and least-privilege access. Document your security controls informally. When the first enterprise prospect sends a security questionnaire, you will be able to answer most of the questions honestly -- and the honesty matters more than the certification.
**First enterprise deal (Seed to Series A):** This is when SOC 2 becomes a business decision. SOC 2 Type I is a point-in-time assessment of whether your security controls are designed appropriately. Type II evaluates both design and operational effectiveness over a three-to-twelve-month observation window. Type II is what most enterprise buyers ultimately require. First-year cost for a startup ranges from $20,000 to $80,000 all-in, including audit fees ($8,000--$50,000), compliance automation platform ($7,500--$15,000 per year from vendors like Vanta or Drata), and 100--400 hours of internal team time.\\] Justin McCarthy, CTO of StrongDM, admits the learning curve: "I wildly underestimated the cost of our first SOC 2 audit -- both in time and expense. I figured an auditor would come in for a few months, offer suggestions on how to improve, and then sign off. I could not have been more wrong."\\]
**EU expansion (Series A to B):** ISO 27001 is the default requirement for European enterprise procurement. There is approximately 80% overlap between ISO 27001 and SOC 2 controls, so pursuing the second framework after the first requires only 30--40% additional effort.\\] Venkat Rangan, CTO of Clari, led his company's ISO 27001 certification as a personal priority: "Because we believe in the importance of selling, we know the value of sales data. As a co-founder and CTO, I took responsibility for leading the effort."\\] The decision framework is geographical: US customers want SOC 2; EU customers want ISO 27001; if you sell to both, you will eventually need both.
**Healthcare and regulated industries (Series A onward):** HIPAA does not have a formal certification. There is no HIPAA certificate to hang on the wall. Compliance is demonstrated through self-assessment, Business Associate Agreements (BAAs), and third-party audits.\\] This is both liberating and dangerous: liberating because you can achieve compliance incrementally without a massive upfront investment, dangerous because there is no external validation to tell you whether you have done enough. The CTO building a healthcare product must understand three things. First, if you handle Protected Health Information (PHI), you need a BAA with every subprocessor in your chain -- your cloud provider, your database host, your analytics tool. AWS, Azure, and GCP all offer standard BAAs.\\] Second, the HIPAA Security Rule requires administrative, physical, and technical safeguards -- but it is intentionally flexible and scalable, meaning the requirements for a five-person startup are different from the requirements for a hospital system.\\] Third, the consequences of non-compliance are not theoretical: HIPAA violation penalties range from $141 to over $2 million per violation category per year, and the Office for Civil Rights has collected $144.9 million in settlements and penalties to date.\\]
For the CTO at a healthcare startup who wants external validation beyond self-assessment, the HITRUST Common Security Framework (CSF) is the closest thing to a gold standard. HITRUST harmonises over 60 regulatory frameworks into a single certifiable structure. It now offers three tiers: e1 (44 foundational controls, approximately $35,000), i1 (roughly 182 controls, approximately $70,000), and r2 (comprehensive, risk-based, $100,000--$150,000 or more).\\] The pragmatic path for a healthcare SaaS startup: start with HIPAA self-assessment and BAAs, add SOC 2 when enterprise customers require it, consider HITRUST e1 when large health systems ask for it, and pursue full HITRUST r2 only when the deal size justifies the investment.
| | AUTHOR: Where CorralData sits on this ladder right now. Which certifications do you have, which are you pursuing, and what triggered each decision? The reader in healthcare SaaS needs to see the progression applied to a real company at their stage. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
### Penetration Testing: The Question Every Customer Asks
Enterprise procurement teams will ask when you had your last penetration test. The question is so routine that it appears on virtually every security questionnaire, and the CTO who cannot answer it will watch deals slow to a crawl.
A penetration test is a structured attempt to break into your systems -- a professional attacker simulating what a real attacker would do. It is not the same as automated vulnerability scanning, though the two are often confused. Automated scanning is cheap (many tools are free), continuous, and catches known vulnerabilities -- outdated libraries, misconfigured headers, exposed ports. It should run in your CI/CD pipeline. Manual penetration testing is expensive ($5,000--$30,000 for a typical SaaS startup), periodic (annually is the standard cadence), and catches what scanners cannot: business logic flaws, access control bypasses, and context-dependent vulnerabilities that require a human to identify.\\] Caleb Mattingly, founder and CISSP at Secure Cloud Innovations, makes the practical point: "SOC 2 does not explicitly mandate penetration testing. But enterprise clients often request pen test results separately as part of their vendor security assessment process. Penetration testing is technically optional for SOC 2 but practically necessary for enterprise sales."\\]
The timing question has a clear answer. Do not pay for a pen test while the product is still changing shape weekly -- you will be testing a system that no longer exists by the time you receive the report. Get your first pen test when you have a stable production environment, at least one enterprise customer or prospect requiring it, and the engineering capacity to remediate the findings. Run automated vulnerability scanning from day one. Budget for annual manual pen testing from the first enterprise deal onward.
Bug bounty programmes -- where external security researchers are paid for finding vulnerabilities -- are not appropriate for early-stage startups. They require a mature security posture and dedicated triage resources. What a startup should publish instead is a vulnerability disclosure policy: a simple page at `/.well-known/security.txt` that tells security researchers how to report issues responsibly. It costs nothing and signals professionalism.
### When to Hire a CISO
The CTO at an early-stage startup is the de facto Chief Information Security Officer whether they hold the title or not. The security architecture, the compliance decisions, the incident response plan (if one exists) -- these are the CTO's responsibility by default, just as the product roadmap is the CTO's responsibility until the first PM arrives.
The trigger for hiring a dedicated security leader follows the same pattern as hiring a PM: you need one when the compliance burden exceeds what the CTO can carry alongside their other responsibilities, and when the regulatory environment demands expertise the CTO does not have. For most B2B SaaS startups, this means a fractional CISO or virtual CISO (vCISO) starting at Series A -- typically $5,000--$15,000 per month -- rather than a full-time hire. The vCISO manages the SOC 2 audit process, handles security questionnaires, leads the pen test remediation, and ensures the compliance programme stays current without consuming the CTO's calendar.
A full-time CISO typically becomes necessary at Series B or later, when the company has multiple compliance frameworks to maintain, a growing customer base with enterprise security requirements, and enough engineering surface area that security review of new features requires dedicated attention. In healthcare specifically, the regulatory complexity of HIPAA, HITRUST, and state-level privacy laws can accelerate this timeline. The CTO who waits until a breach or a failed audit to hire a security leader has waited too long. The CTO who hires one before the company has any compliance requirements has hired too early.
| | AUTHOR: How you handle security leadership at CorralData today. Are you the de facto CISO? Have you used a vCISO? What's the plan as the company scales? |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
Krieger's Instagram reached one billion users on the stack two people chose in 2010\. The stack was not optimal. It was not elegant. It was not what a senior architect would have designed if given six months and a whiteboard. It was fast to build on, easy to understand, and operationally quiet -- and it let a tiny team focus on the product while the infrastructure did what it was supposed to do, which was nothing interesting at all.
Every technical decision a CTO makes in the first year of a company is a business decision wearing engineering clothes. The stack is a bet on iteration speed. The MVP is a bet on learning. The build-versus-buy choice is a bet on where engineering capacity creates the most value. The reversibility test is a tool for sizing those bets. The technology evaluation framework -- innovation tokens, Elliott-McCrea's eight questions, the timebox -- is a tool for deciding which new bets to take. The technical vision is the thesis that connects individual bets into a coherent direction. And the security architecture -- the permissioning model, the audit logging, the encryption decisions, the compliance posture -- is a bet on the company's ability to sell to enterprise customers without a six-month retrofit.
The company that ships the wrong product on the right infrastructure will learn and adapt. The company that ships no product on perfect infrastructure will not learn anything at all. [Chapter 5](5-technical-debt.html) examines what happens to the debt those early decisions create -- and why treating that debt as a strategic instrument, rather than an engineering failure, is the CTO's next essential skill.
## Frequently Asked Questions
1. _How do you choose a technology stack for a startup?_
Choose boring, proven technologies that your team already knows. Dan McKinley's principle of innovation tokens applies -- you only get a few bold technology bets, so spend them on your core differentiator, not on your database or web framework. Prioritise hiring pool size, community support, and proven production use over technical elegance. The best stack is the one that lets you ship and iterate fastest with the team you have.
2. _What does choose boring technology mean?_
Choose boring technology is Dan McKinley's influential philosophy that startups should default to proven, well-understood tools rather than exciting new ones. Every technology choice carries operational cost -- monitoring, debugging, hiring, training. Boring technologies have known failure modes, large talent pools, and extensive documentation. Save your innovation budget for the problems that are unique to your business, and use commodity solutions for everything else.
3. _Should a startup build or buy software?_
Buy or use open-source solutions for anything that is not your core differentiator -- authentication, payments, email, monitoring, CI/CD. Build only the components that create unique value for your customers. The build-versus-buy decision should be revisited regularly as the company grows, because what was too expensive to buy at seed stage may be too expensive to maintain at Series B. Every line of custom code is a maintenance commitment.
4. _What is the best programming language for a startup?_
The best programming language is the one your founding team already knows well, provided it has a large enough hiring pool in your target market. Language wars are a distraction -- the difference in productivity between a team fluent in Python versus one fluent in TypeScript is negligible compared to the cost of learning a new language under startup time pressure. Choose for team familiarity and hiring availability, not for theoretical performance or elegance.
5. _How do you make MVP architecture decisions?_
Optimise for speed of learning, not for scalability or elegance. Start with a monolith -- microservices are almost always premature at the MVP stage. Choose a single database. Deploy to a managed platform. Skip the abstractions you think you will need later and build the simplest thing that lets you test your hypothesis with real users. Architecture decisions at the MVP stage should be evaluated by one metric: how quickly they let you get feedback from customers.
## References
. Kuhn, E. (2017, June 18). Tech talk: Scaling Instagram with Mike Krieger \\\[Notes on Krieger's talk\]. _Evan's Tech Blog_. -- Secondhand notes on a firsthand talk; highly detailed.
. Ding, H. (interviewed \~2017). Instagram makes a smooth move to Python 3\. _The New Stack_. -- Ding was Instagram's first engineer hired after the Facebook acquisition.
. Metz, C. (2014, June). How Instagram moved from Amazon's cloud to Facebook's data centers. _Wired_. Mirrored at -- Direct Krieger quote.
. McKinley, D. (2015, March 30). Choose boring technology. _mcfunley.com_. -- Also presented at OSCON 2015 and Velocity New York 2015\. Slides at
. Elliott-McCrea, K. (2016, January 10). Towards an understanding of technical debt. _Laughing Meme_. -- Elliott-McCrea was CTO of Etsy 2010--2015\.
. Instagram Engineering. (\~October 2011). Sharding & IDs at Instagram. _Instagram Engineering Blog_. Originally at instagram-engineering.tumblr.com. Key quotes available via
. Krieger, M. (\~2017). How Instagram co-founder Mike Krieger took its engineering org from 0 to 300 people \\\[Interview\]. _First Round Review_.
. Jordan, B. (2021, December 3). What you can't know about being a startup CTO. _Medium / CodeX_.
. Krieger, M. (2018, September). Interview. _Fast Company_.
. Hoffman, R. (2017, March 29). If there aren't any typos in this essay, we launched too late! _LinkedIn Pulse_. -- Hoffman notes the quote originated "more than a decade" before the essay.
. Ries, E. (2011, October 19). How DropBox started as a minimal viable product. _TechCrunch_ (book excerpt from _The Lean Startup_). -- See also Houston, D. How to win as a first-time founder. _First Round Review_.
. Rosenblatt, J. et al. (2017, August 1). How two brothers turned seven lines of code into a $9.2 billion startup. _Bloomberg Businessweek_. -- See also startup-stories.beehiiv.com for the manual merchant account detail.
. Graham, P. (2013, July). Do things that don't scale. _paulgraham.com_.
. Ries, E. (2011). _The Lean Startup_. Crown Business. Zappos MVP described in Chapter 4\. See also Swinmurn, N. (2012, September 5). Zappos' silent founder \\\[Interview\]. _Fortune_.
. Fowler, M. (2015, June 3). MonolithFirst. _martinfowler.com_.
. Shear, E. (quoted in Startup Archive/a16z). Emmett Shear on pivoting from Justin.tv and 20+ million MAUs to build Twitch. -- See also Bessemer Venture Partners, "Inside the Deal: Twitch" (investment memo, 2012).
. Spolsky, J. (2000, April 6). Things you should never do, part I. _Joel on Software_.
. Spolsky, J. (2001, October 14). In defense of Not-Invented-Here syndrome. _Joel on Software_.
. Reinhardt, P. The tools early-stage startups actually need to understand their customers \\\[Interview\]. _First Round Review_.
. Krazit, T. (2018, February). Dropbox saved almost $75 million over two years by building its own tech infrastructure. _GeekWire_. -- Based on Dropbox S-1 filing; gross margins improved from 33% to 67%.
. Hansson, D. H. (2022, October 19). Why we're leaving the cloud. _world.hey.com_.
. Hansson, D. H. (2023). We stand to save $7m over five years from our cloud exit. _world.hey.com_. -- Hardware investment: \~$600K in Dell servers. Annual cloud bill: $3.2M → \~$360K post-exit.
. Bezos, J. P. (2016, April). 2015 Letter to shareholders. Amazon.com Annual Report. -- Note: commonly miscited as the "2016 letter."
. Beck, K. (2015, July; republished 2023, November 17). Taming complexity with reversibility. Originally Facebook Notes; republished on _Tidy First? Substack_.
. Fowler, M. (2000, July; updated 2004, May). Is design dead? _martinfowler.com_. -- Contains a dedicated "Reversibility" section.
. Poppendieck, M., & Poppendieck, T. (2003). _Lean Software Development: An Agile Toolkit_. Addison-Wesley. See also Poppendieck, M., & Poppendieck, T. (2006). _Implementing Lean Software Development: From Concept to Cash_. Addison-Wesley.
. Elliott-McCrea, K. (2019, February 5). Questions for a new technology. _kellanem.com_. -- Eight-question framework for evaluating technology adoption. Elliott-McCrea was CTO of Etsy 2010--2015\. See also: Miller, R. (2015, April 27). Etsy CTO on its conservatively crafty tech philosophy. _TechCrunch_.
. Larson, W. (2020, November 5). Engineering strategy. _Irrational Exuberance_ (lethain.com). -- Three-tier framework: design specifications → engineering strategy → technical vision. "A vision describes how you want your technology and organisation to work in two to three years."
. Larson, W. (2020, November 26). Write five, then synthesize: good engineering strategy is boring. _Irrational Exuberance_ (lethain.com). -- Also in Larson, W. (2021). _Staff Engineer: Leadership beyond the management track_. See:
. Cantrill, B. (2017). Platform as a reflection of values: Joyent, node.js, and beyond \\\[Talk\]. _Node Summit_. Slides: -- See also: Cantrill, B. (2024, September 2). Reflections on founder mode. _The Observation Deck_ / _Oxide Computer Blog_. -- "Our RFD process is the backbone of Oxide."
. Oxide Computer. Requests for Discussion (RFD) public repository. -- Includes RFD 1 (the process itself) and hundreds of public technical decision documents. One of the few real-world examples of transparent, values-driven technical decision documentation at a startup.
. Sinanis, A. Our startup's SOC 2 compliance journey. _Kolide Blog_. -- Firsthand account from first operations hire at 8-person startup.
. Gilbert, C. (2025, November 3). 5 lessons learned from getting SOC 2 Type II certified as a startup. _OneSchema Blog_. -- Firsthand co-founder/CEO account, YC-affiliated.
. Tarr, B., & Cage, C. (2023, August 15). Importance and impact of compliance for SaaS solutions on AWS. _AWS Partner Network Blog_.
. Choi-Greene, E. (2025, August 15). Security, SOC 2, & startups. _Clearly AI Blog_. -- YC founder with security engineering background.
. Minimum Viable Secure Product (MVSP). -- CC0 public domain, developed by Google, Salesforce, Okta, Slack, with CISA participation.
. Center for Internet Security. CIS Controls v8.1, Implementation Group 1: Essential Cyber Hygiene. -- 56 safeguards for small organisations with limited IT resources.
. Cost data consolidated from: Secureleap, "SOC 2 Cost 2026" (); StrongDM, "How Much Does SOC 2 Cost in 2026?" (); Johanson Group, "Compliance for Seed-Stage Startups" (). Note: ranges include compliance platform fees (Vanta, Drata, Secureframe at $7,500--$15,000/year) and internal team time.
. McCarthy, J. SOC 2 budget: How much does SOC 2 cost? _StrongDM Blog_. -- Note: StrongDM is a vendor in the access management space.
. Secureframe. SOC 2 vs ISO 27001\. _Secureframe Blog_. -- References AICPA's official ISO 27001/SOC 2 mapping spreadsheet showing \~80% control overlap. Note: Secureframe is a compliance automation vendor.
. Rangan, V. (2016, March 3). A CTO's view of the journey to ISO 27001 security certification. _Clari Blog_. -- Firsthand CTO account.
. Microsoft Learn. HIPAA -- Azure Compliance. -- Confirms: "There is currently no certification program approved by the US Department of Health and Human Services (HHS)." See also Aptible. HIPAA compliance guide for startups.
. AWS. HIPAA compliance. -- Describes BAA process for SaaS partners. See also HHS.gov. Business associate contracts (sample provisions).
. HHS.gov. Summary of the HIPAA Security Rule. -- Primary source for administrative, physical, and technical safeguard requirements.
. HHS.gov. Enforcement highlights. -- $144.9M in settlements/penalties. Penalty tiers: $141--$2,134,831 per violation category per year (2024 inflation-adjusted). See also AccountableHQ for detailed penalty tier breakdown.
. HITRUST Alliance. HITRUST CSF certification tiers and costs. -- Three tiers: e1 (44 controls, \~$35K), i1 (\~182 controls, \~$70K), r2 (comprehensive, $100K--$150K+). See also Sprinto, "How Much Does HITRUST Certification Cost in 2026?"
. Cost data consolidated from: CYBRI, "A Startup's Guide to Vulnerability Testing for 2026" (); Blaze Information Security, "Penetration Testing for Startups" (); Adversis, "Before the Test" (). Typical range: $5,000--$30,000 for SaaS application pen test.
. Mattingly, C. SOC 2 & pen testing for startups: What founders need to know. _Secure Cloud Innovations Blog_. -- Firsthand CISSP founder.
Chapter 5: Technical Debt as a Strategic Instrument
====================
> The ideas of debtor and creditor as to what constitutes a good time never coincide.
-- P.G. Wodehouse
Love Among the Chickens, 1906
Key Takeaways
* Ward Cunningham's original debt metaphor had nothing to do with messy code. It described the gap between what your code assumes about the business and what you have since learned -- and like financial debt, it charges interest whether you notice or not.
* Technical debt costs roughly a third of all engineering time across the industry. The question is never whether you have debt but whether you are carrying it deliberately or discovering it in production.
* Debt does not accrue interest based on how old it is; it accrues interest based on how often you touch the code that contains it. A five-year-old module nobody changes costs you nothing. A six-month-old service on the critical path costs you every sprint.
* AI-generated code is creating a new category of liability: cognitive debt, where the codebase works but no human fully understands why.
* When the business pivots, your entire codebase becomes technical debt overnight. The most dangerous debt is not the kind you accumulate deliberately but the kind that arrives because the world changed and your architecture did not.
In 1992, Ward Cunningham was building a portfolio management system called WyCash in Smalltalk. He needed to explain something to his business partners -- why the engineering team needed to go back and rework code that was already working. The code was not broken. It did what it was supposed to do. But the team's understanding of the financial domain had evolved since they wrote it, and the code no longer reflected what they now knew. The gap between their current understanding and the code's representation of that understanding was slowing them down.
Cunningham reached for a financial analogy. "Shipping first time code is like going into debt," he wrote in an experience report for the OOPSLA conference. "A little debt speeds development so long as it is paid back promptly with a rewrite. The danger occurs when the debt is not repaid. Every minute spent on not-quite-right code counts as interest on that debt. Entire engineering organizations can be brought to a stand-still under the debt load of an unconsolidated implementation."\\]
That passage created the most influential metaphor in software engineering. It also created one of the most misunderstood.
Cunningham's metaphor was not about messy code. It was not about cutting corners. It was about the inevitable gap between what you know and what your code reflects -- a gap that widens as you learn more about the problem you are solving. Seventeen years later, Cunningham recorded a video to correct the record: "A lot of bloggers at least have explained the debt metaphor and confused it, I think, with the idea that you could write code poorly with the intention of doing a good job later and thinking that was the primary source of debt. I'm never in favor of writing code poorly."\\] The metaphor, properly understood, says something specific: you borrowed against your future understanding to ship today, and the interest you pay is the friction of working with code that no longer matches what you know.
That distinction matters for the startup CTO because it reframes the entire relationship with technical debt. Debt is not a symptom of failure. It is a financing instrument. Like financial debt, it can be used strategically -- to accelerate growth, to test a hypothesis, to reach a market window -- or it can accumulate recklessly until it consumes every dollar of engineering capacity the company has. The CTO's job is not to avoid debt. It is to manage it: knowing when to borrow, how much the interest will cost, and when repayment becomes urgent.
## A Taxonomy of Debt
Martin Fowler extended Cunningham's metaphor in 2009 with a framework that remains the clearest tool for categorising the debt a startup accumulates. He proposed two axes -- deliberate versus inadvertent, and reckless versus prudent -- producing four types of debt.\\]
Reckless-deliberate debt is the decision to skip design because there is no time. The team knows better and chooses not to do better. This is the credit card debt of engineering: easy to incur, high interest, and it compounds. Reckless-inadvertent debt is the result of not knowing better -- the team that has never heard of separation of concerns shipping a monolith because they do not know another way. Prudent-deliberate debt is the conscious trade-off: we know this is not the right architecture, but we need to ship this quarter and we will address it afterward. This is the mortgage -- a large, tracked obligation taken on to enable something that would otherwise be impossible. Prudent-inadvertent debt is the most subtle and the most aligned with Cunningham's original meaning: the team ships clean code that reflects their best understanding, and then learns something that makes the design wrong. "Now we know how we should have done it," as Fowler phrases it.\\]
Steve McConnell, author of _Code Complete_, developed the financial analogy further in a white paper that remains the most systematic treatment of the subject. He distinguishes between focused debt -- a large, identifiable shortcut, like a car loan -- and unfocused debt: "hundreds or thousands of small shortcuts -- generic variable names, sparse comments, creating one class in a case where you should create two." Focused debt can be tracked and managed. Unfocused debt "is like credit card debt. It's easy to incur unintentionally, it adds up faster than companies think, and it's harder to track and manage after it has been incurred."\\]
For the startup CTO, a simpler taxonomy may be more useful than either framework in isolation. The debt in your codebase falls into three categories, and each requires a different management strategy.
**Debt you chose.** This is the mortgage. You shipped a monolith knowing you would need services. You used a third-party authentication library knowing you would need to customise it. You hardcoded configuration values knowing you would need a configuration service. These decisions were rational at the time -- they bought speed, validated a hypothesis, or reached a market window. The interest is predictable: you will pay it when you need to scale, customise, or extend the feature. The risk is manageable as long as you track the obligation and schedule repayment before the interest compounds.
**Debt you inherited.** This is someone else's mortgage. You joined the company and discovered a codebase shaped by decisions you did not make, for reasons you may not understand. The previous CTO chose a framework that does not scale. A contractor built a feature with no tests. The founding team's understanding of the domain was different from yours. Kellan Elliott-McCrea, former CTO of Etsy, warns against conflating this with failure: "All code is, to varying degrees, an incorrect bet on what the future will look like."\\] Inherited debt is not a crisis. It is a condition. The CTO's job is to assess the interest rate, identify which obligations are actively slowing the team, and prioritise repayment based on business impact rather than engineering aesthetics.
**Debt you did not know you had.** This is the hidden liability -- the dependency that has not been updated in two years, the security vulnerability in a library nobody monitors, the assumption about data volume that will break at 10x scale. Elliott-McCrea identifies five distinct phenomena that the industry conflates under the single term "technical debt," including features of the codebase that resist change, operability choices that resist change, and dependencies that resist upgrading.\\] Hidden debt is the most dangerous category because you cannot manage what you cannot see. The debt audit described later in this chapter is designed to surface it.
| | AUTHOR: CorralData's debt portfolio -- which category dominates? Was there a specific moment where inherited debt or hidden debt created a crisis? The healthcare B2B context may add a dimension: compliance-related debt, where a shortcut that was acceptable at one regulatory stage becomes a liability at the next. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## The Cost of Carrying Debt
The financial metaphor is useful only if the interest is real and measurable. It is.
Stripe surveyed thousands of developers and C-level executives in 2018 and found that engineers spend an average of 33% of their time -- 13.5 hours per week -- dealing with technical debt and maintenance rather than building new features. Stripe extrapolated the global cost at roughly $300 billion per year in lost developer productivity.\\] Stepsize, surveying more than 200 engineering team members in 2021, found the same figure: 33% of development time consumed by maintenance, with more than half of that attributable to technical debt. Fifty-two percent of engineers in the Stepsize survey said debt negatively affected their morale.\\] DX and Atlassian, surveying 2,100 developers and engineering leaders in 2024, found that 69% of developers lose eight or more hours per week to inefficiencies, with technical debt cited as the primary cause by 59% of respondents.\\] The Stack Overflow 2024 Developer Survey -- 65,000 respondents, the largest annual survey of working developers -- found that 62% cite technical debt as their number one frustration at work.\\]
Four independent surveys, conducted by organisations with no shared methodology and no overlapping commercial interests, converge on the same conclusion: roughly one-third of engineering capacity in the typical software organisation is consumed by debt service. For a startup with 10 engineers, that is 3.3 engineers working full-time on the consequences of past decisions rather than building the product. The Consortium for Information and Software Quality, co-founded by the Object Management Group and the Software Engineering Institute at Carnegie Mellon, estimates that accumulated technical debt across the US software industry stands at $1.52 trillion.\\] McKinsey, surveying 50 CIOs at financial services and technology companies, found that technical debt typically accounts for 20 to 40% of the total technology estate, with 10 to 20% of a company's technology budget diverted from new products to debt service.\\]
McConnell provides the language for translating this into board-ready communication: "\`Shifting the dialog from a technical vocabulary to a financial vocabulary provides a clearer, more understandable framework. Discuss debt in terms of money rather than in terms of features. For example, '40% of our current R&D budget is going into supporting previous releases' or 'We're currently spending $2.3 million per year servicing our technical debt.'\`"\\] This is the Chapter 10 skill in action -- the business acumen that translates engineering reality into language the board can evaluate. The CTO who says "we have a lot of technical debt" is making a complaint. The CTO who says "we are spending 33% of our engineering budget on debt service, and I want to reduce that to 20% over the next two quarters by investing in these three specific migrations" is making a business case.
Fowler offers one important refinement to the interest metaphor. Unlike financial debt, technical debt does not charge interest based on the passage of time. It charges interest based on contact. "I only trigger an interest payment when I have to work with that part of the software. So crufty but stable areas of code can be left alone."\\] This is a critical insight for the startup CTO making prioritisation decisions. Debt in a module that nobody touches costs nothing. Debt in the module that every feature touches costs everything. The interest rate is not a property of the code. It is a property of how often the team needs to change it.
Fowler also introduces the design stamina hypothesis: there exists a point -- typically reached within weeks rather than months -- after which the cost of working with poorly designed code exceeds the time that better design would have required. Before that point, cutting corners is faster. After that point, the debt is slowing you down more than the shortcut saved. The CTO who understands where this line falls in their codebase can make informed borrowing decisions. The CTO who does not will cross it without noticing and spend the next year wondering why the team cannot ship.\\]
| | AUTHOR: A specific CorralData example of debt cost -- a feature that took twice as long as it should have because of accumulated debt, or a calculation showing what percentage of the engineering team's time goes to maintenance versus new features. The reader needs to see the 33% figure grounded in a real company. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Debt Audit
The practical framework the startup CTO needs is not another taxonomy. It is a process for surfacing hidden debt, quantifying its cost, and communicating the results to non-technical colleagues who do not read code.
Google's approach, documented by Ciera Jaspan and Collin Green of Google Research in IEEE Software, provides the most empirically grounded model. Google runs quarterly engineering surveys that measure technical debt across 10 categories: migrations needed or in progress, poor documentation, inadequate testing, code degradation, teams lacking expertise, dead or abandoned code, poor code quality, delayed dependency updates, API incompatibility, and process debt. The surveys are segmented by engineering domain -- teams working on machine learning systems face different debt profiles than teams building backend services -- which allows targeted interventions rather than blanket policies.\\]
The result of this systematic approach: Google achieved its largest improvement in five years of measurement, with a majority of engineers reporting only slight or no hindrance from technical debt.\\] The tactics included dedicated "Fixit days," specialised teams -- variously called "janitors, cultivators, or demolition experts" -- and interventions targeted by product area rather than applied uniformly.
A startup cannot replicate Google's survey infrastructure. But the principle scales down. Chelsea Troy, a staff software engineer at Mozilla who teaches at the University of Chicago, proposes a measurement framework built around what she calls "maintenance load" -- the proportion of total development effort consumed by existing code rather than new capabilities. Track the ratio of tickets that add or change features to tickets that fix, maintain, or work around existing code. If more than 40% of your engineering capacity is going to maintenance, your debt load is affecting your ability to compete. If it is above 50%, it is an emergency.\\]
Troy also identifies the specific mechanism by which debt compounds: context loss events. Every time a team member leaves, every time a module goes untouched for six months, every time an AI tool generates code that nobody reviews -- the team's understanding of the codebase degrades. The code still works. But the ability to change it safely declines. Troy's formulation: "Code stewardship is a whole, difficult skill that is completely separate from writing feature code, which is what most developers are trained to do and rewarded for by the business."\\]
Will Larson, who led Foundation Engineering at Stripe and managed large-scale migrations at Uber, argues that at scale, migrations are "the sole scalable fix to tech debt." Individual engineers will always pick off low-hanging fruit, but the hard debt -- the kind that requires multiple teams to coordinate -- can only be addressed through a structured migration process. His playbook has three phases: derisk (write the design document and embed with the hardest teams first, not the easiest), enable (build tooling to programmatically migrate the straightforward cases), and finish (stop the bleeding, generate tracking tickets, push status to management). His warning: "Starting but not finishing migrations often incurs significant technical debt" -- worse than never starting at all.\\]
For the seed-stage CTO with a team of five, the debt audit is simpler. Once per quarter, ask three questions. First: where is the team spending unplanned time? The modules that generate the most bug reports, the most "that's weird" conversations, the most workarounds -- those are your highest-interest debts. Second: what would break if we grew 10x? The database schema, the deployment process, the authentication system, the monitoring gaps -- these are your hidden debts, the ones that cost nothing today and everything tomorrow. Third: what can we not explain? The module that nobody on the current team wrote, the configuration that nobody understands, the dependency that nobody has updated -- these are the debts that resist repayment because the knowledge needed to repay them has been lost.
| | AUTHOR: How CorralData conducts its own debt assessment -- formally or informally? Is there a regular process, or does debt surface ad hoc? A worked example of the three-question audit applied to CorralData would give the reader a template they can use immediately. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## AI Is a New Kind of Debt
[Chapter 12](12-ai-transformation.html) examines the AI transformation in full. Here, the concern is narrower: AI coding tools are generating a new category of technical debt that does not fit cleanly into any existing framework.
GitClear, analysing 211 million changed lines of code across repositories owned by major technology companies, documented a structural shift between 2020 and 2024 that coincided with the adoption of AI coding assistants. Refactoring -- the practice of reorganising code to improve its structure -- dropped from 24% of all changed lines to under 10%. Copy-pasted code rose from 8.3% to 12.3%. For the first time in GitClear's measurement history, duplicated code exceeded refactored code. Duplicate code blocks of five or more lines increased roughly eightfold during 2024.\\]
The Google DORA team's 2024 report, surveying approximately 39,000 professionals, found that while 75% of developers reported individual productivity gains from AI tools, each 25% increase in AI adoption was accompanied by an estimated 7.2% decrease in delivery stability.\\] Individual speed went up. System reliability went down. This is the debt metaphor operating at industrial scale: AI tools borrow against future maintainability to deliver present velocity.
Kent Beck, who created Extreme Programming and Test-Driven Development, describes the mechanism precisely. AI coding assistants add features but never improve structure. A function that is already too long gets 20 more lines. A field that should be accessed through an interface gets accessed directly 20 more times. Beck calls this "eating the seed corn" -- consuming the design investment that future development depends on. Eventually, he writes, "the friction created exceeds the genie's capacity. We are out of options. The genie spins for hours without being able to correctly implement the next feature."\\]
Margaret-Anne Storey, a professor of computer science at the University of Victoria, coined the term "cognitive debt" to describe a dimension of AI-generated debt that has no precedent in traditional software engineering. Even when AI-generated code is functional and well-structured, the humans working with it may have lost their understanding of what the code does, why it works, and how to change it safely.\\] Traditional technical debt degrades the code. Cognitive debt degrades the team's relationship to the code. Both charge interest. But cognitive debt is harder to measure and harder to repay, because the remedy is not refactoring -- it is learning, which takes time that AI adoption was supposed to save.
The management strategy for AI-generated debt is straightforward in principle and demanding in practice. Review what the model produces -- not for correctness, which is the easy part, but for structure, duplication, and architectural coherence, which are the dimensions the model does not optimise for. Maintain test coverage as a constraint, not a suggestion -- Beck's warning sign that AI is going off track is when the model deletes or disables tests to make its implementation work.\\] And track the metrics that reveal debt accumulation: the ratio of new code to refactored code, the duplication rate, and the time engineers spend understanding code they did not write. These are the leading indicators. By the time delivery stability declines, the debt has already compounded.
| | AUTHOR: CorralData's specific experience with AI-generated debt -- code produced by LLM tools that required rework, a pattern you've observed in how AI tools handle your healthcare data models, or a process you've built to catch structural problems before they compound. The reader needs to see this new category of debt acknowledged by a CTO who uses AI tools daily. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## When the Strategy Changes, the Code Becomes Debt Overnight
Every category of debt described so far -- chosen, inherited, hidden, AI-generated -- accumulates gradually. There is one scenario in which the entire codebase becomes debt in a single conversation: the pivot.
When a startup changes its market, its product, or its business model, every line of code that was correct for the old strategy becomes a liability for the new one. Not because it was badly written. Not because the team cut corners. Because the company's understanding of what it is building has shifted wholesale -- which is Cunningham's original metaphor operating at the scale of the entire business rather than a single module.
The canonical pivot stories reveal a spectrum. At one end: YouTube pivoted from a video dating site to a general video platform in approximately one week. Steve Chen, co-founder and CTO, describes the sequence: they launched the dating site, zero videos were uploaded in the first week, and they opened the platform to all content.\\] The technical infrastructure -- the upload pipeline, the Flash-based transcoding engine, the hosting architecture -- survived intact. The pivot was a positioning change, not a technical one. Nearly everything carried over.
At the other end: Stewart Butterfield spent years building Glitch, a massively multiplayer online game, before shutting it down and building Slack from the internal communication tool his team had hacked together during development. The game was built on Flash -- a dying platform after Apple refused to support it on the iPhone. CTO Cal Henderson has noted that the Flash dependency meant they could not pivot the game itself; the technology platform was a dead end.\\] Slack was built from scratch, in a different stack, for a different market. What survived was not code but knowledge: how real-time messaging should feel, what made a communication tool sticky, and the conviction that the internal tool they had built for themselves was more valuable than the game it was supposed to support. Butterfield's pitch to the remaining team captured the transition: "We'll get rid of all the stuff we've duct-taped together and start fresh, but keep everything we've learned."\\]
Between these extremes sits Shopify, the most instructive case for the CTO thinking about debt. Tobias Lütke built an online snowboard store called Snow Devil in Ruby on Rails in 2004\. When he could not find adequate e-commerce software, he built his own. The pivot -- from snowboard retailer to e-commerce platform -- was a generalisation: same domain, broader audience. Lütke describes the continuity: "In the end, Shopify is the software that I hoped to find in 2004 for Snowdevil."\\] The codebase did not die. It evolved over eighteen months from a single-tenant store to a multi-tenant platform. Two open-source libraries Lütke wrote for Snow Devil -- Liquid (a templating language) and ActiveMerchant (a payment processing abstraction) -- remain core Shopify infrastructure today. Shopify still runs on Ruby on Rails in 2025.
Instagram and Twitter complete the spectrum. Krieger and Systrom stripped their location-based social app Burbn down to a single feature -- photo sharing -- and rewrote the entire application in eight weeks. The insight survived; the code did not. Twitter was prototyped in two weeks inside Odeo, a podcast platform. Both used Ruby on Rails; no podcast code was relevant to a microblogging service.
The pattern is clear, and it is the pattern the CTO needs to internalise: **the type of pivot determines whether the code survives, independent of how well the code was written.** A positioning pivot (YouTube) or a generalisation pivot (Shopify) preserves the technical foundation. A product pivot (Slack, Instagram, Twitter) destroys it. Eric Ries catalogues ten types of pivot in _The Lean Startup_, but nearly all of them are strategic -- customer segment, channel, business model, value capture.\\] Only the "technology pivot" explicitly addresses the codebase. This is a gap in the literature that the CTO should fill for themselves: before committing to a pivot, map the type of change to its expected technical impact. A customer segment pivot may require nothing more than new onboarding flows. A platform pivot may require a complete rewrite.
Yann Lechelle, a founder-CTO who navigated multiple pivots at Appsfire and Snips.ai, offers the architectural defence: "Building an architecture that isolates fundamental blocks of logic and imposes inter-process communication by way of a proper API may help migrate from a B2C product to a B2B offering that exposes those APIs to external entities. Shortcuts or sloppy execution can easily turn into technical debt which is extremely penalising in case of a pivot."\\] The CTO who built a monolith to ship faster -- a rational decision at the time -- will discover during a pivot that the monolith cannot be selectively salvaged. The CTO who invested in service boundaries and clean APIs will discover that some services survive the pivot and some do not, but the separation makes the triage possible.
The emotional dimension is the part nobody discusses. Nicholas Freund, co-founder of Workstream, names it directly: "When your life force has become bound in your product, it is not simple to fold your hand and move on."\\] The CTO who spent a year building a system is not evaluating the pivot objectively. They are grieving the loss of their work -- and that grief can manifest as resistance to the pivot, as overconfidence that the old code can be adapted, or as paralysis in the face of a decision that requires killing what they built. The CTO who recognises this emotional dimension can manage it. The CTO who does not will mistake their attachment for architectural judgment.
The term for this -- which does not exist in the literature but should -- is **pivot debt**: technical debt created not by shortcuts or ignorance but by a change in strategic direction. It is the most expensive debt a startup can incur, because it arrives all at once and it cannot be paid down incrementally. The only question is how much of the old system can be salvaged and how much must be written off. The CTO who designed for reversibility -- the subject of Chapter 4 -- will salvage more. The CTO who optimised for speed without abstraction will salvage less. Both will feel the loss. The difference is whether the loss is weeks or months.
| | AUTHOR: If CorralData has pivoted -- even a partial pivot, such as a shift in target customer, a change in the core product thesis, or an evolution of the AI strategy -- describe what happened to the codebase. What survived? What became debt overnight? If CorralData has not pivoted, describe what a pivot would do to the current architecture -- which components would survive and which would not. The reader at a healthcare startup considering a market or product change needs to see a CTO thinking through this in real time. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## When to Rewrite and When to Resist
The temptation to rewrite is the final stage of debt denial. The codebase is slow, fragile, and hostile to change. The team fantasises about starting fresh -- clean architecture, modern tooling, no legacy constraints. Joel Spolsky, whose essay on the subject was cited in Chapter 4, called this "the single worst strategic mistake that any software company can make."\\] He is mostly right.
Martin Fowler offers the alternative: the strangler fig pattern. Named after the tropical vines that grow around a host tree, gradually replacing it, the pattern describes a migration strategy in which new functionality is built alongside the old system, routing traffic incrementally from old to new until the original system can be decommissioned. "Replacing a serious IT system takes a long time, and the users can't wait for new features," Fowler writes. "Replacements seem easy to specify, but often it's hard to figure out the details of existing behavior."\\]
Herb Caudill, analysing six software rewrite stories -- Netscape (failed catastrophically), Basecamp (succeeded three times), Visual Studio Code (succeeded as a parallel product), Gmail and Inbox (mixed), FogBugz and Trello (pivot to a new product), and FreshBooks (succeeded after five years) -- identifies the pattern that separates success from failure. Successful rewrites are not rewrites at all. They are new products built alongside old ones. DHH rewrote Basecamp three times, but each version was a fundamentally different product, and old versions continued to run indefinitely. Microsoft did not rewrite Visual Studio. It built VS Code -- a new product that happened to serve a similar audience. The rewrites that failed -- Netscape, most notably -- attempted to replace an existing product feature-for-feature while the market moved on.\\]
For the startup CTO, the rewrite question usually arises at the wrong time and for the wrong reasons. The team is frustrated. The codebase is painful. The fantasy of a clean start is emotionally compelling. The business case is almost never there. A rewrite consumes six to eighteen months of engineering capacity during which no new features ship, no new customers are acquired, and the competitive window narrows. The strangler fig -- replacing one module at a time, routing traffic incrementally, keeping the old system running -- is slower and less satisfying. It is also the approach that companies survive.
The exception, as Stephan Schmidt observes, is the CTO hired specifically to solve a deep technical crisis: "Stop the world. Six month rewrite. Happy future."\\] That mandate is rare, and it only works when the entire organisation -- board, CEO, and team -- has agreed that the current system is terminal and the rewrite is the company's primary investment for the next two quarters. Without that alignment, the rewrite becomes the project that was never finished, never delivered, and left the company with two systems instead of one.
---
[Chapter 4](4-technical-decisions-business-decisions.html) argued that every technical decision is a business decision. This chapter argues that the consequences of those decisions -- the debt they create -- are a business instrument. The CTO who manages debt strategically can borrow against the future to ship faster, reach a market window, or test a hypothesis that would otherwise take six months to validate. The CTO who accumulates debt unconsciously will discover, as Cunningham warned in 1992, that entire engineering organisations can be brought to a standstill under the weight of it. And the CTO whose company pivots will discover the most brutal truth about debt: code that was right for the old world becomes wrong for the new one, not because it was badly written but because the world changed.
Andrea Goulet, who founded Corgibytes to specialise in legacy code modernisation, proposes an inversion of the metaphor that is worth holding onto. Rather than thinking only about debt reduction, she argues, the CTO should think about building technical wealth: "When you resolve some debt, you're giving yourself momentum. When you install new windows in your home, yes you're spending a bunch of money, but then you save a hundred dollars a month on your electric bill. The same thing happens with code. Only instead of efficiency, you gain productivity that compounds over time."\\] Debt is what you owe. Wealth is what debt management produces -- a codebase that accelerates the team rather than taxing it.
The next chapter is about what debt management makes possible. If the CTO has made the right technical bets ([Chapter 4](4-technical-decisions-business-decisions.html)) and is managing the interest on those bets (this chapter), the company can do the thing that matters most: ship. [Chapter 6](6-shipping-software.html) argues that iteration speed is the startup's primary competitive advantage, and that the infrastructure of speed -- CI/CD, feature flags, scope discipline -- is the CTO's highest-return investment. The debt framework from this chapter is the prerequisite: you cannot ship fast on a codebase that charges 50% interest on every change.
## Frequently Asked Questions
1. _What is technical debt?_
Technical debt is Ward Cunningham's metaphor for the accumulated cost of shortcuts and expedient decisions in software development. Like financial debt, it accrues interest -- every future change takes longer because of the shortcuts taken earlier. It includes outdated dependencies, missing tests, unclear code, tightly coupled systems, and deferred maintenance. Not all technical debt is bad -- some is a deliberate and strategic trade-off for speed.
2. _Is technical debt always bad?_
No. Strategic technical debt is a legitimate instrument, much like financial debt is a legitimate financing tool. Taking on deliberate, well-understood debt to ship faster and validate a business hypothesis can be the right decision. The problem is not debt itself but unmanaged debt -- shortcuts taken without awareness, never documented, and never scheduled for repayment. The key distinction is between deliberate debt (a conscious trade-off) and accidental debt (the result of not knowing better).
3. _How do you explain technical debt to non-technical stakeholders?_
Use the financial metaphor directly -- it is the closest analogy non-technical people already understand. Explain that you borrowed speed by taking shortcuts, and now you are paying interest on that loan every time you build new features. Quantify the interest: if a feature that should take one week now takes three because of accumulated debt, two weeks of engineering time are the interest payment. Frame repayment as an investment with measurable returns, not as engineering housekeeping.
4. _When should you pay down technical debt?_
Pay down technical debt when the interest cost exceeds the repayment cost -- when the time lost to working around the debt on every feature is greater than the time it would take to fix it. A practical approach is to allocate 15 to 20 percent of each sprint to debt repayment, treating it as ongoing maintenance rather than a special project. Prioritise debt that blocks the most common development paths and causes the most frequent incidents.
5. _How do you measure technical debt?_
Look at leading indicators rather than trying to put a single number on it. Useful measures include declining deployment frequency, increasing cycle time for similar-sized features, rising bug rates in specific areas of the codebase, developer satisfaction surveys, and the ratio of planned to unplanned work. If developers consistently estimate tasks at two to three times what the same work would have taken a year ago, debt is accumulating faster than it is being repaid.
## References
. Cunningham, W. (1992). The WyCash portfolio management system. _OOPSLA '92: Addendum to the Proceedings on Object-Oriented Programming Systems, Languages, and Applications_, pp. 29--30\. ACM. -- DOI: 10.1145/157709.157715\. 803 citations in ACM Digital Library.
. Cunningham, W. (2009, February 14). Debt metaphor \\\[Video\]. _YouTube_. -- Transcript by June Kim and Lawrence Wang, CC BY 3.0:
. Fowler, M. (2009, October 14; reposted November 19, 2014). Technical debt quadrant. _martinfowler.com/bliki_.
. McConnell, S. (2008, June). Managing technical debt (Version 1). _Construx Software Best Practices White Paper_. -- Original blog post: November 1, 2007\.
. Elliott-McCrea, K. (2016, January 10). Towards an understanding of technical debt. _kellanem.com_. -- Elliott-McCrea was CTO of Etsy 2010--2015\.
. Stripe. (2018, September). The developer coefficient. -- Methodology: Harris Poll partnership, thousands of C-level executives and developers across 30+ industries.
. Stepsize. (2021). The state of technical debt 2021\. -- n=200+ engineering team members. Reported by VentureBeat, July 7, 2021\.
. DX & Atlassian. (2024). State of developer experience report 2024\. -- n=2,100+ developers and engineering leaders (DX: 900 developers; Atlassian/Wakefield Research: 1,250 engineering leaders).
. Stack Overflow. (2024). 2024 developer survey. -- n≈65,000 developers globally.
. Krasner, H. (2022, November). The cost of poor software quality in the US: A 2022 report. _Consortium for Information & Software Quality (CISQ)_. -- CISQ co-founded by the Object Management Group and SEI at Carnegie Mellon.
. Dalal, Patenge, Krishnakanthan, & Münstermann. (2020, October 6). Tech debt: Reclaiming tech equity. _McKinsey Digital_. -- Survey of 50 CIOs at financial services and technology companies with >$1B revenue.
. Fowler, M. (2003, October 1; substantially rewritten May 21, 2019). Technical debt. _martinfowler.com/bliki_.
. Jaspan, C., & Green, C. (2023). Defining, measuring, and managing technical debt. _IEEE Software_, 40(3), 15--19\. DOI: 10.1109/ms.2023.3242137\.
. Troy, C. (2021, January 14--21). Quantifying technical debt / Avoiding technical debt / Reducing technical debt \\\[Three-part series\]. _chelseatroy.com_. -- Troy is a staff software engineer at Mozilla and teaches at the University of Chicago.
. Larson, W. (2018, April 15). Migrations: the sole scalable fix to tech debt. _lethain.com_. -- See also Larson's QCon SF 2018 talk, "Paying Technical Debt at Scale -- Migrations @Stripe":
. GitClear. (2025, February). AI copilot code quality: 2025 data suggests 4x growth in code clones. -- Dataset: 211 million changed lines from repos owned by Google, Microsoft, Meta, and enterprise companies.
. DORA. (2024, October). 2024 Accelerate State of DevOps Report. Google Cloud. -- n≈39,000 professionals.
. Beck, K. (2025, May 3). Augmented coding & design: The genie eats the seed corn. _Tidy First? Substack_. -- See also Beck, K. (2025, June 25). Augmented coding: Beyond the vibes.
. Storey, M.-A. (2026, February). Cognitive debt. _margaretstorey.com_. Referenced via Techmeme: -- Storey is a Professor of Computer Science at the University of Victoria.
. Chen, S., & Karim, J. (2024). YouTube: 18 months that changed the internet \\\[Interview\]. _Crucible Moments_ podcast, Sequoia Capital. -- Firsthand co-founder account of the pivot from video dating to general video sharing.
. Butterfield, S. (2016). Slacking with Slack CEO Stewart Butterfield \\\[Interview conducted within Slack\]. _Bloomberg Businessweek Design_. -- "Slack was just a built-from-scratch version of the jury-rigged and hacked-together system." See also: Rodgers, J. (2024, December 20). The death of Glitch, the birth of Slack. _Building Slack_. -- Firsthand employee account; Henderson, C. Interview. _Building Slack_. -- CTO on Flash dependency and architecture decisions.
. Lütke, T. (\~2009--2010). Q&A with Tobias Lütke of Shopify. _Signal v. Noise_. -- "In the end, Shopify is the software that I hoped to find in 2004 for Snowdevil." Lütke was founding CEO/CTO; Liquid and ActiveMerchant remain core Shopify infrastructure.
. Ries, E. (2011). _The Lean Startup: How Today's Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses_. Crown Business. Chapter 9: "Pivot (or Persevere)." Ten pivot types: zoom-in, zoom-out, customer segment, customer need, platform, business architecture, value capture, engine of growth, channel, technology.
. Lechelle, Y. (2015, April 30). The art of the startup pivot from a founder-CTO point of view. _Medium (Unexpected Token)_. -- Firsthand CTO of Appsfire and COO of Snips.ai; multiple pivots.
. Freund, N. (2024, December 11). How the psychology of pivots holds us back. _Not Another CEO (Substack)_. -- Firsthand founder account (Workstream, two major pivots). "When your life force has become bound in your product, it is not simple to fold your hand and move on."
. Spolsky, J. (2000, April 6). Things you should never do, part I. _Joel on Software_.
. Fowler, M. (2004, June 29; revised August 22, 2024). StranglerFigApplication. _martinfowler.com/bliki_.
. Caudill, H. (2019, February 20). Lessons from 6 software rewrite stories. _Medium_. -- DHH's rewrite philosophy: Hansson, D. H. The big rewrite, revisited. _Signal v. Noise_.
. Schmidt, S. Software rewrite strategy: Why 90% fail. _AmazingCTO_.
. Goulet, A. Forget technical debt -- here's how to build technical wealth \\\[Interview\]. _First Round Review_. -- Goulet is CEO of Corgibytes. See also Goulet, A. (2020, February 12). Technical debt isn't just technical. _Corgibytes Blog_.
Chapter 6: Shipping Is the Strategy
====================
> A ship in port is safe, but that's not what ships are built for.
-- Grace Hopper
Key Takeaways
* Speed and quality are not opposites. Elite teams deploy 208 times more frequently than low performers and experience seven times fewer failures -- because the practices that enable speed are the same ones that enable safety.
* The goal is not to be careful; the goal is to be confident. Careful means going slowly and hoping nothing breaks. Confident means investing in the systems that let you go fast and recover instantly when something does.
* Less friction encourages smaller changes, and smaller changes are less risky. This is the counterintuitive engine of high-performing teams: they ship more often precisely because each shipment is so small it barely matters.
* Monzo, a regulated bank handling real money, deployed over a hundred times a day. If a bank can ship continuously, your startup's reasons for not doing so are almost certainly organisational, not technical.
Monzo is a bank. Not a fintech startup that calls itself a bank -- a regulated UK bank, authorised by the Prudential Regulation Authority, holding customer deposits, issuing debit cards, processing millions of transactions. Banks deploy software cautiously. They run change advisory boards, schedule release windows, require multiple sign-offs. Their regulators expect them to.
Monzo deploys to production over 100 times a day.\\]
Any engineer can ship with a single command using a bespoke tool called Shipper, which handles rolling deployments in Kubernetes and runs Cassandra migrations behind the scenes. The change management process: one code review from an engineer on the owning team, merge to main, deploy. For a bank, the process is -- in Monzo's own words -- "surprisingly light on human touch points."\\] The architecture underneath: more than 1,600 microservices written in Go, running on Cassandra and Kubernetes on AWS, managed through a monorepo with automated CI checks.\\]
Between mid-2018 and early 2020, under CTO Meri Williams, Monzo's engineering and data team grew from roughly 50 people to more than 250\. The customer base went from under one million to more than four million.\\] Through that growth, deployment frequency per engineer went up, not down -- and incidents went down.\\]
The question Williams faced is the question every startup CTO faces when growth arrives: how do you keep shipping at the same velocity when the team quintuples and the surface area of the product explodes? Frederick Brooks proved in 1975 that adding people to a late project makes it later.\\] The conventional answer is that you cannot sustain speed through scaling -- that coordination costs will eat the gains from every new hire.
Monzo's answer was that velocity can survive scaling if you invest in the right infrastructure. Not just CI/CD pipelines and deployment tools, but team structures, scope discipline, and a culture that treats small, frequent, reversible changes as the default. This chapter maps that infrastructure.
## Speed Is Learning, Not Just Deployment
Most advice about shipping speed focuses on the deployment pipeline -- continuous integration, deployment frequency, mean time to recovery. These matter. But they describe the mechanism, not the strategy. The strategic argument for speed is about learning.
A startup is a series of hypotheses. The product hypothesis, the market hypothesis, the pricing hypothesis, the retention hypothesis. Each deployment is an experiment. The faster you run experiments, the faster you learn which hypotheses are wrong, and the faster you can redirect investment toward the ones that might be right. The CTO who frames velocity as "we deploy more often" is describing plumbing. The CTO who frames velocity as "we learn faster than our competitors" is describing competitive advantage -- in terms a board can understand.
Monzo's engineering team stated the connection explicitly: "Our success relies on us rapidly shipping new features to customers. This tight feedback loop helps us quickly validate our ideas. We can double down on the ideas that are working, and fail fast if we need to."\\] Paul Adams, VP of Product at Intercom, a customer-messaging platform, framed it even more directly: shipping "is primarily about learning. No product team can fully predict how their users will behave or react."\\]
The Slack team discovered this by necessity. When they launched their MVP, they had no signup flows, no import tools, no email integration. They manually invited new teams and generated join links. What they learned from shipping without those features was more valuable than the features themselves: teams much larger than their own wanted to use the product. Rdio, a company of more than 300 people, tried Slack -- revealing performance bugs, the need for a mute function, and the fact that users were inventing channel-naming conventions the team had never imagined. Johnny Rodgers and Ali Rayl, two of Slack's earliest employees, reflected on this: "None of us was smart enough to anticipate all the ways that people would use our multiplayer software. The best way to ensure we didn't drift away from those needs and expectations was to get people using it."\\] None of those discoveries would have surfaced in a planning document. They surfaced because Slack shipped an incomplete product to real users.
This framing has a direct business translation that most CTOs miss. Every week of delay in shipping a feature is a week of delay in learning whether that feature drives retention, revenue, or neither. A startup burning $200,000 per month that takes eight weeks to ship a feature instead of four has spent an additional $200,000 -- not on the feature, but on the delay in learning whether the feature matters. Speed is not recklessness. It is capital efficiency. The CTO who cannot make this argument in business terms has already lost the velocity negotiation before it starts.
This framing applies even -- especially -- in contexts where the feedback loop is slow. Healthcare B2B, enterprise sales, regulated industries: these all have longer cycles between shipping and learning. But the principle holds. A healthcare SaaS company that takes six months to ship a feature instead of three has not just delayed a launch. It has delayed six months of customer usage data, compliance feedback, and integration testing with real health systems. The iteration cycle is longer, but the cost of delay is higher, not lower.
| | AUTHOR: A specific CorralData moment belongs here -- a feature that shipped fast and produced a measurable business outcome, or one that shipped slowly and the delay cost the team something concrete. The reader needs to see this principle in a regulated, enterprise-sales context, not just consumer tech. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
Will Larson, drawing on his CTO survey data, identified the biggest challenge startup CTOs face right now: their CEOs demanding increased engineering velocity. The pressure is real and universal. The CTO who has already reframed velocity as learning speed has a language for responding to that pressure. The CTO who has not will default to the only response the CEO can see -- adding engineers, which Brooks proved half a century ago does not work.
The "move fast and break things" framing gets this wrong -- not because speed is bad, but because the phrase conflates speed with carelessness. The companies that actually ship fastest are usually the ones with the most discipline, not the least. Kellan Elliott-McCrea, CTO of Etsy, an online marketplace, through its 2015 IPO, put it precisely: "The goal is NOT to be careful. The goal is to be confident."\\] Etsy's engineering practices, he wrote, were "a spectrum of tools for increasing our confidence in our ability to make change."\\] Confidence and caution are different things. Caution tries to avoid risk. Confidence builds the systems that make risk manageable.
## The Infrastructure of Speed
Confidence is not a feeling. It is an infrastructure. Five investments separate teams that ship fast from teams that talk about shipping fast. None of them is a technology choice. Each is a discipline -- a commitment the CTO makes about how the team will work.
**Continuous integration and delivery.** The table stakes. Every commit builds, every build is tested, every passing build can deploy. The CTO's real investment is not in the pipeline tool but in the discipline: if CI is red for more than an hour, everything stops until it is green. The cost of a broken pipeline is not the pipeline itself -- it is every engineer whose workflow is blocked until it is fixed.
The Shopify data makes the case for treating CI speed as a first-class engineering investment. Before Shopify's Test Infrastructure team tackled the problem, 68% of CI time was spent on overhead before any test ran. CI at the 95th percentile took 45 minutes. Docker container start time was 90 seconds -- sometimes spiking past two minutes. After the team invested in instrumentation, Docker I/O optimisation, test selection, and parallel dependency building: CI p95 dropped to 18 minutes, Docker start time to 25 seconds, test stability went from 88% to 97%.\\] Christian Bruckmayer, who worked on that team, described the motivation plainly: "Our developers were frustrated."\\] Frustrated developers do not deploy. They batch changes, wait, and ship large, risky releases -- the opposite of what velocity requires.
The same pattern played out at GitHub. CI averaged 45 minutes; after merging, CI ran again; in a perfect scenario, an engineer waited roughly two hours from checking in code to seeing the change live. The team identified two integration-testing jobs as the bottleneck and introduced what they called "deferred compliance" -- long-running tests that no longer block deployment but must pass within 72 hours or all deploys halt.\\] CI dropped to 15 minutes. Three times faster.
The Etsy transformation is the canonical narrative, and the one most relevant to startup CTOs because it starts where startups start: small and painful. In 2008, Etsy had roughly 35 employees, half of them engineers. They deployed twice per week. Deploys took hours, required a minimum of three developers plus an ops engineer on standby, and the pattern was predictable: deploy, site goes down. By 2012, the company was making 25 deploys per day; 196 different people deployed to production that year. Production push time: 70 to 150 seconds. By 2013--2014, Etsy was shipping more than 50 times per day.\\] Elliott-McCrea, looking back in 2015, wrote: "Five years ago, continuous deployment was still a heretical idea. The idea you could do it with over 250 engineers was, to me at least, literally unimaginable."\\]
Intercom's founding leadership made a similar bet before they had a product to deploy. Rich Archbold, then Senior Director of Engineering, described the decision: "In the first six months of Intercom's creation as a company our CTO and VP of engineering decided we actually needed to have a world class CICD system."\\] They built it before they built most of the product. That decision -- to invest in deployment infrastructure before there was much to deploy -- paid compound returns for years.
**Feature flags.** Feature flags decouple deployment from release. Code ships to production without being visible to users, then turns on incrementally -- by user segment, by percentage, by geography. This eliminates the most common source of deployment fear: the big-bang release where everything goes live at once. GitHub uses feature flags to ship code continuously, with features gated behind flags and gradually rolled out to expanding user populations.\\] The deployment risk and the feature risk become separate problems. The cost is a flag management system and the discipline to clean up old flags; the return is the ability to deploy at any time without the stakes of a full release. Feature flags are the single most underinvested infrastructure at startup scale, likely because they feel like overhead rather than capability. They are capability.
**Trunk-based development.** Long-lived feature branches are the enemy of velocity. Every hour a branch lives, it drifts further from main, and every hour of drift is a merge conflict waiting to happen. Trunk-based development -- committing to main frequently, using feature flags to hide incomplete work -- reduces merge conflicts, accelerates code review, and forces smaller, more reviewable changes.
Monzo's engineering principles codify this as culture: "Make changes small, make them often. The key idea of change management at Monzo is that small, incremental changes that we can easily undo have a lower risk than large, irreversible deployments."\\] Their Shipper tool and monorepo enforce the discipline structurally. And their platform team -- which Matt Heath and Suhail Patel described at QCon London in 2020 -- exists to abstract away the complexity of Kubernetes and Cassandra so that product engineers never need to think about it.\\] The explicit mission: "Engineers shouldn't be expected to know complex things like Kubernetes and Cassandra."\\] When the infrastructure is invisible, the deployment is trivial, and the change is small, engineers ship more often -- not because they are told to, but because the friction is gone.
**Automated testing.** The fastest teams are usually the ones writing the most tests. This is counterintuitive if you were raised on "move fast and break things," but the logic is straightforward: manual testing does not scale. A team of five engineers can get away with manual QA. A team of 25 cannot -- the test matrix grows faster than the team. Automated tests are not a quality investment. They are a speed investment. Every hour spent writing tests saves multiples of that hour in manual regression, debugging, and production incidents. The CTO who skips testing to ship faster will ship faster for one quarter. After that, the team spends more time fixing bugs than building features, and velocity collapses.
Etsy's CI cluster ran more than 14,000 test-suite runs per day.\\] That was not quality overhead. That was the infrastructure that made 50 deploys per day safe. Shopify's test stability improvement from 88% to 97% was worth a dedicated team because flaky tests erode trust in the entire pipeline -- and when engineers stop trusting the pipeline, they stop using it.\\]
**Scope discipline.** The hardest investment because it is behavioural, not technical. Scope discipline means every feature has a minimum version -- the smallest build that tests the hypothesis -- and everything beyond that is deferred until the hypothesis is validated. The cost is the discomfort of shipping something that feels incomplete. The return is learning a month earlier whether the thing was worth building. This one matters enough to warrant its own section.
These five investments are not equally urgent at every stage. CI/CD is Stage 1 infrastructure -- if you do not have automated builds and deploys before you hire your fifth engineer, you will regret it by the tenth. Testing and feature flags become urgent at Stage 2, when the team grows past what one person can coordinate. Trunk-based development and scope discipline are habits that should start at Stage 1 but are enforced by pain at Stage 2\. The CTO who tries to introduce all five simultaneously will overwhelm the team. Sequence them: CI/CD first, testing second, feature flags third, trunk-based development and scope discipline as ongoing cultural work that begins on day one but becomes structurally enforced as the team grows.
Watch for the common failure mode: investing in the pipeline but not in the discipline. A CI/CD system that is routinely red and routinely ignored is worse than no system at all, because it teaches the team that build failures do not matter. The pipeline becomes decoration -- a tool that exists but does not constrain. The same failure occurs with feature flags that are never cleaned up (the codebase fills with dead branches), with trunk-based development that is nominally practised but routinely violated for "just this one feature," and with testing that covers the easy paths but skips the edge cases that cause production incidents. The infrastructure only works if the team treats it as load-bearing. The CTO's job is to enforce that treatment, especially when the pressure to "just ship it" makes cutting the discipline feel reasonable.
| | AUTHOR: An honest self-assessment of the CorralData pipeline belongs here -- which of these five investments has the team made, which are still incomplete, where are the bottlenecks? The reader will trust a CTO who admits what they have not yet built. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
Monzo's deployment blog captured the underlying logic: "Successful startups move quickly. It's how they can compete with companies who have 1000x the resources. But as companies grow they get slow. The cost of failure increases, so arduous change management processes are introduced." Monzo went the other direction: "optimise the developer workflow for rapid delivery, and this leads to a reduction in risk too." The mechanism, stated as an engineering principle: "less friction encourages smaller changes, and smaller changes are less risky."\\]
## Cutting Scope Without Cutting Corners
Every sprint, every planning meeting, the CTO faces the same negotiation: what can we cut to ship sooner? The wrong answer is to cut testing, security, or observability. Those are corners. The right answer is to cut functionality -- to ship the smallest version that tests the business hypothesis and defer everything else.
Scope and quality are not on the same axis. Reducing scope means building less. Cutting corners means building poorly. A feature with reduced scope can still be well-tested, well-monitored, and well-documented. A feature with full scope and cut corners will generate production incidents, customer complaints, and technical debt that compounds against future velocity. The CTO's job is to hold the line on quality while negotiating scope relentlessly -- and the language matters. "We're cutting features" sounds like failure. "We're shipping the version that tests the hypothesis fastest" sounds like strategy. Both describe the same action.
Ryan Singer, who shaped Basecamp's product development process, uses language stronger than cutting. "\`People often talk about 'cutting' scope. We use an even stronger word -- _hammering_ -- to reflect the power and force it takes to repeatedly bang the scope so it fits in the time box.\`"\\] The metaphor is right. Scope does not yield to politeness. It yields to force.
The clearest evidence comes from companies that shipped deliberately incomplete features and learned more than they would have from shipping complete ones.
When Intercom redesigned their reply composer, they removed the markdown preview feature entirely. Their reasoning: most users type quickly and hit reply; a simpler UI serves them better. Within two days, they learned that users who relied on markdown needed preview to check rendering. A few days after the initial ship, they restored it.\\] The cost of the reduced scope: a few days of user friction for a subset of customers. The benefit: they shipped sooner and learned precisely which part of the feature mattered. In a separate instance, an Intercom team chose not to build a many-to-many data relationship that seemed architecturally necessary -- the kind of decision that keeps a backend engineer awake at night. The result: customers used the feature without difficulty. The complexity was never built. The team wrote: "something we only discovered by starting small and iterating quickly."\\] That unbuilt data relationship is the purest example of scope discipline: a piece of architecture that felt mandatory, turned out to be optional, and was discovered to be unnecessary only because the team shipped without it.
At Basecamp, a customer asked for a calendar. Rather than building one -- Singer estimated six months -- the team called the customer and asked what she actually needed a calendar for. She described driving to the office to check a chalkboard wall calendar for free meeting-room slots. The need was not "a calendar." It was "seeing which days have events so I can schedule around them." They designed a Dot Grid -- a minimal month view showing dots on days that had events -- and shipped it in a six-week cycle.\\] The scope hammer turned a six-month project into a six-week feature. In another case, a customer requested file-archiving permissions. Digging into the actual problem, Singer's team discovered that someone had archived a file without knowing it would disappear for everyone. The fix: a warning message on the archive action. One day of work instead of six weeks.\\]
Linear, a project-management tool, shipped the first versions of Cycles and Projects -- now major product features -- in two weeks. They shipped to themselves and private beta users in the first week and began collecting feedback immediately. Authentication: Google login only, because it was the fastest path to shipping. They knew they would need email and other login methods eventually, but authentication was not the hypothesis they were testing.\\]
Each of these examples follows the same pattern: define the hypothesis, build the minimum that tests it, ship, and watch. The calendar hypothesis was not "do users want a calendar?" It was "do users need to see which days have events?" The authentication hypothesis was not "will users accept Google-only login?" It was "is the core product valuable enough to use at all?" When the scope question starts with the hypothesis rather than the feature, the minimum version becomes obvious -- and it is always smaller than the team's first instinct.
Three questions turn scope negotiation from a fight into a framework. What hypothesis does this feature test? What is the minimum functionality that tests it? What can be deferred without invalidating the test? The Basecamp calendar answered these: the hypothesis was "users need to see availability," the minimum was dots on a grid, and full event details could wait. The Intercom reply composer answered them: the hypothesis was "users want a faster reply flow," the minimum was a composer without preview, and preview could be restored if needed. The framework is not a process to follow mechanically. It is a lens that reveals which parts of a feature are load-bearing and which are assumptions.
The language the CTO uses in this negotiation matters as much as the framework itself. "We're cutting features" sounds like failure. "We're shipping the version that tests the hypothesis fastest" sounds like strategy. Both describe the same action. The CTO who can reframe scope reduction as speed-to-learning rather than compromise has a tool that works in every room -- with engineers who want to build the complete version, with product managers who promised a customer the full feature, and with a CEO who wants to know why the roadmap shows less than what was planned.
Scope creep is the most common velocity killer at startups. It rarely arrives as a dramatic demand. It arrives as a series of small additions, each seemingly reasonable -- "can we just add..." -- that collectively push the delivery date by weeks or months. The CTO who cannot hold the scope line will never ship fast, regardless of how good the CI/CD pipeline is.
| | AUTHOR: A specific CorralData scope discipline example belongs here -- a feature scoped down, shipped, learned from, and then expanded or killed based on what the data showed. The more specific -- customer type, feature, what was cut, what happened -- the better. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## How Shipping Speed Survives Scaling
Scope discipline keeps a small team fast. The harder problem is whether velocity survives growth -- when the team doubles, the codebase triples, and the number of things that can go wrong grows faster than either.
The mathematics are not encouraging. Brooks's communication overhead formula is precise: n people create n(n-1)/2 communication channels.\\] Two people means one channel. Five means 10\. Ten means 45\. Fifty means 1,225\. Brooks's original observation was about late projects -- "adding manpower to a late software project makes it later" -- but the principle applies to organisational velocity broadly. His reasoning: "Men and months are interchangeable commodities only when a task can be partitioned among many workers with no communication among them... This is true of reaping wheat or picking cotton; it is not even approximately true of systems programming."\\] Modern research confirms it. A 2012 study of 951 software projects found that teams of nine or more were significantly less productive than smaller ones.\\] An analysis of 491 projects found that teams of three to seven had the best overall performance, and that the extreme non-linear effort increase did not kick in until teams approached nine people.\\]
Jeff Bezos, characteristically, treated this as a design constraint rather than a law of nature. In early 2002, he reorganised Amazon into "two-pizza teams" -- no team large enough to require more than two pizzas to feed. The reasoning was not about pizza. It was about communication channels. Bezos's philosophy, as recorded by Brad Stone: "Communication is a sign of dysfunction. It means people aren't working together in a close, organic way. We should be trying to figure out a way for teams to communicate less with each other, not more."\\] At the Pragmatic Engineer Summit in February 2026, an engineering leader at a traditional company that sells physical goods reported that those two-pizza teams (six to ten people) were already becoming one-pizza teams (three to four people), driven by AI tooling.\\] The shrinking of the unit of independent shipping is the current frontier of this problem.
The Monzo scaling period -- 50 to 250+ engineers in roughly 18 months -- is the most thoroughly documented test of whether velocity can survive that kind of growth at a startup. Williams made several structural decisions that directly addressed the communication overhead problem.
In 2019, Monzo introduced a "Collectives and Squads" system. Squads were small and cross-functional: a product manager, backend engineers, mobile and web engineers, designers, user researchers. They stuck to the two-pizza rule as a baseline for squad size. Collectives grouped related squads, loosely modelled on Spotify's tribe structure.\\] A critical organisational decision: team leads and engineering managers were separate roles. When an engineer moved teams, their team lead changed but their manager stayed the same -- decoupling career development from project assignment and removing one reason engineers resist moving where they are needed.\\]
The platform investment was equally deliberate. Williams described an "engineering excellence team" -- essentially a developer-tools team -- whose mission was making deployment as easy, seamless, and low-risk as possible for both new joiners and existing engineers.\\] This is the team that built and maintained Shipper. Suhail Patel, presenting at QCon in 2020, stated the philosophy: "We think all the complexities about scaling infrastructure, making sure that servers are provisioned and databases are available, should be dealt with by a specific team, so that engineers who are working on the product can focus on building a great bank."\\] One hundred deploys per day is not the product of 250 engineers individually deciding to deploy. It is the product of a platform team whose job is to make deploying trivially easy and reversibly safe.
Williams observed the communication challenges at each growth threshold with precision. At 50 people, the complaints shift: "You start hearing more of: 'I don't know how to progress anymore, I need a career path.'" At 100, trust between teams can no longer rely on personal relationships: "You have to build processes and mechanics to build trust between teams." At 150 -- Dunbar's number -- "you can't maintain a relationship with each of them individually."\\] Monzo's response at the 50-person threshold was to open-source their engineering progression framework on GitHub -- a transparent document showing engineers exactly how to advance.\\] This was not an HR exercise. It was a velocity investment: when engineers can answer "how do I get promoted?" by reading a document instead of scheduling a meeting, one fewer bottleneck exists at the management layer.
Velocity under growth was not frictionless. Two major incidents during Williams' tenure tested the infrastructure. On May 30, 2019, roughly a quarter of bank transfers into Monzo failed or were delayed for nine hours -- the root cause was a third-party Faster Payments Gateway corrupting payment messages.\\] On July 29, 2019, a Cassandra scaling outage hit while the team was expanding from 21 to 27 servers: new nodes unexpectedly assumed ownership of data partitions before streaming data to serve them. The engineering team's post-mortem included a line that deserves attention: "we've confirmed that something we thought was impossible, had in fact happened."\\] The on-call system, designed for 50 engineers, started creaking past 100.\\]
These incidents matter because they demonstrate that the question is not whether problems occur -- they will -- but whether the infrastructure recovers quickly. Both incidents were documented in detailed public post-mortems. Both led to specific improvements. And the business continuity work Williams led through the end of 2019 paid off in a way no one anticipated: when COVID hit and Monzo moved from a heavily in-person culture to fully distributed overnight, the transition caused -- in Williams' words -- "basically no problems."\\]
| | AUTHOR: A velocity-under-growth observation from Ready Set Rocket or CorralData belongs here -- how did shipping cadence change between 7 people and 50 people, or between early CorralData and the current state? What slowed things down? What made the biggest difference? |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
The velocity challenge changes shape at each stage of the CTO's evolution. At the Coder stage, velocity is a function of individual speed and scope discipline -- the CTO is the primary shipper. At the Manager stage, velocity becomes a function of team coordination and infrastructure investment -- the CTO enables other people to ship. At the Director stage, velocity becomes a function of organisational design and autonomous teams -- the CTO designs the system that ships. Monzo's story is a Director-stage story: Williams did not ship code. She built the organisation that shipped code. Brockman's Tuesday burnout -- stacking all his one-on-ones on a single day and losing the rest of the week to recovery -- is what happens when a CTO at the Manager stage tries to maintain velocity through personal effort rather than structural investment.
## Speed and Quality Are Complements, Not Trade-offs
The conventional wisdom frames speed and quality as opposite ends of a dial: turn one up, the other goes down. A decade of data from DORA -- the largest and longest-running research programme on software delivery performance, surveying more than 39,000 professionals cumulatively since 2014 -- says the opposite.\\]
The 2019 Accelerate State of DevOps Report, based on roughly 1,000 respondents, found:
| Metric | Elite performers | Low performers | Difference |
| ----------------------- | ---------------------- | ------------------------- | ---------- |
| Deployment frequency | Multiple times per day | Monthly to every 6 months | 208× |
| Lead time for changes | Less than 1 day | 1 to 6 months | 106× |
| Time to restore service | Less than 1 hour | 1 week to 1 month | 2,604× |
| Change failure rate | 0--15% | 46--60% | 7× lower |
Source: DORA Team, 2019 Accelerate State of DevOps Report.\\]
Elite performers did not trade reliability for speed. They deployed 208 times more frequently _and_ failed seven times less often. They recovered from incidents 2,604 times faster. The DORA team's official guidance, updated in January 2026, states it directly: "DORA's research has repeatedly demonstrated that speed and stability are not tradeoffs."\\] Dave Farley, cited by DORA, frames the actual trade-off: "the real trade-off, over long periods of time, is between _better software faster_ and _worse software slower_."\\]
The mechanism is the one this chapter has been describing. Smaller changes are easier to review, easier to test, and easier to roll back. Frequent deploys mean each deploy carries less risk. Automated tests catch regressions before they reach production. Feature flags allow instant rollback without a full redeploy. The investments that increase speed -- CI/CD, trunk-based development, testing, feature flags -- are the same investments that increase reliability. Monzo's deployment blog stated the relationship in a single sentence: "less friction encourages smaller changes, and smaller changes are less risky."\\]
The DORA findings held across industries. The 2019 report found no evidence that industry type affected performance, "suggesting that organizations of all types and sizes, including highly regulated industries such as financial services and government, can achieve high levels of performance."\\] Enterprise organisations with more than 5,000 employees were actually lower performers than smaller ones. No startup-specific cohort (fewer than 50 employees) exists in the data, but the direction favours small teams, not against them.
A limitation worth naming: DORA's metrics are self-reported by survey respondents, not measured from production systems. The research team defends their methodology, and the research is the largest dataset of its kind, but self-reported data carries self-selection bias -- the professionals who fill out DevOps surveys are likely more engaged with DevOps practices than average. The 2024 report revealed an anomaly: medium performers reported a lower change failure rate (10%) than high performers (20%), prompting the DORA team to introduce a complementary "rework rate" metric.\\] The data is strong but not beyond challenge. What makes the finding credible is not any single year's survey but the consistency across a decade: speed and stability have correlated positively in every report since 2014.
The AI-assisted development context makes this more urgent, not less. AI coding assistants generate code faster, but approximately 45% of AI-generated code contains security vulnerabilities.\\] GitClear's analysis of 211 million lines of code changes between 2020 and 2024 found that refactoring dropped from 25% of changed lines to under 10%, while code duplication increased roughly fourfold.\\] The CTO who uses AI tools to ship faster without proportionally increasing testing and review is building faster on a weakening foundation. The quality infrastructure described in this chapter is not a constraint on AI-assisted velocity. It is the prerequisite for AI-assisted velocity to be safe.
Charity Majors, co-founder of Honeycomb, an observability platform, provides the punchline: "Velocity of deploys and lowered error rates are not in tension with each other, they actually reinforce each other. When one gets better, the other does too."\\]
The speed-versus-quality debate is not a debate about engineering values. It is a debate about infrastructure investment. The CTO who frames quality as something to add later -- "we can write tests after we ship" -- is making a hidden financing decision with compounding interest. [Chapter 5](5-technical-debt.html) established that technical debt is a financing instrument. Skipping quality infrastructure is borrowing at predatory rates.
The harder challenge is not building this infrastructure. It is explaining what it produces. "We're investing in testing infrastructure" sounds slow. "We're building the system that lets us deploy ten times a day without breaking the product" sounds fast. Both describe the same investment. The language determines whether the CEO sees it as prudent engineering or gold-plating.
---
Shipping velocity is the strategy, not a tactical preference. The fastest team to learn wins -- not because speed is inherently virtuous, but because speed is the mechanism by which a startup converts capital into knowledge. Etsy went from deploying twice per week, with crashes, to 50 times per day, with 70-second push times and 14,000 daily test runs. Monzo deployed more than 100 times per day -- at a regulated bank -- while growing from 50 to 250 engineers. Both invested in discipline, not recklessness. Both got faster and more reliable at the same time.
But the CTO does not operate in a vacuum. The business wants features yesterday. The CEO sees a competitor's launch and demands a response by Friday. The board asks why the roadmap slipped. Building the infrastructure for sustainable velocity is half the problem. The other half is holding the line when the pressure to ship faster -- now, at any cost -- is constant.
## Frequently Asked Questions
1. _How often should a startup deploy code?_
As frequently as possible -- ideally multiple times per day. Companies like Monzo deploy over 100 times daily. Frequent deployment reduces risk because each change is small, makes bugs easier to identify and fix, and creates a faster feedback loop with customers. The goal is not speed for its own sake but reducing the batch size of changes so that each deployment carries minimal risk.
2. _What are DORA metrics?_
DORA metrics are four measures of software delivery performance identified by the DevOps Research and Assessment team: deployment frequency (how often you deploy to production), lead time for changes (time from code commit to production), change failure rate (percentage of deployments causing incidents), and mean time to recovery (how quickly you restore service after failure). Research shows that elite performers do better on all four simultaneously -- speed and stability are not trade-offs.
3. _Does shipping fast hurt code quality?_
No -- the evidence shows the opposite. Teams that deploy frequently tend to have lower change failure rates because each deployment is smaller and easier to reason about. Small, frequent changes are easier to review, easier to test, and easier to roll back. The false trade-off between speed and quality comes from confusing shipping fast with shipping carelessly. Continuous deployment with automated testing and feature flags is both faster and safer than large, infrequent releases.
4. _What is continuous deployment?_
Continuous deployment is the practice of automatically deploying every code change that passes automated tests directly to production, without manual approval gates. It requires strong automated testing, feature flags to control rollout, monitoring to detect problems quickly, and the ability to roll back instantly. It is the final stage of the continuous delivery pipeline and represents the highest level of deployment automation.
5. _How do you implement continuous delivery in a startup?_
Start with the foundations -- automated tests that you trust, a single-command deployment process, and monitoring that alerts you to problems immediately. Add feature flags so you can deploy code without releasing features. Invest in a staging environment that closely mirrors production. Make deployments boring and routine rather than stressful events. The key enabler is not any single tool but the cultural commitment to keeping the main branch always deployable.
## References
. Sewell, W. (2022, May 15). How we deploy to production over 100 times a day. _Monzo Engineering Blog_. -- Metrics cover 2021--2022; the practices described originated during the 2018--2020 scaling period.
. Heath, M., & Patel, S. (2020). Modern banking in 1500 microservices. QCon London 2020\. Transcript at _InfoQ_.
. Targett, E. (2023, March 7). The big interview: Pleo CTO and Monzo veteran Meri Williams. _The Stack_.
. Brooks, F. P., Jr. (1975/1995). _The Mythical Man-Month: Essays on Software Engineering_ (Anniversary ed.). Addison-Wesley.
. Adams, P. (n.d.). Shipping is the beginning of a process. _Intercom Blog_.
. Rodgers, J., & Rayl, A. (2024, February 19). Building the Slack MVP. _Building Slack_.
. Elliott-McCrea, K. (2013, August 8). Paths to production confidence, part 1 of n. _Laughing Meme_.
. Bruckmayer, C. (2021, February 24). Keeping developers happy with a fast CI. _Shopify Engineering Blog_.
. GitHub Engineering. (n.d.). Making GitHub CI workflow 3x faster. _The GitHub Blog_.
. Snyder, R. (2013, March). Continuous deployment at Etsy: A tale of two approaches \\\[Presentation slides\]. -- See also Schauenberg, D. (2014). How Etsy deploys more than 50 times a day. QCon London. Reported in _InfoQ_.
. Elliott-McCrea, K. (2015, August 31). Five years, building a culture, and handing it off. _Laughing Meme_.
. Archbold, R. (n.d.). Speed of deployment \\\[Podcast interview\]. _O11ycast_, Episode 12\. Heavybit.
. Gimeno, A. (2021, April 27). How we ship code faster and safer with feature flags. _The GitHub Blog_.
. Monzo Engineering Blog. (2018, June 29). Engineering principles at Monzo.
. Singer, R. (2019). _Shape Up: Stop Running in Circles and Ship Work that Matters_. 37signals/Basecamp. Chapter 3: "Set Boundaries" () and Chapter 15: "Decide When to Stop" ().
. Intercom Engineering Team. (n.d.). Intercom's product principles: Building in small steps to deliver maximum customer value. _Intercom Blog_.
. Saarinen, K. (n.d.). Building at the early stage. _Linear App Blog / Medium_.
. Rodríguez-García, D., Sicilia, M. Á., García-Barriocanal, E., & Harrison, R. (2012). Empirical findings on team size and productivity in software development. _Journal of Systems and Software_, 85, 562--570\.
. QSM Associates. (n.d.). Team size can be the key to a successful software project. -- Industry consultancy analysis of 491 projects. Not peer-reviewed.
. Stone, B. (2013). _The Everything Store: Jeff Bezos and the Age of Amazon_. Little, Brown and Company. See also AWS Executive Insights (Slater, D.). Powering innovation and speed with Amazon's two-pizza teams.
. Orosz, G. (2026, February 24). The future of software engineering with AI: Six predictions. _The Pragmatic Engineer_. -- The engineering leader is unnamed; the claim is reported secondhand.
. Lait, S. (n.d.). Engineering culture: The secret behind Monzo's developer magnet. _Level-up Engineering Podcast / Coding Sans_.
. Monzo Engineering Blog. (2018, June 27). Organising teams and managing engineers.
. Williams, M. (n.d.). Interview. _Console DevTools Podcast_, Season 3, Episode 10\.
. Williams, M. (2018). Scaling your team and culture without wrecking everything. Turing Fest 2018\. Write-up by Lucy Fuggle.
. Monzo Engineering Blog. (2018, June 25). We've published our engineering progression framework. -- Framework available at
. Monzo Engineering Blog. (2019, June 20). Why bank transfers failed on 30th May 2019\.
. Monzo Engineering Blog. (2019, August 9). We had issues with Monzo on 29th July. Here's what happened.
. Monzo Engineering Blog. (2022, February). Scaling our on-call process.
. DORA Team. (2019). _2019 Accelerate State of DevOps Report_. Google Cloud / DORA.
. Harvey, N. (2026, January 5). DORA's software delivery performance metrics \\\[Guide\]. dora.dev. -- Dave Farley quote from _Modern Software Engineering_ (2021), p. 154, as cited by DORA.
. Stephens, R. (2024, November 26). DORA Report 2024 -- A look at throughput and stability. _RedMonk_.
. Veracode data as reported in the startup CTO landscape research; see Chapter 12 for full treatment.
. GitClear analysis of 211 million lines of code changes (2020--2024); see Chapter 12 for full treatment.
. Majors, C. (2019, May 1). Friday deploy freezes are exactly like murdering puppies. _charity.wtf_.
Chapter 7: When the Business Wants It Yesterday
====================
> The bearing of a child takes nine months, no matter how many women are assigned.
-- Fred Brooks
The Mythical Man-Month, 1975
Key Takeaways
* Rushing and speed are not the same thing. Rushing skips steps and creates problems that slow you down later. Speed comes from removing friction, and the fastest teams are the ones with the fewest manual gates between a commit and a user's screen.
* Not all urgency is the same, and the CTO who treats every fire with the same hose will burn out or burn down the codebase. Growth urgency rewards breadth, survival urgency rewards depth, and uncertainty urgency rewards reversibility.
* Every CTO needs a short, non-negotiable list -- five to seven things you will not compromise on regardless of pressure. Writing it down before the crisis hits is what separates engineering leadership from reactive firefighting.
* Google's error budget model answers the speed-versus-safety question with data, not politics: if the service has budget remaining, engineering ships fast; if the budget is spent, engineering stabilises.
Will Larson has been CTO or head of engineering at Digg, Uber, Calm, Stripe, and Carta. Every time he meets fellow engineering leaders, he finds himself in the same conversation -- what he calls the engineering leader's version of Groundhog Day. "The biggest challenge these leaders are facing is pressure from their CEOs to drive engineering velocity. The message is usually: ship more value, more quickly." The problem, Larson observes, is that "no one has a whole lot of conviction that there is a simple way to do this. There's no lever like there is in sales."\\]
The conversation recurs because the pressure is structural. It is not a symptom of a bad CEO-CTO relationship, a poorly managed sprint, or a temporary resource shortage. It is a permanent feature of the CTO role. The CEO is accountable to the board for growth. Growth depends on features, fixes, and product improvements that engineering must deliver. The CEO's instinct -- more output, faster -- is rational from where they sit. The CTO's knowledge -- that rushing and speed are different things, that shortcuts compound, that the outage caused by cutting corners will cost more than the feature delay it was supposed to prevent -- is equally rational but harder to communicate.
This chapter is about how to manage that tension without losing either the relationship or the product. [Chapter 6](6-shipping-software.html) established that shipping speed is the startup's primary competitive advantage. This chapter addresses what happens when the business pressure to ship exceeds what the engineering team can safely deliver -- and why the CTO who navigates that pressure well is practising the business acumen that [Chapter 10](10-business-acumen-gap.html) will argue is the difference between the CTOs who survive and the ones who are replaced.
The pressure is constant, but its character changes with the market. During the zero-interest-rate boom of 2020--2021 -- the first period in SaaS history when, as Jason Lemkin observed, "efficiency actually didn't matter" -- urgency came from growth.\\] Ship fast to capture market share. Hire aggressively. Run multiple experiments in parallel. The CTO was rewarded for breadth: more features, more teams, more surface area. Then the correction arrived. Sequoia Capital's "Adapting to Endure" presentation in May 2022 told portfolio companies to "confront reality and act decisively," warning that "the cost of capital has fundamentally increased."\\] Urgency shifted from growth to survival. Ben Brown, CTO of Flock, captured the whiplash: "In the past, we asked for three more teams and the answer was to go off and hire them now. Now we hear there's no money for it."\\] Paul Graham's "default alive or default dead" diagnostic -- always relevant, suddenly urgent -- became the framing every board conversation started with: "If the company is default alive, we can talk about ambitious new things they could do. If it's default dead, we probably need to talk about how to save it."\\] And by 2025, a third mode emerged: uncertainty urgency, driven by tariffs, geopolitical fragmentation, and AI disruption so rapid that planning horizons compressed to quarters rather than years. Tobi Lütke's April 2025 Shopify memo -- requiring teams to "demonstrate why they cannot get what they want done using AI" before requesting headcount -- is the defining artefact of this era.\\] It is neither growth-at-all-costs nor survival-mode austerity. It is optionality: keep the organisation flexible enough to absorb capability shifts that nobody can predict.
The CTO must recognise which mode they are operating in, because the appropriate engineering response differs. Growth urgency rewards breadth -- more experiments, more features, more parallel bets. Survival urgency rewards depth -- fewer features, done well, that generate revenue now. Uncertainty urgency rewards reversibility -- small bets, fast learning, architecture that can pivot without a six-month rewrite. The CTO who applies a growth playbook during a bust will burn cash on experiments that never reach customers. The CTO who applies a survival playbook during a boom will lose the market to competitors who moved faster. And the CTO who does not recognise uncertainty as a distinct mode -- who mistakes it for either boom or bust -- will optimise for the wrong thing entirely.
## Rushing Is Not Speed
The most important distinction in the CTO's vocabulary is the one that most business conversations collapse: the difference between rushing and speed.
Rushing is skipping safeguards. It is deploying without testing, merging without review, shipping without monitoring. It feels fast. It produces output quickly. And it accumulates the kind of debt that [Chapter 5](5-technical-debt.html) described -- not the strategic debt of a conscious trade-off, but the reckless debt that compounds until the 3 a.m. phone call arrives.
Speed is something else entirely. Speed is high deployment frequency with proper safeguards in place. Speed is the CI/CD pipeline from [Chapter 6](6-shipping-software.html) that lets the team ship ten times a day because each deployment is small, tested, and reversible. Speed is the discipline of scope reduction -- shipping less scope more often -- rather than the chaos of shipping everything at once with fingers crossed.
Charity Majors, CTO of Honeycomb, an observability platform, states the counterintuitive principle that a decade of DORA research supports: "Speed is safety in software."\\] The teams that deploy most frequently are not the ones with the most outages. They are the ones with the fewest. The teams that rush -- that bypass testing, skip staged rollouts, and deploy large batches of changes infrequently -- are the ones that break things.
The DORA team's data, now spanning more than a decade of research across tens of thousands of engineering professionals, has demonstrated this consistently. Elite-performing teams deploy on demand -- often multiple times per day -- and have a change failure rate of roughly 5%. Low-performing teams deploy less frequently and fail more often. The 2024 report quantifies the gap: elite performers deploy 182 times more frequently than low performers and recover from failures 2,293 times faster.\\] Nicole Forsgren, who co-founded the DORA research programme, summarises the finding in _Accelerate_: "High performers understand that they don't have to trade speed for stability or vice versa, because by building quality in they get both."\\]
Dave Farley, co-author of _Continuous Delivery_, states the principle more directly: "The real trade-off, over long periods of time, is between better software faster and worse software slower." He draws the manufacturing parallel: "It wasn't that Toyota built crappy, cheap cars more quickly. They built higher quality cars, more cheaply and more quickly."\\] The DORA research confirmed that the same dynamic applies to software: the teams that invested in quality infrastructure -- testing, monitoring, deployment automation -- did not sacrifice speed. They achieved speed because of the investment, not despite it.
Martin Fowler frames this as the "tradable quality hypothesis" -- the belief, widespread among business leaders, that quality can be reduced to gain speed. Fowler's argument: "It's vital to focus on the true value of internal quality -- that it's the enabler to speed. The purpose of internal quality is to go faster."\\] The CTO who accepts the framing that speed and quality trade off has already lost the negotiation. The correct framing -- the one supported by a decade of data across tens of thousands of teams -- is that they are complements. The CTO's job is to build the system where that complementarity is visible, and to communicate it in language the business can evaluate.
Facebook's decade-long cycle illustrates the tension. Mark Zuckerberg's original motto -- "Move fast and break things" -- became a cultural touchstone for the startup world.\\] By 2014, Zuckerberg had revised it: "Move fast with stable infrastructure. Because when you build something that you don't have to fix 10 times, you can move forward on top of what you've built."\\] By 2023, facing pressure from Wall Street, Meta returned to aggressive speed language. The cycle reveals a truth that the startup CTO should internalise: the velocity conversation never resolves. It oscillates. The CTO who expects it to end is expecting something that has not happened at any company, at any scale, in the history of the software industry.
| | AUTHOR: Your version of this conversation at CorralData -- the moment when business pressure met engineering judgment. The healthcare B2B context makes the tension sharper: the cost of moving too fast in a regulated vertical is not just an outage. It is a compliance incident, a customer data exposure, a trust violation that may be irrecoverable. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## When Rushing Creates the Crisis
On the morning of August 1, 2012, Knight Capital Group deployed new trading software to connect with a New York Stock Exchange programme called the Retail Liquidity Program. A technician had manually updated the software on seven of the company's eight servers. One server was missed. On that server, the old code -- a defunct function that had been repurposed but not removed -- began executing trades at high volume without the controls that the new code was supposed to provide.\\]
In the 45 minutes before the market opened and the error was contained, Knight Capital's router sent more than four million orders into the market while attempting to fill just 212 customer orders. The company traded more than 397 million shares, acquired several billion dollars in unwanted positions, and suffered a loss of more than $460 million -- enough to threaten the firm's survival.\\]
The SEC investigation revealed that an internal system had generated 97 automated error emails before the market opened, referencing the problematic router and identifying the failure. Nobody acted on them. Knight Capital had no documented procedures for deployment verification, no automated checks to confirm that all servers were running the same version, and no incident response protocol that would have caught the discrepancy before it became catastrophic.\\]
The lesson is not "be more careful." The lesson is that the safeguards Knight Capital lacked -- deployment verification, automated consistency checks, incident response protocols -- are precisely the infrastructure of speed that Chapter 6 described. Knight Capital did not fail because it moved too fast. It failed because it rushed: it deployed a critical change manually, without verification, without rollback capability, and without monitoring that would have caught the error before the market opened.
On July 19, 2024, CrowdStrike provided the highest-profile illustration of the same principle at a different scale. A content configuration update for CrowdStrike's Falcon security platform -- not a code change, but what the company called "Rapid Response Content" -- was pushed to all customers simultaneously. The update contained a parameter count mismatch: the template defined 21 input fields, but the code supplied only 20 values. The mismatch evaded multiple layers of validation because the test cases used wildcards for the 21st field. Within 78 minutes, 8.5 million Windows devices crashed.\\]
CrowdStrike's code deployment process was rigorous. Code changes went through dogfooding, staged rollouts, and customer-controlled deployment windows. But Rapid Response Content -- the configuration updates designed to respond quickly to emerging threats -- bypassed all of it. As Adam Meyers, CrowdStrike's senior vice president, testified before Congress: "The updates were distributed to all customers in one session. We've since revised that."\\]
The financial impact was staggering. Parametrix estimated that Fortune 500 companies alone suffered more than $5 billion in direct losses. The healthcare and banking sectors were hardest hit, with estimated losses of $1.94 billion and $1.15 billion respectively. Delta Air Lines canceled 7,000 flights and manually reset 40,000 servers, reporting a $500 million loss over five days.\\] Only 10 to 20% of the losses were estimated to be covered by cybersecurity insurance.\\]
The irony was inescapable: a security company, whose product existed to protect others from system failures, caused one of the largest IT outages in history by bypassing its own deployment safeguards for the sake of speed. CrowdStrike's testimony contained a sentence that should be posted on the wall of every CTO's office: "Trust takes years to make and seconds to break."\\]
Equifax provides the third case study, this one about speed of omission rather than speed of action. In March 2017, a critical vulnerability in Apache Struts was disclosed, and a patch was made available. Equifax's internal security team ordered all vulnerable systems to be patched within 48 hours. They did not follow up to verify that the order was carried out. It was not. An SSL certificate used for intrusion detection had been expired for nine months, blinding the system that would have caught the breach. When the breach was finally discovered in July, 147.9 million Americans had their personal data exposed. The total cost exceeded $1.38 billion.\\]
The common pattern across all three cases is not technical failure. It is the absence of the safeguards that turn rushing into speed: automated verification, staged deployment, monitoring, incident response, and -- most fundamentally -- a culture that treats these safeguards as non-negotiable rather than optional when the business wants something yesterday.
| | AUTHOR: A CorralData near-miss or incident caused by speed pressure -- even a minor one -- would ground this section. In healthcare B2B, what does the "3 a.m. phone call" look like? What is the cost of an outage to your clients? |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Non-Negotiables List
The CTO cannot fight every battle with equal intensity. Saying no to everything the business wants is as destructive as saying yes to everything -- it erodes trust and positions engineering as an obstacle rather than a partner. The practical skill is knowing which battles are non-negotiable and which are negotiable, and having the language to explain the difference.
Google's Site Reliability Engineering team provides the most elegant framework for this negotiation: the error budget. The concept is simple: the team defines a service level objective -- say, 99.9% uptime -- and calculates the remaining 0.1% as a budget that can be "spent" on risk. When the budget is healthy, the product team can push changes aggressively. When the budget is nearly exhausted, the team shifts to reliability work. As the Google SRE book describes it: "This metric removes the politics from negotiations between the SREs and the product developers when deciding how much risk to allow."\\]
The error budget works because it converts a political argument ("we need to slow down" versus "we need to ship faster") into a data-driven one. The budget is either available or it is not. When it is available, the CTO can say yes with confidence. When it is not, the CTO can say no with evidence. The key insight from Google's implementation: "When the budget is nearly drained, the product developers themselves will push for more testing or slower push velocity. In effect, the product development team becomes self-policing."\\]
Most startups cannot implement a formal SRE programme. But the principle scales down to a non-negotiables list -- the five to seven commitments the CTO makes to the company and does not compromise regardless of business pressure. The list is not a set of engineering preferences. It is a set of conditions under which the company can ship fast without creating the crises that slow it down.
A non-negotiables list for a startup CTO might include: every deployment is reversible -- if the change breaks production, it can be rolled back within minutes, not hours. No change ships without automated tests covering the critical path -- not 100% coverage, but coverage of the flows that customers depend on. Monitoring and alerting are in place before a feature reaches production -- the team knows when something breaks before the customer does. Security patches are applied within a defined window -- not "when we get to it," but within 72 hours for critical vulnerabilities and two weeks for high-severity ones. Data access controls are never bypassed for convenience -- in a healthcare or financial context, this is not an engineering preference but a legal obligation.
Charity Majors' framing applies here: observability is not a feature request. It is "table stakes. It is non-negotiable."\\] She extends the argument to a broader principle: "SLOs are a hedge against micromanagement, because when teams meet their SLOs, the way they spend their time is not important."\\] The CTO who has established non-negotiables and is meeting them has earned the right to manage engineering time without interference. The CTO who has not established them is negotiating from a position of assertion rather than evidence.
The Veracode data from Chapter 12 adds urgency to this list in the AI era. When 45% of AI-generated code contains security vulnerabilities, and the rate does not improve with newer or larger models, the non-negotiable on security review becomes more important, not less.\\] The GitClear finding -- that refactoring has collapsed to historic lows while code duplication has surged -- means the non-negotiable on code review is protecting the codebase from a new category of structural degradation.\\] The non-negotiables list is not static. It evolves as the threat environment changes, and AI has changed it.
| | AUTHOR: CorralData's specific non-negotiables -- what are the five to seven things you will not compromise on? In healthcare B2B, HIPAA compliance, data encryption at rest and in transit, and audit logging are likely on the list. The reader needs to see a working CTO's actual list, not a theoretical one. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Velocity Negotiation
The non-negotiables list defines what the CTO will not move on. The velocity negotiation is about everything else -- the scope, the timeline, and the communication framework that allows the CTO and the CEO to align without either one capitulating.
David Subar, a technology leadership consultant who has served as CTO or CPO for multiple companies and advised more than 30 organisations including Disney, Meta, and Fox, identifies the fundamental communication error most CTOs make: talking to the CEO about the wrong thing. "Velocity, for example, is important to Engineering and partly to Product, but is completely the wrong thing to discuss with CEOs." The consequence: "Communicating results using the wrong metrics can lead CEOs to believe that their CTO is poorly focused, feckless, or worse, an impediment to the organization."\\] Subar traces the average CTO tenure of two and a half to three years directly to this communication failure.
Larson draws a sharper distinction that the chapter depends on: "There's two different problems. There's how do you improve execution? And then there's how do you address your CEO who's telling you to improve execution. I think these should be the same problem, but I find they're a little bit different."\\] The operational problem -- actually shipping faster -- is an engineering challenge. The communication problem -- managing the CEO's perception of engineering speed -- is a relationship challenge. Chapter 6 addressed the first. This section addresses the second.
Ryan Singer's Shape Up methodology, developed at Basecamp, provides the most practical framework for scope negotiation. The core principle: fixed time, variable scope. "Estimates start with a design and end with a number," Singer writes. "Appetites start with a number and end with a design."\\] The CTO sets the time box -- a six-week cycle, a two-week sprint, whatever cadence the team uses -- and the scope is adjusted to fit within it. This is not about cutting corners. Singer's language is deliberate: the team "hammers" scope to fit the time box, preserving the core value while stripping away the features that do not move the needle for the customer.\\]
The Shape Up model resolves a specific dynamic that creates most CEO-CTO friction: the CEO announces a deadline, the CTO estimates the work, the estimate exceeds the deadline, and the negotiation becomes adversarial. Under Shape Up, the deadline is shared and fixed. The negotiation is about scope, which both parties can discuss rationally. The CTO is not saying "we can't do it in time." The CTO is saying "in this time, here is the most valuable version of it we can deliver." The conversation shifts from speed to value.
Jeff Bezos's "disagree and commit" principle, introduced in his 2016 letter to Amazon shareholders, provides the executive-level framework for the cases where the CTO and CEO genuinely disagree about priorities. "If you have conviction on a particular direction even though there's no consensus, it's helpful to say, 'Look, I know we disagree on this but will you gamble with me on it? Disagree and commit?'" Bezos emphasises that the principle runs both ways: "If you're the boss, you should do this too. I disagree and commit all the time."\\]
For the startup CTO, "disagree and commit" is a tool for the cases that fall between the non-negotiables (which are not up for debate) and the scope adjustments (which are routine). The CEO wants to prioritise a feature the CTO believes is premature. The CTO has made the case, the CEO has listened, and the decision stands. The CTO commits fully to execution -- no sandbagging, no passive resistance -- while preserving the right to revisit the decision if the data changes.
Gergely Orosz, who was a senior engineering manager at Uber, adds the tactical layer: communicate early and often. "How and when the delay is communicated matters far more than the delay itself."\\] His practice: commit to the business that they will receive regular updates, then provide increasing confidence in dates as milestones are reached. "For every major project, we shipped something different on the launch date than what we agreed to originally. But the stakeholders were never surprised."\\] The principle is the same one Brad Feld articulated for board meetings in Chapter 10: no surprises. The CEO who is warned about a delay three weeks in advance can adjust plans. The CEO who learns about it the day before the deadline has lost trust in the CTO's judgment.
Larson provides one additional framework for the cases where the CTO must push back. Most velocity disputes, he argues, are really about one of two things: "why is this taking so long when it should take a couple of hours?" or "why can't you work on this other, more important, project?" These are different problems requiring different responses. The first is a velocity question -- and the best response is to identify a reality-based approach that addresses the constraint. The second is a prioritisation question -- and the best response is to make the trade-off visible: "we can do this project, but it means delaying that one. Which is more important?"\\] The CTO who conflates the two will fight the wrong battle. The CTO who separates them can address each one with the right tool.
Larson also warns against a common CTO defence mechanism: invoking technical debt and toil as a blanket justification for saying no. "The specter of technical debt and toil have been used to shirk so much responsibility, that simply naming them tends to be unconvincing."\\] The CTO who has done the debt audit from [Chapter 5](5-technical-debt.html) -- who can quantify the cost of debt service in dollars and engineering hours -- has a persuasive case. The CTO who waves vaguely at "technical debt" has nothing.
The velocity negotiation is, at its core, a practice run for the board communication that [Chapter 10](10-business-acumen-gap.html) will describe. The CTO who can negotiate scope with the CEO -- using business language, presenting trade-offs rather than ultimatums, offering alternatives rather than refusals -- is developing the translation skills that determine whether they survive the transition from builder to executive.
| | AUTHOR: A specific velocity negotiation from CorralData -- a feature request from the business that required scope reduction or timeline adjustment, and how the conversation went. The reader needs to see the Shape Up / appetite principle applied in a real context. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Guardrails, Not Roadblocks
The DORA data resolves the chapter's central tension, but it also introduces a finding that challenges the CTO's instinct for caution. Forsgren, Humble, and Kim found that external change approval processes -- review boards, manager sign-offs, compliance gates -- were negatively correlated with lead time, deployment frequency, and recovery time. The most striking result: external approvals "had no correlation with change fail rate." They did not make deployments safer. They only made them slower. The finding was blunt: external approval processes are "worse than having no change approval process at all."\\]
This does not mean the CTO should abandon oversight. It means the form of oversight matters. The distinction, articulated by the DevSecOps community in the late 2010s, is between gates and guardrails. A gate is a manual checkpoint that blocks progress until a human approves it. A guardrail is an automated constraint that prevents unsafe actions without requiring human intervention. Automated test suites are guardrails. Deployment pipelines that reject builds with failing tests are guardrails. Static analysis tools that flag security vulnerabilities before code reaches review are guardrails. A weekly change advisory board meeting is a gate.\\]
Google's error budget is the most sophisticated guardrail: it automates the speed-versus-safety negotiation by linking deployment permission to measured reliability. When the budget is healthy, deployments proceed. When it is exhausted, they halt -- automatically, without politics, without a meeting. Google's implementation data reveals why this matters: "Changes are a major source of instability, representing roughly 70% of our outages."\\] The answer to that statistic is not fewer changes. It is smaller changes, better tested, with faster rollback -- the infrastructure of speed from Chapter 6, now understood as a safety system rather than a productivity tool.
John Allspaw, who built the engineering culture at Etsy that became the model for blameless postmortems, provides the cultural complement to the technical guardrails. His 2012 essay on blameless postmortems established the principle that has now been adopted by Google, Netflix, Amazon, and hundreds of startups: "A funny thing happens when engineers make mistakes and feel safe when giving details about it: they are not only willing to be held accountable, they are also enthusiastic in helping the rest of the company avoid the same error in the future."\\] Allspaw's debriefing facilitation guide expands the point: "\`A 'post-mortem' debriefing should be considered first and foremost a learning opportunity, not a fixing one.\`"\\]
The cultural guardrail is as important as the technical one. The CTO who punishes the engineer who caused an outage will never learn the truth about what went wrong. The CTO who creates a blameless environment will learn everything -- and the team will build the guardrails that prevent recurrence, because they feel safe enough to be honest about the failure.
The principle connects the chapter's argument into a single framework. Speed is not the enemy of safety. Rushing is. The non-negotiables list defines the boundaries. The error budget automates the negotiation. The guardrails replace the gates. The blameless postmortem turns every failure into a system improvement. And the velocity negotiation -- the conversation with the CEO, the scope discussion, the communication rhythm -- ensures that the business understands what the engineering team is doing and why.
| | AUTHOR: How CorralData handles incidents and postmortems -- is there a formal blameless process? Has there been a moment where an incident led to a system improvement that would not have happened without the failure? The reader needs to see the guardrails-not-gates principle in action at a real company, not just at Google. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
The pressure to ship faster will not end. It did not end at Digg, or Uber, or Calm, or Stripe, or Carta -- every company where Larson has had the same conversation. It did not end at Facebook, which cycled through "break things," "stable infrastructure," and back to "break things" in the span of a decade. It will not end at your company. The pressure is structural because the business always needs more than engineering can deliver, and the gap between what is wanted and what is possible is the space the CTO occupies.
The CTO who manages that space well -- who can distinguish rushing from speed, who has a non-negotiables list and the language to defend it, who can negotiate scope without becoming adversarial, and who builds the guardrails that make fast deployment safe deployment -- is not just protecting the codebase. They are protecting their own tenure.
Chapter 9 provides the measurement language that makes this negotiation concrete. The velocity the business demands cannot be discussed in the abstract. It needs metrics -- the right ones, presented in the right language, at the right cadence. The DORA data, the SPACE framework, and the stage-appropriate measurement systems of [Chapter 9](9-measuring-engineering-metrics.html) are the tools that transform the velocity conversation from "we need to go faster" into "here is what we are shipping, here is how fast, and here is what it costs."
## Frequently Asked Questions
1. _How do you push back on unreasonable engineering deadlines?_
Present trade-offs rather than simply saying no. Show what can be delivered by the deadline and what would need to be cut. Maintain a non-negotiable quality list -- the things you will never sacrifice for speed, such as security, data integrity, and core automated tests. Use data from past deliveries to support your estimates. Frame the conversation around risk and business outcomes rather than engineering preferences.
2. _How do you balance speed and quality in software development?_
Speed and quality are not opposites -- research from DORA and others shows that the fastest teams also produce the highest quality. The real trade-off is between speed and scope. Protect your foundations -- automated testing, deployment infrastructure, security -- and negotiate on features and scope instead. When stakeholders push for faster delivery, the conversation should be about what to build, not about whether to skip tests or cut corners.
3. _What is an engineering error budget?_
An error budget, borrowed from Google's Site Reliability Engineering practice, is the maximum amount of acceptable failure or unreliability in a given period. If your service has a 99.9% uptime target, your error budget is 0.1% downtime -- about 8.7 hours per year. While you have budget remaining, you can move fast and take risks. When the budget is spent, you slow down and focus on reliability. It turns the speed-versus-quality debate into a measurable, data-driven conversation.
4. _How do you estimate software development timelines?_
Use ranges rather than single-point estimates -- a feature might take three to five days, not exactly four. Double your estimate for unfamiliar work or systems you have not touched before. Track your historical accuracy and adjust your calibration over time. Communicate uncertainty explicitly to stakeholders. Break large projects into smaller deliverables so you can course-correct as you learn more. Never pad estimates secretly -- be transparent about the uncertainty.
5. _What should a CTO never rush?_
Never rush security, data integrity, automated testing infrastructure, or deployment pipelines. These are the foundations that everything else depends on. A shortcut in security can cause irreversible damage -- data breaches, regulatory penalties, loss of customer trust. A shortcut in testing infrastructure compounds over time, making every future change slower and riskier. Protect these foundations absolutely, and negotiate on scope and features instead.
## References
. Larson, W. (\~2024). Unexpected anti-patterns for engineering leaders -- lessons from Stripe, Uber & Carta \\\[Interview\]. _First Round Review_.
. Lemkin, J. (2023). Why the era of efficient growth is now: The 2023 VC state of the market. _SaaStr_. -- "For the first time ever in SaaS, ever in our working lifetimes, efficiency actually matters."
. Sequoia Capital (Botha, R. et al.). (2022, May--June). Adapting to endure. -- Presented to portfolio companies May 16, 2022; published June 14, 2022\. Compared by many to Sequoia's 2008 "R.I.P. Good Times" presentation.
. Brown, B. (CTO, Flock). (2023). For CTOs: Commercial thinking should guide engineering decisions \\\[Interview\]. _The Software House_. -- "Over the last 18 months, the challenge for engineering has been to do more with less."
. Graham, P. (2015, October). Default alive or default dead? _paulgraham.com_. -- "Assuming their expenses remain constant and their revenue growth is what it has been over the last several months, do they make it to profitability on the money they have left?"
. Lütke, T. (2025, April 7). Internal Shopify memo posted on X. -- Reported by CNBC: -- Already cited in Chapter 11; cross-reference here for the urgency framing.
. Majors, C. (\~2023). Interview with Charles Humble. _Hacking the Org Podcast_, Container Solutions. -- Majors is CTO and co-founder of Honeycomb.
. Forsgren, N., Humble, J., & Kim, G. (2018). _Accelerate: The Science of Lean Software and DevOps_. IT Revolution Press. Based on multi-year surveys of 23,000+ professionals.
. Farley, D. (2021). _Modern Software Engineering_ (p. 154). Addison-Wesley. Quoted in DORA official documentation: -- See also Farley, D., & Humble, J. (2010). _Continuous Delivery_. Addison-Wesley.
. Fowler, M. (n.d.). Tradable quality hypothesis. _martinfowler.com/bliki_. -- See also Fowler, M. (2019, May 29). Is high quality software worth the cost?
. Zuckerberg, M. (2012). Facebook S-1 filing, "Hacker Way" letter. Original motto: "Move fast and break things." Revised at F8 developer conference, April 30, 2014: "Move fast with stable infrastructure." Reported by Statt, N. _CNET_. -- Meyer, D. (2023, February 21). Big Tech goes back to moving fast and breaking things. _Fortune_.
. U.S. Securities and Exchange Commission. (2013, October 16). SEC charges Knight Capital with violations of market access rule \\\[Press release\]. -- See also Seven, D. (2014, April 17). Knightmare: A DevOps cautionary tale. _dougseven.com_.
. CrowdStrike, Inc. (2024, August 6). External technical root cause analysis -- Channel File 291 \\\[PDF\].
. Meyers, A. (2024, September 24). Testimony before the House Subcommittee on Cybersecurity and Infrastructure Protection. Written testimony:
. Hsu, A. (2024, July 31). Delta's CEO says the CrowdStrike outage cost the airline $500 million in 5 days. _NPR_.
. Fung, B. (2024, July 24). CrowdStrike outage: We finally know what caused it -- and how much it cost. _CNN Business_. -- Parametrix estimates: $5.4B in Fortune 500 losses; 10--20% covered by insurance.
. FTC. (2019, July 22). Equifax to pay $575 million as part of settlement \\\[Press release\]. -- Total cost: $1.38B ($700M settlement + $1B+ mandatory security improvements). 147.9M Americans affected.
. Beyer, B., Jones, C., Petoff, J., & Murphy, N. R. (Eds.). (2016). Embracing risk. In _Site Reliability Engineering: How Google Runs Production Systems_. O'Reilly Media. -- See also Google. (2018). Error budget policy. In _The Site Reliability Workbook_.
. Majors, C. (2020, March 3). Observability is a many-splendored definition. _charity.wtf_.
. Majors, C. (\~2024). Interview with Gergely Orosz. Observability: the present and future. _The Pragmatic Engineer_.
. Veracode. (2025, July 30). 2025 GenAI code security report. -- 80 curated tasks, 100+ LLMs tested. 45% failure rate on OWASP Top 10 vulnerabilities.
. GitClear. (2025, February). AI copilot code quality: 2025 data suggests 4x growth in code clones. -- Dataset: 211 million changed lines. Refactoring dropped from 24% to under 10%; duplication at historic highs.
. Subar, D. (2021, May 6; updated 2023, April 14). Metrics for CTO success \\\[Presentation transcript\]. _Interna_.
. Larson, W. (\~2024). A masterclass in engineering leadership from Carta, Stripe, Uber, and Calm \\\[Podcast interview\]. _First Round Review / In Depth_.
. Singer, R. (2019). _Shape Up: Stop Running in Circles and Ship Work that Matters_. Basecamp.
. Bezos, J. P. (2017, April). 2016 Letter to shareholders. Amazon.com Annual Report. The concept is also attributed to Scott McNealy at Sun Microsystems (1983--1991) and Andy Grove at Intel.
. Orosz, G. (n.d.). Yes, you should estimate software projects. _The Pragmatic Engineer Blog_. -- Orosz was previously senior engineering manager at Uber.
. Larson, W. (2018, September 23). Saying no. _Irrational Exuberance_ (lethain.com). -- See also Larson, W. (2026, January 25). Pressure without a plan.
. Howard, M. (2017, December). Fewer gates, more guardrails: DevSecOps lessons learned in 2017\. _Sonatype Blog_.
. Google. (2018). Example error budget policy. In _The Site Reliability Workbook_.
. Allspaw, J. (2012, May; updated 2016, May 22). Blameless PostMortems and a just culture. _Etsy Code as Craft_.
. Allspaw, J. (2016, November 17). Debriefing facilitation guide for blameless postmortems. _Etsy Code as Craft_.
Chapter 8: Working with Product (or Being Product)
====================
> In an early stage startup, the product manager role is most appropriately played by the CEO or one of the founders.
-- Marty Cagan
The CEO as Head of Product, SVPG, 2010
Key Takeaways
* At the earliest stage, the CTO is the product function. The demo is the discovery session, the prototype is the spec, and the distinction between building and deciding what to build does not yet exist.
* If you are just using your engineers to code, you are only getting about half their value. The best product work happens when a product manager, a designer, and a tech lead operate as co-equal participants, not as a handoff chain.
* Hiring your first product manager is not about adding capacity; it is about letting go of "what to build" while retaining the right to weigh in on "whether to build it."
* The Now/Next/Later roadmap replaces false precision with honest granularity: detailed commitments for now, shaped bets for next, strategic themes for later. It communicates progress without manufacturing certainty you do not have.
Dharmesh Shah is CTO of HubSpot. The company has thousands of employees, billions in revenue, and a product organisation staffed with experienced product managers at every level. Shah has zero direct reports. He has no product roadmap. He rejected the management path entirely and instead exerts product influence as an individual contributor -- building internal tools, prototyping features, and shipping products that emerge from his own technical intuition rather than from a planning process. At a Business of Software talk, he described how this makes "executives, management, sales teams, and the board and other people uncomfortable."\\]
Shah can get away with this because he has the founder authority and financial independence to ignore organisational convention. Most CTOs cannot. But his instinct -- that the CTO is inherently a product thinker, not just a technical executor -- is correct. The question this chapter addresses is what happens when that instinct meets the reality of a growing company that eventually needs dedicated product leadership: when you are both the person who decides _what_ to build and the person responsible for _how_ it gets built, how do you manage both without doing either badly -- and how do you know when it's time to hand one of them to someone else?
## You Are Product
At startups with fewer than about twenty people, there is usually no product manager. The CTO and CEO together set the roadmap -- the CTO through technical intuition about what is possible, the CEO through market intuition about what is needed. Marty Cagan, whose Silicon Valley Product Group has shaped how an entire generation thinks about product management, is explicit about this: "In an early stage startup, the product manager role is most appropriately played by the CEO or one of the founders."\\]
This means the CTO is making product decisions constantly -- what to build, what to defer, what to kill -- while also being responsible for how it gets built. The dual role is a feature of the stage, not a personal failing. Karl Hughes, CTO of The Graide Network, describes the experience directly: "In my current role I lead both product and technology, which has been a stretch, but learning new things is the norm at startups."\\] Lauren Mosenthal, CTO and Head of Product at Glassbreakers, found enough interest to start a peer roundtable for CTOs wearing both hats in the Bay Area -- evidence that the experience is widespread enough to sustain a community but unnamed enough that nobody had organised one before.\\]
Camille Fournier, former CTO of Rent the Runway, frames the underlying tension precisely: "The CTO must protect the technology team from becoming a pure execution arm for ideas without tending to its own needs and its own ideas."\\] The CTO who wears the product hat is simultaneously the person generating the ideas and the person protecting the team from being overwhelmed by them. The tension is productive -- it forces the CTO to evaluate every feature request against both desirability and feasibility in real time, with no handoff delay -- but it is also exhausting. Peadar Coyle, a startup CTO who has written about the experience, is candid: "I'm personally skeptical of a CTO also wearing the head of product hat -- it means that one person is juggling a lot of responsibility simultaneously."\\]
The scepticism is warranted but misses the point. The CTO at a seed-stage startup is not choosing to wear the product hat. They are wearing it because there is no one else. The question is not whether to do the job. The question is how to do it well -- and the answer, for technical founders, is not a specification document.
| | AUTHOR: Your experience at CorralData -- when did you realise you were the product leader? Was it explicit from the start, or did it happen by default? How did the dual role feel in the early days versus now? |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Demo-Driven Development
In the AI product community, "demo-driven development" has emerged as a recognised failure mode. The Applied LLMs collective -- six practitioners with experience at Amazon, Hex, Weights & Biases, and GitHub -- put it directly: "While the barrier to entry for building with AI has been lowered, creating products and systems that are effective -- beyond a demo -- remains deceptively difficult."\\] Hamel Husain, who led the team that created CodeSearchNet (a precursor to GitHub Copilot), goes further: "Unsuccessful products almost always share a common root cause: a failure to create robust evaluation systems."\\] The demo dazzles. The product disappoints. The gap between the two is where startups die.
And yet. At the early-stage startup, the demo is the most powerful product discovery tool the CTO has. The reason is a communication asymmetry that every technical founder recognises: explaining a technical plan to a non-technical CEO or customer produces glazed eyes and false agreement. The words are English but the concepts do not transfer. The CEO nods. The customer says "that sounds great." Neither has understood what was proposed, and the CTO has mistaken politeness for validation.
A quick proof-of-concept demo produces something different: real feedback. The CEO sees a rough prototype and says "that's not what I meant" or "can it do this instead?" or "show that to the customer on Thursday." The customer sees a working prototype and uses it wrong -- which is to say, they use it the way real users will use it, revealing assumptions the spec would never have surfaced. The product emerges from a conversation -- demo, feedback, iteration, demo -- rather than from a document that nobody reads the same way twice.
Teresa Torres, whose _Continuous Discovery Habits_ has become the standard text on product discovery, describes the principle: "When brainstorming solutions, engineers often come up with the best solutions ... because they have a depth of knowledge about what's possible with technology."\\] Her framework centres the "product trio" -- product manager, designer, and tech lead -- as co-equal participants in discovery. But at the seed-stage startup without a PM or a designer, the product trio is the CTO, the CEO, and the prototype. The demo _is_ the discovery session.
The discipline is not in building the demo. Any engineer can build a demo. The discipline is in what happens after. A successful demo validates a possibility. It does not validate a product.\\] The CTO who falls in love with the demo -- who confuses the excitement in the room with evidence of market demand -- is building on sand. The demo must be followed by the hard questions: Does this solve a real problem? Will users pay for it? Can we build it at production quality within our constraints? How do we measure whether it works? The demo starts the conversation. The conversation produces the roadmap. The roadmap produces the product.
This does not have to be the CTO's demo. Some of the best features at any startup come from engineers who build something cool on a Friday afternoon and show it to the team on Monday morning. The room lights up. The CEO sees the business case. The whole company gets behind the effort to build it properly and ship it. The CTO's role in these moments is not to be the innovator but to be the curator -- recognising which demos deserve investment, ensuring that the path from prototype to production is staffed and scoped, and killing the ones that are impressive but strategically irrelevant. The key is to fail fast and try things out. The demo that dies after a day of work has cost almost nothing. The feature that survives six months of development without user validation has cost everything.
| | AUTHOR: Specific CorralData examples -- a demo that became a shipped feature, a demo that died, and a moment when an engineer's prototype became a company priority. The reader needs to see demo-driven development as a practice, not a concept. Names, timelines, what the demo looked like, what the feedback was, what happened next. |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
Husain's warning about evaluation systems applies here with full force. The AI-powered product -- and CorralData's natural language-to-SQL copilot is precisely this kind of product -- faces a unique version of the demo-to-production gap. The demo works because the prompt was crafted for the specific query the audience will see. Production fails because real users ask questions the prompt was never designed for. Marc Klingen, CEO of Langfuse, offers a principle that applies beyond AI: "Do not build workarounds for current model limitations" -- invest in the problems specific to your use case, because the generic limitations will be solved by the next model release.\\] The CTO building on foundation models must roadmap around a moving target: the capabilities of the product change every time the underlying model improves. Traditional roadmapping, with its fixed features and delivery dates, cannot accommodate this. Demo-driven development can, because the demo naturally incorporates the latest capabilities and the feedback loop is short enough to absorb capability jumps.
The Foundation Capital analysis of the AI startup risk is stark: "The model provider that powers you can also turn around and steamroll you."\\] Model providers see which domains drive heavy API usage, which apps gain traction, and which features deliver results. The CTO building on third-party models must ensure that the product's value lies in the system around the model -- the domain knowledge, the user experience, the data pipeline, the evaluation framework -- not in the model call itself. This is where demo-driven development meets architectural strategy: the demo reveals which parts of the product depend on the model and which parts depend on your team's unique understanding of the problem.
| | AUTHOR: How you think about this at CorralData specifically -- where does your competitive advantage sit relative to the underlying LLM? What happens to your product when the next GPT or Claude release makes certain capabilities commodity? |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Roadmap Is Not a Promise
The demo produces ideas. Ideas need structure. Structure means a roadmap. And here is where most startups go wrong.
Cagan frames the problem with characteristic precision: "Anytime you put a list of ideas on a document entitled 'roadmap,' no matter how many disclaimers you put on it, people across the company will interpret the items as a commitment."\\] The sales team sells features from the roadmap to close deals. The board tracks roadmap delivery as a proxy for engineering productivity. The CEO references the roadmap in investor updates. The document that was supposed to communicate intent becomes a contract -- and the CTO is the person held accountable when reality diverges from the plan.
Janna Bastow, co-founder of ProdPad and Mind the Product, invented the Now/Next/Later roadmap format in 2012 specifically to break this pattern. Her insight was structural: replace dates with time horizons. "The fundamental thing about the NNL is that it removes the constraints of the timeline and gives you something much more human: time horizons," Bastow wrote. "Time horizons are powerful because they allow you to move forward with a broad plan, yet only make commitments to what lies directly ahead of you."\\] _Now_ contains committed work with clear scope. _Next_ contains validated problems with proposed solutions. _Later_ contains strategic themes and open questions. The further out the horizon, the less specific the commitment.
Melissa Perri, whose _Escaping the Build Trap_ gave a name to the pathology of shipping without learning, puts it simply: "A Roadmap is a communication tool first and foremost."\\] The CTO who understands this distinction -- communication tool, not delivery contract -- can manage the CEO, the board, and the sales team without either overpromising or appearing evasive. The roadmap says "this is what we believe is most important, this is what we are learning, and this is where we think we are headed." It does not say "this feature will ship on this date."
The most common pathology is the sales-driven roadmap. John Cutler, who has written more about product management dysfunction than perhaps anyone alive, describes the dynamic: the sales team pressures the CTO to prioritise work to close a deal, the CTO complies, the roadmap becomes a collection of customer-specific feature requests, and the product loses coherence.\\] Cutler documents the alternative through a salesperson he worked with who stopped selling the roadmap and started selling the team's track record: "I sold our ability to innovate and I sold real ROI and outcomes, not future features."\\] The CTO who enables that shift -- by building a team that consistently delivers value rather than a roadmap that consistently promises features -- has solved the sales-driven roadmap problem at its root.
Ross McNairn, CPEO at TravelPerk, provides the structural principle: "There is no distinction between technical and product roadmaps. If you refer to parts of the roadmap as 'engineering only', this creates a wall."\\] The unified roadmap -- where technical debt reduction sits alongside feature development, where platform investment is visible to the same audience that sees customer-facing work -- prevents the CTO from having to maintain a shadow roadmap of "engineering work" that the business never sees and therefore never values.
Ryan Singer's _Shape Up_, developed at Basecamp, takes the most radical position: no roadmap at all. Instead, Basecamp works in six-week cycles, with each cycle's work shaped and committed at the start and nothing promised beyond the current cycle. Singer is candid about the limitation: "That 'no roadmap' style of working has a lot to do with the structure of Basecamp... they're self-funded, profitable, and free from external pressures."\\] For VC-backed startups with boards expecting quarterly plans, Shape Up's purity is aspirational. But its core insight -- that committing only to what you can see clearly and treating everything beyond the horizon as intent rather than promise -- is the same insight that Bastow's Now/Next/Later encodes.
| | AUTHOR: How you manage the roadmap at CorralData. Do you use Now/Next/Later or something else? How do you handle sales-driven requests? What does the board see, and how does it differ from what the engineering team sees? |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Hiring Product -- and Letting Go
The CTO who wears the product hat will eventually need to take it off. The trigger is not a calendar date or a headcount threshold, though both provide rough indicators. Jonathan Golden, who joined Airbnb as their first product manager when the company had 35 employees, provides the clearest diagnostic: "It's time to hire your first product manager when all three of the following are met: You've achieved product-market fit and need to scale. Your engineering team is greater than seven people. You are mentally ready to let someone else control the roadmap at some level."\\]
The third condition is the hardest. The CTO has been living inside the product -- every feature decision, every trade-off, every customer conversation -- and now must trust someone else with that context. First Round Review names the emotional reality: "Product is, understandably, one of the hardest LEGOs to hand to someone else."\\] Nikhyl Singhal, who co-founded three startups before becoming Chief Product Officer at Credit Karma, calls the pre-PM phase a "drunken walk" -- scrappy experiments, founder intuition, no process -- and argues that the first PM's job is not to replace that intuition but to structure it.\\]
The CTO who hires a PM and then undermines their authority -- reviewing every decision, overriding priorities, maintaining a shadow roadmap -- has not hired a PM. They have hired an assistant. The transition requires the CTO to draw a clear boundary: the PM owns prioritisation and user outcomes; the CTO owns architecture, platform investment, and technical debt. Cagan is emphatic about the CTO's retained domain: "Ultimately it's the CTO's job to ensure the systems and architecture can meet the needs of the business. Sometimes CTOs say that product won't let them address it. But the CTO is wrong for even asking the head of product. This stuff is not up to the head of product."\\]
The boundary also runs the other direction. The CTO who participates in product discovery -- customer calls, prototype reviews, prioritisation debates -- is doing their job. The CTO who dictates product decisions based on technical preference rather than user evidence is doing the PM's job badly. Ebi Atawodi, Director of Product at Netflix, provides the principle from the PM's side: "You are also 'product.' There's no 'waiting for product' or 'product said this or that.' Understand that you're a partner in this setup."\\] The partnership model -- where the PM, the designer, and the tech lead form Torres's product trio, each contributing their domain expertise to shared decisions -- is the target state. Getting there requires the CTO to let go of the _what_ without letting go of the _whether_.
The Thoughtworks consulting team, writing on Martin Fowler's blog, documents what happens when the transition fails: "At the beginning of a startup's journey, aligning is natural because you are a small team working closely together. However, in the scaleups we work with, we find that product and technical teams are quite separated."\\] The separation that Thoughtworks describes -- "us vs them," with product throwing requirements over the wall and engineering treated as a feature factory -- is the pathology that Cagan has spent decades fighting. His distinction between "empowered product teams" and "feature teams" is the diagnostic: in a feature team, the person who requested the feature -- not the team building it -- is responsible for whether it delivers value.\\] The CTO's job is to ensure their teams are empowered, not enslaved.
| | AUTHOR: Have you hired a PM at CorralData? If yes, how did the transition feel? If not, what would trigger the hire? How do you currently split the product-engineering boundary with your CEO? |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Discovery Obligation
The CTO who hands off product ownership to a PM faces a temptation: retreat to the engineering side and stop thinking about users. This is a mistake. Cagan is direct: "If you're just using your engineers to code, you're only getting about half their value."\\] The principle applies to the CTO as much as to the team. The CTO who stops attending customer calls, stops reviewing user research, stops participating in prioritisation -- the CTO who becomes a pure delivery leader -- has ceded the strategic function that makes the role executive rather than managerial.
Torres's framework embeds this structurally. In the product trio model, the tech lead is responsible for feasibility -- but feasibility is not a gate check at the end of the process. It is a creative input throughout. "We want them as active participants in the ideation process, not just recipients or judges of the outputs of that process," Torres writes.\\] The CTO who participates in discovery can identify technical opportunities that no PM would see -- an architectural change that enables a new class of features, a data pipeline that opens a market segment, a model improvement that makes a previously impossible product viable. The CTO who abdicates discovery loses this advantage.
Melissa Perri gives the pathology a name: the build trap. "There is a serious flaw with 'Move Fast and Break Things,' and it's that most companies see this as an excuse to stop analyzing what they intend to build and why they should build it."\\] The company in the build trap measures success by output -- features shipped, tickets closed, velocity maintained -- rather than by outcomes: revenue generated, users retained, problems solved. The CTO is the person best positioned to break the trap, because the CTO controls the team's capacity and can redirect effort from building the wrong thing faster to discovering the right thing to build.
Cagan addresses the CTO directly: "In this case, my discussion moves to the CTO/VP Engineering, and I explain that they have mercenaries and not missionaries, and why they need to raise their bar on hiring engineers. At a minimum, they need at least one true tech lead on each product team, and discovery is one of the big responsibilities of the tech lead."\\] The CTO who builds a team of missionaries -- engineers who care about the problem, not just the code -- has built a team that can participate in discovery without being asked. The CTO who builds a team of mercenaries -- engineers who execute specifications without questioning them -- has built a feature factory, regardless of what the org chart says.
| | AUTHOR: How you stay connected to discovery at CorralData. Do you join customer calls? Do you review user research? How do you balance the pull of engineering management with the need to remain a product thinker? |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
The CTO's relationship to product evolves through three phases that map roughly to the book's four-stage model. In Stage 1, you are product -- the demo is the discovery, the prototype is the plan, and the roadmap is whatever you and the CEO agreed on over coffee. In Stage 2, you are building toward product -- hiring the first PM, drawing boundaries, learning to let go of the _what_ while retaining the _whether_. In Stage 3 and beyond, you are a partner to product -- participating in discovery, protecting engineering's strategic investment, and ensuring that the team builds missionaries, not mercenaries.
The transition between these phases is one more version of the grief that [Chapter 13](13-maker-to-multiplier.html) will describe: the loss of a role that felt natural, replaced by a role that feels bureaucratic. The CTO who was product -- who knew every user by name, who could sketch the entire system on a whiteboard, who made prioritisation decisions based on a mixture of data and instinct that no PM could replicate -- must accept that the company's success requires giving that away. The demo that started as a conversation between the CTO and the CEO becomes a conversation between a product team and their users. The CTO's job is to build the team that can have that conversation without them.
## Frequently Asked Questions
1. _Should a CTO also be the product manager?_
In the earliest stages, yes -- someone has to own both the technical and product decisions, and at a company of five people that person is usually the CTO. But as the product grows in complexity and the customer base expands, the dual role becomes unsustainable. Hire a dedicated product manager once the CTO can no longer do justice to both customer research and technical leadership, typically around 15 to 25 employees.
2. _How do CTOs work with product managers?_
The CTO-PM relationship is a partnership with clear boundaries. The product manager owns the problem space -- understanding customers, defining what to build, and prioritising the roadmap. The CTO owns feasibility -- what is technically possible, what the architecture can support, and what the cost and timeline implications are. The best CTO-PM pairs make decisions together at the intersection, with each respecting the other's domain expertise.
3. _What is the now-next-later roadmap?_
The now-next-later roadmap replaces fixed timelines with confidence bands. Now items are committed work in the current cycle with high certainty. Next items are likely priorities for the following cycle with moderate certainty. Later items are directional bets with low certainty that may change as you learn more. This format honestly communicates uncertainty to stakeholders instead of creating false precision with Gantt charts and specific dates.
4. _When should a startup hire its first product manager?_
Hire a product manager when the CTO or CEO can no longer do adequate customer research because technical and operational demands consume their time, typically around 15 to 25 employees. Other signals include feature decisions being made without customer input, the roadmap being driven entirely by the loudest stakeholder, and the CTO spending more time in customer calls than in engineering. The first PM hire should be senior enough to operate independently.
5. _What is the CTO's role in product decisions?_
The CTO brings technical feasibility, architecture implications, and cost clarity to product decisions. They answer questions like: can we build this, how long will it take, what are the technical risks, and what does this decision mean for our architecture long-term. The CTO should not unilaterally decide what to build (that is the product manager's domain) but should have a strong voice in how to build it and a veto on decisions that create unsustainable technical debt.
## References
. Shah, D. What I learned in a decade at HubSpot. _Business of Software Conference_. -- See also Shah, D. (interviewed by First Round Review). The company-building cornerstones every founder needs to focus on. _First Round Review_.
. Cagan, M. The CEO as head of product. _Silicon Valley Product Group_, August 31, 2010\. -- See also Cagan, M. Lead engineer as product owner. _SVPG_.
. Hughes, K. The many roles of a startup CTO. _karllhughes.com_.
. Mosenthal, L. Starting a startup as CTO / Head of Product. _MintzEdge_ (originally Gust.com).
. Fournier, C. (2015, February 8). On the role of CTO. _camilletalk.com_.
. Coyle, P. 5 things I've learned being a startup CTO. _Medium_.
. Yan, E., Bischof, B., Frye, C., Husain, H., Liu, J., & Shankar, S. (2024, June 8). What we've learned from a year of building with LLMs. _Applied LLMs_.
. Husain, H. (2024, March 29). Your AI product needs evals. _hamel.dev_.
. Torres, T. (2018, December 12). Why engineers should participate in discovery. _Product Talk_. -- See also Torres, T. (2021). _Continuous Discovery Habits_. Product Talk LLC.
. Prayerson. (2026, February 14). AI product reliability: A guide for product managers. _Prayerson's Newsletter_ (Substack).
. Klingen, M. (2024, November 13). LLM product development for product managers. _Langfuse Blog_.
. Garg, A., & Gupta, J. (2025, November 5). When model providers eat everything: A survival guide for service-as-software startups. _Foundation Capital_.
. Cagan, M. (2015, September 7). The alternative to roadmaps. _SVPG_.
. Bastow, J. (2022, October 18). Why I invented the Now-Next-Later roadmap. _ProdPad Blog_.
. Perri, M. (2017, February 15). Effective product roadmaps. _melissaperri.com_. -- See also Perri, M. (2018). _Escaping the Build Trap_. O'Reilly Media.
. Cutler, J. (2016, January 16). Hidden costs of the sales-driven roadmap. _Medium_. -- Salesperson quote from Cutler, J. (2020, May 21). TBM 21/53: "Vision" and prescriptive roadmaps. _The Beautiful Mess_ (Substack).
. McNairn, R. Quoted in Orosz, G. (2021, December 16). Working with product managers: Advice from PMs. _Pragmatic Engineer Newsletter_.
. Singer, R. (2023, August 16). Three "what about...?" questions when considering Shape Up. _ryansinger.co_. -- See also Singer, R. (2019). _Shape Up: Stop Running in Circles and Ship Work that Matters_. Basecamp.
. Golden, J. When and how to make your first product hire. _Medium_.
. First Round Review. When should you stop clinging to product and hire your first PM? _First Round Review_.
. Singhal, N. (interviewed by First Round Review). How to craft your product team at every stage, from pre-product-market fit to hypergrowth. _First Round Review_.
. Cagan, M. (Q&A with Product Faculty Toronto, September 12, 2020). Transcribed by Tim Woods.
. Atawodi, E. Quoted in Orosz, G. (2021, December 16). Working with product managers: Advice from PMs. _Pragmatic Engineer Newsletter_.
. Kick, R., & Collins, K. (2022, October 19). Bottleneck #03: Product v Engineering. _MartinFowler.com_ (Thoughtworks).
. Cagan, M. Product vs. feature teams. _SVPG_.
. Cagan, M. Empowered engineers FAQ. _SVPG_.
. Perri, M. (2014, August 5). The build trap. _melissaperri.com_.
Chapter 9: Measuring What Matters (and Ignoring What Doesn't)
====================
> There are known knowns; there are things we know we know. We also know there are known unknowns. But there are also unknown unknowns -- the ones we don't know we don't know.
-- Donald Rumsfeld
Department of Defense press briefing, February 12, 2002
Key Takeaways
* DORA metrics are diagnostic instruments, not productivity scores. The moment you use them to compare teams or justify headcount, you have converted a thermometer into a target and guaranteed that people will game it.
* Story points have been disavowed by the person who invented them. If the creator of a metric says it was a mistake, continuing to use it is not rigour -- it is tradition dressed up as measurement.
* Metrics create incentives, incentives create behaviours, and behaviours create culture. Choose your metrics with the same care you would choose your values, because in practice they are the same thing.
* The most useful measurement framework holds two or three metrics in tension so that optimising one at the expense of the others is visible. A single metric invites gaming; a balanced set invites judgement.
* When your leading indicators and your gut instinct disagree, the disagreement itself is the most valuable signal you have.
Abi Noda, founder of DX, a developer experience research firm, describes the moment that most CTOs recognise. "I personally experienced this challenge in my first job as a CTO. Our executive team had started meeting monthly to review each department's progress. Our CEO wanted more than just the anecdotal release updates I had been providing, and asked me to come up with a hard metric to report. The problem: I couldn't think of a good metric to use."\\]
The CTO who measures nothing is flying blind. The CTO who measures everything is drowning in data. Both end up in the same place: unable to answer the question the CEO is actually asking, which is not "how fast is engineering moving?" but "is the investment in engineering producing results?"
This chapter provides the measurement system that answers that question -- lightweight enough for a five-person team, rigorous enough for a Series B board, and structured to avoid the traps that turn measurement from a tool into a distraction. The reader who has built (Chapters 4--5), shipped (Chapter 6), and defended (Chapter 7) now needs to know if any of it is working. The measurement language developed here is also the raw material for Chapter 10's board communication framework: the CTO who can measure well can translate those measurements into the business language that boards evaluate.
## What DORA Actually Measures
The DORA metrics -- deployment frequency, lead time for changes, change failure rate, and time to restore service -- are the closest thing the software industry has to a validated measurement standard. Developed by Nicole Forsgren, Jez Humble, and Gene Kim through research spanning more than a decade and tens of thousands of professionals, the metrics have demonstrated a consistent finding: teams that deploy more frequently also have lower failure rates and faster recovery times. Speed and stability are complements, not trade-offs.\\]
The metrics are useful. They are also widely misunderstood, frequently misapplied, and occasionally dangerous. The CTO who adopts DORA without understanding its limitations will make three common mistakes.
The first mistake is treating DORA as a productivity measure. It is not. Forsgren herself has stated: "One of DORA's limitations is its scope. We focused on the software delivery process -- mostly from code commit to release. There's a lot of important work and systems behavior that happens before and after that which are not captured."\\] Noda's formulation is sharper: "Conflating productivity and software delivery performance is like conflating cholesterol and blood sugar -- while both are important factors, they are fundamentally distinct things."\\] DORA tells you how efficiently the team delivers code to production. It does not tell you whether that code produces value for customers.
The second mistake is treating the performance clusters as fixed benchmarks. The elite/high/medium/low designations that practitioners cite -- deploy on demand, lead time under one hour, change failure rate below 5%, recovery time under one hour -- are not targets. They are clusters that emerge from statistical analysis of survey responses, and they change every year. Rachel Stephens at RedMonk observes: "These values are not pre-defined benchmarks. The performance levels that a team needs to achieve to be placed in a specific low-medium-high-elite group can and do change year-to-year based on survey responses."\\] In 2025, DORA abandoned the four-tier system entirely, replacing it with seven archetypes based on eight measures.\\] The CTO who tells the team "we need to reach elite by Q4" is chasing a moving target that was never designed to be chased.
The third mistake is using DORA metrics as individual performance measures or as a tool for comparing teams. Bryan Finster, a DevOps practitioner who has written extensively about DORA misuse, warns: "Having good DORA metrics does not mean you are a high-performing organization. Delivering very stable, very small batches of useless crap doesn't make you high performing."\\] DORA's own documentation warns against Goodhart's Law -- the principle that a measure that becomes a target ceases to be a good measure. Publishing DORA metrics without context, Finster argues, "is usually a destructive act."\\]
Where DORA earns its keep at startup scale is as a diagnostic tool rather than a scorecard. Charity Majors, CTO of Honeycomb, provides the most useful framing: "That's the great gift of the DORA metrics. If you start focusing on one of them, you will lift your org out of poverty, and the others will get better too."\\] If the team's deployment frequency is weekly, improving it to daily will likely improve lead time, recovery time, and failure rate simultaneously -- because the underlying practices that enable frequent deployment (small batches, automated testing, continuous integration) are the same practices that improve all four metrics. The CTO does not need to optimise each metric independently. They need to identify the one that is most constrained and address that constraint.
The 2024 DORA report introduced a finding that connects directly to Chapter 12's AI argument: as AI adoption increased across the surveyed organisations, delivery throughput decreased by an estimated 1.5% and delivery stability decreased by 7.2%.\\] The 2025 report refined this: AI shows positive impact on individual throughput but continues to have a negative relationship with delivery stability.\\] The implication for the CTO: AI tools may be making individual engineers faster while making the system less reliable. DORA metrics are the instrument that reveals this gap -- if the CTO is tracking them.
| | AUTHOR: How CorralData uses (or does not use) DORA metrics -- are you tracking deployment frequency, lead time, or failure rate? If not, what do you measure instead? If yes, what has the measurement revealed? The reader needs to see a working CTO's relationship with these metrics, not just the theory. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Beyond Delivery: Measuring What Engineers Experience
DORA measures the output of the delivery process. It does not measure the experience of the people producing that output -- and the experience turns out to be a leading indicator of the output.
The SPACE framework, published by Forsgren, Margaret-Anne Storey, and colleagues in ACM Queue in 2021, provides five dimensions of developer productivity: Satisfaction and well-being, Performance, Activity, Communication and collaboration, and Efficiency and flow.\\] The framework's core contribution is a constraint: any measurement system must capture at least three of the five dimensions, combining perceptual data (surveys) with workflow data (system metrics). A system that measures only activity -- commits, pull requests, lines changed -- misses whether those activities are producing satisfaction, enabling collaboration, or being performed efficiently.
Laura Tacho, CTO of DX, clarifies a common misconception: "'\`SPACE metrics' simply don't exist. SPACE is a framework that does not come with a punch list of things to measure. Instead, SPACE provides guardrails and mental models when crafting your organization's definition of productivity.\`"\\] Forsgren herself positions the relationship between the two frameworks: "DORA is an instance of SPACE, as a measure of the performance of software."\\]
For the startup CTO, the practical question is not whether to implement SPACE -- the full framework requires a survey programme and tooling infrastructure that a five-person team does not need. The practical question is which of the five dimensions to track, and how.
Lena Reinhard, a VP of Engineering who has led teams at CircleCI and Travis CI, provides the most useful guidance for scaling measurement to team size. At one to ten engineers, she writes, "Everyone works more or less on everything and the team size is small enough so that everyone still has visibility into what's going on. Use a rudimentary project management tool." At this stage, satisfaction is the most important dimension and the easiest to measure: a monthly one-on-one conversation that asks whether the engineer is productive, frustrated, or blocked. "At this stage, anything more would probably add too much overhead and slow teams down."\\]
At the 25-to-50 person threshold, Reinhard identifies the critical transition: "Your organization is growing. Visibility across and between teams naturally decreases, while complexity increases. This means that your delivery process should become more robust."\\] This is where efficiency and flow become critical -- are engineers spending their time on the product or on tooling, review cycles, and context-switching? It is also where the temptation to over-instrument is strongest. Reinhard's warning applies directly: "Resist the temptation of making too much information mandatory and standardizing too much."\\] The goal is to see the patterns, not to surveillance the process.
Her framing of the cultural stakes is the most important insight in the measurement literature: "Metrics create incentives, that create behaviors, that create culture."\\] The CTO who measures lines of code is creating a culture that values volume. The CTO who measures cycle time is creating a culture that values flow. The CTO who measures developer satisfaction is creating a culture that values the people who do the work. The choice of metric is not a technical decision. It is a cultural one.
Noda and his collaborators distilled SPACE further in 2023 with the DevEx framework, which identifies three dimensions that most directly affect developer productivity: feedback loops (how quickly developers get information about their work), cognitive load (how much mental effort is required to complete tasks), and flow state (how often developers can sustain uninterrupted focus).\\] In 2024, Noda published the DX Core 4, which combines one system metric (pull requests per engineer) with one perceptual metric (a Developer Experience Index derived from surveys), one quality metric (change failure rate, borrowed from DORA), and one business-alignment metric (percentage of engineering time spent on new capabilities versus maintenance).\\]
The DX Core 4's business-alignment metric -- what percentage of engineering time goes to new capabilities -- connects directly to Chapter 5's debt analysis. The Stripe data showed that 33% of engineering time goes to technical debt service. The DX Core 4 makes that ratio measurable and visible. The CTO who can say "62% of our engineering capacity is going to new capabilities, up from 48% last quarter after the authentication migration" is speaking in outcomes. The CTO who says "we completed 47 story points" is speaking in noise.
| | AUTHOR: Which of these dimensions CorralData tracks -- formally or informally. Does the team do developer experience surveys? Is there a measure of how much time goes to new features versus maintenance? The healthcare B2B context may introduce specific dimensions: compliance work as a percentage of engineering time, for instance. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## The Vanity Metrics Trap
Story points are the most widely used engineering metric in the startup world. They are also, by the admission of the person who invented them, a mistake.
Ron Jeffries, one of the three founders of Extreme Programming, introduced story points in the late 1990s as a planning tool -- a way for teams to estimate the relative complexity of upcoming work. He has since disavowed their use as a productivity measure: "Well, if I did invent story points, I'm probably a little sorry now, but not very sorry. I do think that they are frequently misused and that we can avoid many pitfalls by not using story estimates at all."\\] Chet Hendrickson, who co-created the concept with Jeffries, is blunter: "It was the best we could think of in 1996, by 2001 we had discovered better ideas, and by now it should have been kicked to the curb long ago."\\]
The problem with story points is not that they are useless for planning. Within a single team, over time, they provide a rough sense of how much work the team can absorb in a sprint. The problem is that they inevitably get used for something they were never designed to do: cross-team comparison, individual performance evaluation, and board-level reporting. Martin Fowler identified this dynamic in 2004: "The dangerous aspect comes from once you have a standard unit for measurement across teams, someone is inevitably going to use it to compare the performance of teams. This will cause teams to distort their measurements."\\] Fowler's assessment of velocity as a productivity tool is equally direct: "Velocity is a tool for calibrating estimations. It is not a measure of productivity. Using velocity as a productivity measure kills agility."\\]
Lines of code is the other perennial vanity metric, and it has been discredited for even longer. Edsger Dijkstra, writing in 1988, provided the definitive takedown: "\`If we wish to count lines of code, we should not regard them as 'lines produced' but as 'lines spent': the current conventional wisdom is so foolish as to book that count on the wrong side of the ledger.\`"\\] The GitClear data from Chapters 5 and 11 demonstrates the consequence of measuring code volume: AI tools produce more lines while refactoring less, creating codebases that are larger, more duplicated, and harder to maintain.
The McKinsey developer productivity controversy of 2023 provides the cautionary tale for the CTO who is tempted -- or pressured -- to adopt simplistic measurement. McKinsey published an article arguing that developer productivity could be measured through a combination of system metrics and individual contribution analysis. The engineering community's response was swift and damning. Kent Beck and Gergely Orosz published a joint rebuttal arguing that McKinsey's framework measured only effort and output, not outcomes and impact, and would "do far more harm than good to organizations -- and to the engineering culture at companies."\\] Dan North, creator of Behaviour-Driven Development, pointed out the irony: "Software development is one of the most ruthlessly scrutinized and measured of all business activities. The one thing you cannot call this era is under-measured. Mis-measured, for sure, but never under-measured."\\]
North's most important insight is about where value actually resides: "Your highest-value developers are 10x by enabling other developers. Often the least useful thing they can be doing is producing code themselves."\\] Any metric that measures individual code output -- story points, commits, pull requests, lines of code -- systematically undervalues the engineers who make everyone else more productive. The CTO who reports velocity to the board is not just using the wrong metric. They are creating incentives that reward the wrong behaviour.
David Subar frames the stakes in career terms: "Velocity is important to Engineering and partly to Product, but is completely the wrong thing to discuss with CEOs. Communicating results using the wrong metrics can lead CEOs to believe that their CTO is poorly focused, feckless, or worse, an impediment to the organization."\\] The average CTO tenure of two and a half to three years, Subar argues, is directly connected to this communication failure.
The alternative to vanity metrics is not more sophisticated vanity metrics. It is metrics that connect engineering activity to business outcomes -- which is the subject of the next section.
| | AUTHOR: Has CorralData ever used story points or velocity as a metric? If so, what happened? If not, what replaced them? A concrete example of replacing a vanity metric with one that connects to business outcomes would be the most useful passage in this section. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Goals That Survive a Pivot
OKRs -- Objectives and Key Results -- are the dominant goal-setting framework in the startup world. They are also, for most startups, a waste of time.
Marty Cagan, the most influential voice in product management, stopped recommending OKRs to most companies: "In the majority of companies I meet, I have stopped recommending the practice. That's because, in so many companies, even though conceptually the technique is simple and sound, it ends up proving a waste of time and effort, and yields little if any results."\\] His diagnosis: OKRs work at companies like Google because those companies already had empowered product teams -- teams that were trusted to solve problems, not just deliver features. At companies where engineering teams are treated as delivery functions, OKRs become a bureaucratic layer on top of a feature factory.
Angelo Saraceno, co-founder of Railway, describes the firsthand failure: "We tried OKRs, they created more ceremony than clarity. We implemented them faithfully, we all read the John Doerr book. And it worked -- somewhat." The problem: "At Railway, we would spend a significant amount of time discussing what is a valid OKR, only for us to realize we were two days into the planning process and we've yet to decide what we should build."\\]
The startup CTO faces a specific version of this problem. OKRs assume you know what you are trying to achieve. Pre-product-market-fit startups are still figuring that out. Setting quarterly objectives when the company might pivot next month is not strategic planning. It is performance art.
Dave Bailey, an executive coach who works with early-stage founders, proposes a lightweight adaptation: four-to-six-week cycles instead of quarterly, one or at most two key results per objective, and a constraint on scope. "In a startup, there are only two things that matter: your customers and your team. Therefore, every OKR across the business should serve either your customer or your team. Period."\\]
Ravi Mehta, former Chief Product Officer of Tinder and former product leader at Facebook and Tripadvisor, identifies a structural gap in the OKR framework: it answers "what?" and "how?" but not "why?" He observes that John Doerr himself, in his TED talk, says good goals should answer all three questions -- but the OKR format only provides fields for two. Mehta's alternative -- Narratives, Commitments, and Tasks -- adds the missing dimension. The Narrative is one to three sentences explaining what the team is doing and why it matters. The Commitments are three to five measurable goals the team commits to completely. The Tasks are the specific work items, which can change as circumstances shift. The key distinction: "If you've achieved all of your Commitments, but not completed any of your Tasks -- that's a win."\\]
Spotify abandoned OKRs entirely in 2014\. Henrik Kniberg, who documented Spotify's engineering culture, described the replacement: a DIBB framework (Data, Insight, Belief, Bet) with a strategic cadence of six months and a tactical cadence of six weeks.\\] The framework was less prescriptive than OKRs and better suited to an organisation that was still learning what worked. The lesson for the startup CTO: the goal-setting framework that Google uses at 100,000 employees is not the framework that a 10-person team needs. The tool should match the stage, and at the early stage, the tool should be light enough that the team spends more time building than planning.
For the CTO at the Coder stage, even Bailey's lightweight OKRs may be too much process. The question to answer is simpler: what are we trying to learn this month, and how will we know if we learned it? At the Manager stage, Bailey's framework or Mehta's NCTs provide enough structure to coordinate multiple workstreams without the overhead of full OKRs. At the Director stage, OKRs may begin to earn their keep -- but only if the team culture is one where engineers solve problems rather than deliver features. Cagan's diagnostic is the test: if the engineering team is empowered to figure out how to solve the problems they have been assigned, OKRs can help align that work. If the engineering team is told what to build and asked to estimate when it will be done, OKRs are a bureaucratic veneer on a delivery function.
| | AUTHOR: CorralData's goal-setting process -- do you use OKRs, NCTs, or something informal? How do you set engineering goals when the product roadmap is evolving? The reader at your stage (scaling through the early millions in ARR) needs to see what goal-setting looks like in practice at a company that is past MVP but not yet at the scale where formal OKRs are natural. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Leading Indicators and the Gut Check
The metrics described so far are lagging indicators. They tell the CTO what has already happened. The CTO who relies only on lagging indicators will discover problems weeks after the team has started to struggle.
Will Larson provides the most systematic framework for measurement, organising it into four modes: measure to plan (project selection and prioritisation), measure to operate (incidents, downtime, latency, costs), measure to optimise (engineering productivity and developer experience), and measure to inspire (engineering's transformational impact on the business).\\] His most important warning is about which of these to share with the CEO: "The biggest mistake to avoid is asking your CEO to measure engineering through your Metrics to optimize. Although intuitively you can agree that being more efficient is likely to make engineering more impactful, most CEOs are not engineers and often won't be able to take that intuitive leap."\\] The CEO does not need to see deployment frequency or PR cycle time. The CEO needs to see whether engineering is delivering on its commitments and what the risks are. Optimisation metrics are for the CTO's internal use. Business-outcome metrics are for the board.
Nicole Forsgren articulates the principle that connects leading indicators to the vanity metrics problem: "The challenge with single metrics is that they can be very easily gamed. I prefer two or three metrics that are held in tension, making it difficult to be myopic in your focus."\\] The CTO who tracks deployment frequency alone will optimise for small, frequent deploys -- even if they are deploying trivial changes. The CTO who tracks deployment frequency alongside change failure rate and customer-reported issues holds the metrics in tension: speed is only valuable if it does not degrade quality or customer experience.
Charity Majors provides the most vivid language for the leading indicator the CTO should watch most closely: deployment frequency as "the heartbeat of your company. It should be regular. It should happen consistently. It should be boring."\\] When the heartbeat becomes irregular -- when deploys start spacing out, when the team begins batching changes, when someone says "let's wait until next week to ship this" -- the CTO is seeing the early symptoms of what Majors calls "a software engineering death spiral." The cycle: slow deploys make each deploy riskier, which makes the team more cautious, which makes deploys slower, which makes them riskier. The staffing cost is exponential: "If it takes X engineers to build, maintain and run your software systems with an under 15-minute delivery frequency, then it will take twice as many engineers for an hour deployment frequency. Quadruple the staff if it takes you days to ship."\\]
The leading indicators that predict trouble before the lagging metrics move include: PR review time increasing (engineers are either overloaded or disengaged), the ratio of bug-fix commits to feature commits shifting (the team is spending more time reacting than building), on-call burden growing (the system is becoming less stable), and -- the one that no dashboard captures -- the senior engineer who stops proposing improvements and starts just completing tickets. That last indicator is where the CTO's gut matters more than the dashboard.
Larson names the trap that makes gut-versus-data a false choice: "I'm a believer in measuring something imperfect, but useful, versus holding out for the perfect metric while measuring nothing in the interim."\\] The CTO who trusts their gut without data cannot persuade the CEO. The CTO who trusts the dashboard without gut-checking it will miss the problems that metrics cannot see. The right practice is to use metrics to confirm or challenge what the CTO already suspects -- and to investigate when the metrics and the gut disagree, because that disagreement is itself the most valuable leading indicator of all.
| | AUTHOR: A CorralData example of catching a problem early -- through metrics, through gut feel, or through the disagreement between the two. The reader needs to see what "the dashboard says fine but something feels wrong" looks like in practice. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
The measurement system for a startup CTO should be lightweight enough to maintain without a dedicated tooling team, focused enough to fit on a single dashboard, and connected to the business outcomes that the CEO and board evaluate. At the Coder stage, measure three things: how often you deploy, how quickly you recover when something breaks, and whether the team is frustrated or energised. At the Manager stage, add a developer experience dimension -- a quarterly survey or a regular check-in -- and begin tracking the ratio of new capability work to maintenance work. At the Director stage, add cross-team delivery metrics and begin reporting engineering investment in business-outcome terms: not "we shipped 12 features" but "we reduced customer onboarding time from three weeks to four days."
The measurement vocabulary developed in this chapter is the prerequisite for Part III. The CTO who knows what to measure, who can distinguish leading from lagging indicators, who can hold metrics in tension rather than optimising a single number, and who can translate engineering measurement into business language -- that CTO is ready for the conversation that [Chapter 10](10-business-acumen-gap.html) describes: the one that determines whether they keep their job.
## Frequently Asked Questions
1. _What engineering metrics should a CTO track?_
Focus on DORA metrics as your foundation -- deployment frequency, lead time for changes, change failure rate, and mean time to recovery. Add cycle time to measure how long work items take from start to finish, and track the ratio of planned to unplanned work to understand how much time goes to firefighting versus building. Developer satisfaction surveys provide the qualitative signal that quantitative metrics miss. Avoid vanity metrics that look impressive but do not drive decisions.
2. _Are story points a good measure of developer productivity?_
No. Story points were designed for team-level sprint planning, not for measuring individual or team productivity. When used as a productivity metric, they incentivise the wrong behaviours -- developers inflate estimates to hit targets, teams game the system, and the metric loses its planning utility. Productivity is better measured through outcomes (features shipped, customer impact) and flow metrics (cycle time, deployment frequency) than through input measures like story points.
3. _What are DORA metrics and why do they matter?_
DORA metrics -- deployment frequency, lead time, change failure rate, and mean time to recovery -- are the best-validated measures of software delivery performance, backed by years of research across thousands of organisations. They matter because they are resistant to gaming (improving one does not degrade another), they correlate with business outcomes, and they measure the capability of the delivery system rather than individual effort. Elite teams score well on all four simultaneously.
4. _How do you avoid vanity metrics in engineering?_
Apply a simple test to every metric: if this number improved by 20 percent, would you change any decision or behaviour? If not, it is a vanity metric. Good metrics are actionable (they point to specific improvements), accessible (the team understands them), and auditable (the data source is transparent). Common vanity metrics include lines of code, number of commits, and total story points completed -- they feel productive to track but do not connect to customer or business outcomes.
5. _What KPIs should an engineering team use?_
Start with the four DORA metrics as your foundation for delivery performance. Add cycle time to understand work-item flow. Track planned versus unplanned work ratio to measure operational health. Use developer satisfaction surveys quarterly to catch cultural and tooling problems before they show up in delivery metrics. The best KPI set is small enough that the team can remember all of them, connected to business outcomes, and reviewed regularly with action taken on the results.
## References
. Noda, A. (2024, December 10). Introducing the DX Core 4\. _Engineering Enablement Newsletter_. -- See also Noda, A. Three-bucket framework for engineering metrics. _DX Blog_.
. Forsgren, N., Humble, J., & Kim, G. (2018). _Accelerate: The Science of Lean Software and DevOps_. IT Revolution Press. Based on multi-year surveys of 23,000+ professionals. See also DORA. (2024). DORA's software delivery performance metrics.
. Forsgren, N. (2023). Interview with Gergely Orosz. Developer productivity with Dr. Nicole Forsgren. _The Pragmatic Engineer_.
. Noda, A. (2023, February 7). DORA metrics don't measure productivity. _abinoda.com_.
. Stephens, R. (2024, November 26). DORA Report 2024 -- A look at throughput and stability. _RedMonk_.
. Stephens, R. (2025, December 18). DORA 2025: Measuring software delivery after AI. _RedMonk_. -- See also DORA. (2025). Accelerate State of DevOps Report 2025\.
. Finster, B. (2022, Spring). How to misuse & abuse DORA metrics. _DevOps Enterprise Journal_ (IT Revolution).
. Majors, C. (guest). Observability with Charity Majors. _The Bike Shed_ podcast #302, Thoughtbot.
. Google Cloud. (2024). Announcing the 2024 DORA report.
. Forsgren, N., Storey, M.-A., Maddila, C., Zimmermann, T., Houck, B., & Butler, J. (2021, February). The SPACE of developer productivity: There's more to it than you think. _ACM Queue_, 19(1), 20--48\. DOI: 10.1145/3454122.3454124\. -- Republished in _Communications of the ACM_, 64(6), 46--53, May/June 2021\.
. Noda, A., & Tacho, L. (2024, January 12). Applying the SPACE framework. _Engineering Enablement Newsletter_.
. Reinhard, L. (2023, November 17). What engineering metrics should I use? A guide for engineering managers, directors, and VPs. _lenareinhard.com_. -- Reinhard has led engineering at CircleCI and Travis CI.
. Noda, A., Storey, M.-A., Forsgren, N., & Greiler, M. (2023). DevEx: What actually drives productivity. _ACM Queue_, 21(2).
. Jeffries, R. (2019, May 23). Story points revisited. _ronjeffries.com_. -- Co-creator Chet Hendrickson quoted via Agile Pain Relief Consulting.
. Fowler, M. (2004, September 6). Standard story points. _martinfowler.com/bliki_.
. Fowler, M. (2013, May 17). Xp velocity. _martinfowler.com/bliki_.
. Dijkstra, E. W. (1988). On the cruelty of really teaching computing science (EWD 1036). University of Texas at Austin.
. Beck, K., & Orosz, G. (2023, August 31). Measuring developer productivity? A response to McKinsey. _The Pragmatic Engineer / Software Design: Tidy First?_
. North, D. (2023, October 4). McKinsey developer productivity review. _dannorth.net_.
. Subar, D. (2021, May 6; updated 2023, April 14). Metrics for CTO success. _Interna_.
. Cagan, M. (2020, February 24). Team objectives -- overview. _Silicon Valley Product Group_.
. Saraceno, A. (2025, October 2). Why most product planning is bad and what to do about it. _Railway Blog_.
. Bailey, D. (2019, April 22; updated 2024, April 9). How to implement OKRs in an early-stage company. _dave-bailey.com_.
. Mehta, R. (2024, October 22). An alternative to OKRs: How to set and achieve ambitious goals. _ravi-mehta.com_. -- Mehta is former CPO of Tinder and former product leader at Facebook and Tripadvisor.
. Kniberg, H. (2016, June 8). Spotify rhythm -- how we get aligned. _Crisp Blog_.
. Larson, W. (2023). Measuring an engineering organization. In _The Engineering Executive's Primer_. O'Reilly Media.
. Forsgren, N. (2017, May). DevOps and the key to high performance \\\[Interview\]. _InfoQ_.
. Majors, C. (2024). Interview. How to fix your fear of deployments. _Aviator HangarDX Podcast_.
. Majors, C. (2022). Charity Majors' recipe for high-performing teams. _The New Stack_.
. Larson, W. (\~2024). Unexpected anti-patterns for engineering leaders \\\[Interview\]. _First Round Review_.
## Part III: The Gap Nobody Talks About
Chapter 10: You're Not Being Fired for Your Code
====================
> Most companies don't die because they are wrong; most die because they don't commit themselves. They fritter away their valuable resources while attempting to make a decision. The greatest danger is in standing still.
-- Andy Grove
Only the Paranoid Survive, 1996
Key Takeaways
* Seventy percent of CTOs who lose their jobs lose them for communication failures, not technical ones. The gap is not in what they know but in their ability to translate what they know into language the business can act on.
* The business-acumen gap is structural, not personal. The CEO gets hundreds of reps pitching investors, negotiating deals, and presenting to boards; the CTO gets almost none. Closing that gap requires deliberate practice, not osmosis.
* The five CTO failure modes -- hiding behind jargon, demanding trust without a business case, under-delivering without explanation, losing relevance, and dominating through technical authority -- all share a root cause: treating technical excellence as sufficient for executive survival.
* The CTO's most important contribution at the board level is predictability. Boards can absorb bad news; what they cannot absorb is surprises.
A CTO at a company of roughly 3,000 people had spent nine months trying to get his board to approve several million pounds of investment in a product redesign. Nine board meetings. Nine presentations. Nine versions of "no." He had the technical analysis. He had the risk assessment. He had the engineering plan. He had, by any reasonable measure, the right answer.
Adelina Chalmers, an executive advisor who has coached hundreds of engineering leaders over 13 years, reviewed his presentation and saw the problem within three minutes. The slides described embedded firmware, open-source software licensing, and architectural dependencies. The board was not evaluating a technical decision. They were evaluating a business risk -- and the presentation gave them no language for it.\\]
Chalmers helped the CTO reframe the proposal in three dimensions: risk to the business if the redesign did not happen, impact on sales if it did, and impact on customer retention and acquisition. At the next board meeting, the CTO received full approval for every pound he had requested. The board's response, as Chalmers recounted: "This is very different than everything you've told us in the last nine months."\\]
The CTO in that story was not incompetent. He was not arrogant. He was not failing technically. He had the right answer for nine months. What he did not have was the language to make the board see what he saw.
That gap -- between what the CTO knows and what the CTO can communicate -- is the single most common reason founding CTOs lose their jobs.
## The Evidence That Converges
The technology industry circulates a statistic: roughly half of all founding CTOs are replaced by Series B. The figure sounds precise. It is not. The source traces to an unsourced practitioner newsletter.\\] A related claim -- that 70% of venture capitalists have replaced a founding CTO at least once -- cites a publication that does not appear to exist.\\]
No rigorous, methodologically transparent study measures founding CTO replacement rates by funding stage. This is a gap in the literature, not a gap in reality. What exists instead is something more revealing: a convergence of independent sources -- practitioners, academics, and investors who have never cited each other -- arriving at the same conclusion about why CTOs fail.
The closest empirical analogue comes from Noam Wasserman, a Harvard Business School professor who studied more than 3,600 startups and roughly 10,000 founders. His finding: 52% of founder-CEOs are no longer in the CEO role by the company's third financing round. Of those replacements, roughly 80% are involuntary -- the board made the decision, not the founder.\\] Wasserman's research covers CEOs specifically, not CTOs, but the mechanism he identifies applies with particular force to technical co-founders: the skills that build the product are not the skills that communicate its value. The paradox is that success accelerates the problem. Completing product development shifts the company's needs from building to scaling, and each funding round brings new board members who evaluate the founder's capacity to operate at the next stage -- not the current one.
Thomas Hellmann and Manju Puri, studying 173 Silicon Valley startups, reached a complementary conclusion: venture capitalists drive a "professionalization" process that systematically replaces founders with professional managers. The replacement is not driven by failure. It is driven by the structural fact that scaling requires organisational management and communication skills that founding does not develop.\\] Michael Ewens and Matt Marx, in the first study to establish a causal (rather than merely correlational) relationship between founder replacement and startup performance, analysed 11,929 VC-backed firms and found that replacing founders actually improves company outcomes -- particularly when the replaced founder is a C-level executive who leaves entirely.\\]
Practitioners who advise CTOs directly confirm the pattern. AKF Partners, a technology advisory firm that has worked with approximately 500 companies over 17 years, names the specific failure mode. In their analysis of CTO terminations, they identify business acumen as "by far the most common reason for failure for chief technologists raised through the technical ranks." The pattern: the CTO's peers complain that they do not trust the executive, citing a "failure to present opportunities, fixes, and projects in 'business terms.'" AKF estimates that nearly 50% of senior technology executives are at-risk with their C-suite peers at any given time.\\] Their 2024 analysis adds data on tenure: CTO tenures average three to 5.5 years in the United States, with the most frequent termination reason being "a failure to build trust with the remainder of the executive team."\\] Heidrick & Struggles' 2024 global survey of 364 digital and technology officers -- a category that includes CTOs, CIOs, and CDOs -- found that 45% have been in their current role for five or more years, but the turnover pressure is real: CTO Craft's 2025 survey found 41% of engineering leaders are currently considering leaving their roles.\\]
Chalmers, working independently from a coaching practice focused on engineering leaders, identifies the same pattern from a different angle: "After talking to so many of them and their investors, I realised that there was a business acumen gap between the CTO and the board. This gap became more and more obvious as the company grew."\\] She catalogues three specific displacement patterns: the board asks the CTO to change their title to Chief Scientific Officer or Chief Architect so they can hire "a commercial CTO who'd be seen in a favourable light" by later-stage investors; the board asks the CTO to split their role into two, with a new hire handling the external-facing responsibilities; or the board asks the CTO to become "a technology advisor to the new commercial CTO."\\] Each pattern preserves the CTO's employment while removing their authority -- a slower death than termination but the same underlying cause.
Evan Cooke, co-founder and CTO of Twilio, a cloud communications platform, through its 2016 IPO, identified the same dynamic from inside the role. Speaking at First Round Capital's CTO Summit, he named under-communicating critical technical challenges to the non-technical parts of the business as the first of five CTO failure modes: "They unintentionally leave people in the dark."\\]
Etienne de Bruin, founder of 7CTOs, a peer coaching organisation for technology executives, arrived at the conclusion through personal experience. He was fired in 2018\. "I lost my job," he wrote, "because I confused being right with being understood. They're not the same thing."\\]
Stephan Schmidt, who has coached more than 80 CTOs across three decades in software development, frames it as a structural requirement: "The CTO needs to be the bridge between business and technology, with one foot in business and the other foot in technology. Only the CTO can be that bridge."\\]
These are six independent sources -- an advisory firm, a CTO coach, a public-company co-founder, a peer network founder, another CTO coach, and an academic researcher -- spanning hundreds of years of combined experience across thousands of companies, none referencing each other, all converging on the same diagnosis. The founding CTO's greatest risk is not a technical failure. It is a translation failure.
| | AUTHOR: A moment from your own experience belongs here -- a board meeting where a technical initiative was misunderstood, a conversation with an investor where the wrong language was used, or an observation about how CorralData's board dynamics have required translation skills you did not initially have. Even a brief anecdote establishes that the author is inside this problem, not above it. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Five Ways CTOs Lose the Room
The business acumen gap is abstract. Its symptoms are specific. Five failure modes appear across the practitioner literature with striking consistency.
**Jargon as a shield.** The CTO presents technical work in technical language -- embedded firmware, microservices, refactoring sprints -- and the board hears noise. In Chalmers' nine-month case study, the board was alarmed by the mention of open-source software -- not because they opposed it, but because the CTO had never translated the licensing model into an intellectual property risk assessment. They heard "open source" and thought "who owns this?"\\] Schmidt provides the clearest before-and-after of this failure: "'\`We need to refactor the authentication module' means nothing to the CEO. 'We're spending 30% of engineering time working around problems in our login system, and it's caused two outages this quarter' -- that they understand.\`"\\] Jargon is not intentional exclusion. It is the CTO's native language. The problem is that nobody told them to learn a second one.
**"Trust me" without a business case.** The CTO asks for investment -- headcount, infrastructure, time -- and when pressed for justification, retreats to authority: you have to trust the technical team. Chalmers names this explicitly: CTOs who insist the board trust them "without ever making a business case."\\] AKF Partners reports the board-side version of this complaint: the CTO "overly focuses on what is 'cool' rather than the things that create significant business and stakeholder value." The executive peers' formulation is blunter: "We don't get why there are so many people working on things that don't drive revenue."\\]
**Under-delivery without explanation.** Projects slip. Deadlines pass. The CTO does not explain why, does not warn in advance, and does not present a mitigation plan. Chalmers: "chronically under-delivering with no explanation, warning or proactive plans to mitigate the risk of not delivering."\\] This pattern erodes trust faster than the technical failure itself. A board can absorb a missed deadline. What a board cannot absorb is being surprised by one. The CTO who flags a risk three months before it materialises has built trust. The CTO who announces a delay the day before launch has destroyed it.
**Losing relevance as the company scales.** Cooke observed this at Twilio: "Board meetings that used to involve hours of product and engineering discussions instead start to focus on sales and marketing or strategy."\\] The CTO who experiences this shift will instinctively interpret it as marginalisation -- the board is pushing engineering aside. The reality, Cooke argues, is that the company's problems have changed. The board's attention follows the least predictable function. If sales is the constraint on growth, the board will focus on sales. The CTO who fights for airtime instead of understanding what the new priorities need from engineering has misread the room.
**The Alpha Geek pattern.** The CTO hoards the most interesting technical work, allocates themselves the hardest problems, and treats engineering excellence as the primary measure of their value. Chalmers describes CTOs who "saw themselves as the Alpha Geek in the room who has all the answers, but not as a leader who guides people to find the answers considering the business case."\\] This is the terminal failure mode -- the CTO retreating to the identity that feels safe (coding, architecture, technical depth) as the role demands something they have not learned (communication, delegation, strategic alignment). It connects directly to the stage-evolution model from [Chapter 1](1-four-stages-cto-evolution.html): the Coder-stage CTO's greatest strength becomes the Manager-stage CTO's greatest liability.
These five patterns are not separate problems. They are five symptoms of one condition: the CTO is operating as a technologist in a room that requires a business executive. And they are progressive. Jargon and "trust me" arrive first -- they are the communication habits of someone who has never needed to justify technical decisions to non-technical people. Under-delivery without explanation follows -- it is what happens when the CTO has not built the communication rhythm that makes engineering predictable to the business. Losing relevance is what happens when the CTO does not understand why the company's problems have changed. The Alpha Geek pattern is the terminal stage: the CTO retreating to the identity that built the company because the identity the company now requires feels like a demotion.
The progression matters because it means the gap is visible long before it becomes fatal. A CTO who catches themselves using jargon in a board presentation is seeing an early warning. A CTO who notices that the CEO no longer asks for engineering updates is seeing a later one.
Fred Wilson, a venture capitalist at Union Square Ventures who has been involved with more than 150 startups, provides the reframe that makes these patterns bearable. The founding CTO who cannot scale with the company is not a bad hire. They are a successful one. "You are firing someone for doing their job too well," Wilson writes. "They killed it and in the process got your company off to a great start and growing to a scale that they themselves aren't a great fit for."\\] He identifies the most common founder error as excessive loyalty: sticking too long with a founding team member whose skills no longer match the company's stage, because the personal relationship makes the conversation impossible.
Ben Horowitz, co-founder of Andreessen Horowitz, offers a diagnostic for the board member's perspective: "If you have somebody who's really doing the job, they're teaching you about how the function should expand. If you're giving them more ideas than you're getting out, then that's probably not going to work."\\] That test -- whether the CTO is teaching the CEO about engineering's needs or whether the CEO is telling the CTO what engineering should do -- is the clearest signal of which side of the gap the CTO is on.
| | AUTHOR: Has the author recognised any of these patterns in themselves at CorralData -- even briefly? One or two sentences of honest self-recognition would be the most powerful passage in this section. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Why the Gap Is Structural, Not Personal
Telling a CTO to "learn business" is like telling someone to "be taller." It identifies the deficit without addressing the cause. Three structural forces create the business acumen gap in founding CTOs. Understanding them is the first step toward closing it.
**The CEO gets the reps. The CTO does not.** Jerry Colonna's Reboot.io, which runs co-founder coaching programmes, identifies the single most important structural explanation. The CEO role forces board communication practice. The CTO role does not. In their framing: "The built-in requirements of the CEO position forces a growth that may not come otherwise: she has to pitch, do board meetings, etc. There are these things she must learn. Scaling is not optional. The non-CEO founder, who may or may not go on the pitch meetings for raises, may be there for board meetings but not put the deck together, is responsible for certain things but not the company as a whole in the same way the CEO is."\\]
By the time a startup reaches Series B, the CEO has delivered dozens of investor pitches, run quarterly board meetings for two or three years, and negotiated term sheets with sophisticated financial operators. The CTO may have attended some of those meetings, but they did not lead them. They did not build the slides. They did not field the hard questions about unit economics and runway. The CEO's board communication skill was forged through thousands of hours of mandatory practice. The CTO's was not -- because the role never demanded it. The gap is not about talent or intelligence. It is about repetition. And unlike a technical skill, where the CTO can practise on their own time, board communication requires a counterparty: an actual board, with actual power, asking actual questions. The CTO who does not seek out that practice deliberately will not get it by accident.
**Success triggers the replacement.** Wasserman's research reveals a paradox that most founding CTOs find counterintuitive: founders are replaced not primarily because they fail but because they succeed. Product development completion shifts the company's needs from building to scaling. Each funding round brings new board members who evaluate the founder's capacity to operate at the next stage, not the current one.\\] The CTO who built the product that attracted Series A investors will be evaluated by Series B investors on whether they can manage 50 engineers and present a technology strategy to a board -- skills that writing the first version of the product did not develop and may have actively worked against. The intense focus, the bias toward building over communicating, the impatience with process -- these are virtues at the founding stage. They become liabilities at the scaling stage. Hellmann and Puri frame the dynamic as a "professionalization" imperative: VCs do not replace founders out of malice. They replace them because the organisational requirements have changed and the founder has not changed with them.\\]
**The technical identity resists the executive identity.** The CTO was hired to build. Their professional identity, their sense of value, their credibility with the engineering team -- all of it is rooted in technical depth, problem-solving, and the ability to write code that works. The executive role requires something different: breadth over depth, communication over construction, delegation over execution. Mark Suster, a VC at Upfront Ventures, states it plainly: "The best technologists often aren't amazing people managers. Sometimes they are introverts."\\] Camille Fournier, former CTO of Rent the Runway, frames the identity requirement that most founding CTOs have never heard stated explicitly: "The CTO is an executive first, a technologist second."\\] Most founding CTOs have the order reversed. Nobody told them to flip it, and the role -- unlike the CEO's -- does not force the flip.
The Alpha Geek pattern from the previous section is the defensive response to this identity threat. When the role demands communication and the CTO's identity is built on coding, the CTO retreats to code. It feels productive. It feels like the work they were hired to do. But it is the wrong work -- and the deeper the retreat, the wider the gap grows. Peter Levine, a general partner at Andreessen Horowitz, describes the preferred outcome of what he calls the "founder re-org": the technical co-founder moves to an individual contributor role -- CTO, architect, evangelist -- while someone with management experience takes over the scaling work.\\] But this outcome requires the CTO to accept that their highest-impact contribution has changed. That acceptance is not a management skill. It is an act of self-awareness -- and it is the same skill that separates the CTOs who survive from the CTOs who are replaced.
| | AUTHOR: The author's own reflection on this structural gap would ground the argument. Did the CEO at CorralData develop board communication skills faster? Is there a moment where the author recognised the exposure differential and decided to compensate for it deliberately? |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Board Meeting Translator
The gap is structural. The remedy is practical. No comprehensive framework for translating technical work into board-ready language exists in the current literature -- a gap this section fills by synthesising the advice of practitioners who have each solved a piece of the problem.
**Reframe every initiative as a business investment.** The CTO who says "we need to refactor our authentication system" is making a technical request. The CTO who says "we're spending 30% of engineering capacity working around a system that has caused two customer-facing outages this quarter -- resolving it frees that capacity for the feature pipeline and eliminates a reliability risk that is costing us renewals" is making a business case. The content is identical. The language is not.
Chalmers' method is to translate every technical proposal through three lenses: what is the risk to the business if we do not do this? What is the impact on revenue if we do? What is the impact on customer retention and acquisition?\\] Apply these three questions to the nine-month board presentation and the answer is obvious -- the CTO had the analysis for all three, but he presented the technical rationale instead. Chalmers also recommends a diagnostic question that every CTO should ask their non-technical executive peers: "What metric are you measuring that engineering can help you improve?"\\] This single question shifts the CTO's relationship with every other department from "what do you need us to build?" to "what business outcome can we improve together?"
**Speak in outcomes, not outputs.** Engineering-native metrics -- velocity, code coverage, sprint completion rates -- have no meaning outside engineering. David Subar, a technology leadership consultant, states it directly: "Velocity is completely the wrong thing to discuss with CEOs."\\] The board does not care how many story points the team completed. The board cares about three things: where is engineering capacity going, is the investment producing business results, and what are the risks. Will Larson, in _The Engineering Executive's Primer_, provides the conceptual frame: the CEO "manages through inspection" -- they want the CTO to measure something, set a goal, and share progress against that goal. Execution against goals is a proxy for engineering leadership quality.\\]
The translation is concrete. "We completed 47 story points this sprint" becomes "the feature pipeline is on track -- the three features committed for this quarter are at 70%, 50%, and 30% completion respectively." "We reduced our CI pipeline time by 60%" becomes "engineers can now ship a fix to production in 18 minutes instead of 45, which means customer-reported issues are resolved the same day instead of the next." "We paid down technical debt in the authentication module" becomes "we eliminated the system that was causing two outages per quarter and consuming 30% of backend engineering time." The information is the same. The frame is different. And the frame determines whether the board sees an engineering team doing engineering or an engineering team producing business value.
The CTO who presents DORA metrics to a board that has never heard of DORA has confused the measurement with the message. The metrics work from [Chapter 9](9-measuring-engineering-metrics.html) is the raw material. The translation is the skill this chapter teaches.
**Build predictability.** Cooke's framework, developed during his time as CTO of Twilio, provides the connecting logic between engineering work and business confidence. "As you build a company," he writes, "you're essentially generating predictability where it didn't exist."\\] He constructs a chain: predictable growth requires predictable revenue, which requires predictable sales, which requires predictable customer acquisition, which requires a predictable product delivered predictably -- which requires predictable hiring and retention. The CTO's job in the boardroom is to demonstrate that engineering is a source of predictability, not a source of surprises. The velocity infrastructure from [Chapter 6](6-shipping-software.html), the metrics from [Chapter 9](9-measuring-engineering-metrics.html) -- these are not just engineering tools. They are the evidence of predictability. When the CTO presents them as such, the board sees an executive who understands how their function connects to the business.
Cooke's insight extends further, and it resolves one of the most common emotional injuries CTOs experience during scaling. He observed at Twilio that when board focus shifted from product to sales, the engineering-first CTO felt marginalised. But the shift followed a logic: the board's attention goes to the least predictable function. If engineering has become predictable -- if the CTO has built the infrastructure, the metrics, and the communication rhythm that make it so -- the board's attention will move to wherever predictability has not yet been established. That is not marginalisation. It is success. The CTO who understands this reframes the loss of board airtime from a threat to a signal that their work is landing. The CTO who does not understand it fights for relevance in a room that has already granted it.
**Over-communicate bad news.** Brad Feld, a venture capitalist and co-author of _Startup Boards_, states the principle: "There should never be any new information shared during a board meeting and you should never be selling to your board."\\] The CTO who presents a surprise problem in a board meeting has already lost the room -- not because the problem is unsolvable, but because the surprise signals that the CTO either did not see the risk coming or did not trust the board enough to share it. Both interpretations erode confidence.
The inverse is equally powerful. The CTO who flagged a risk in an email two months ago, shared a mitigation plan one month ago, and is now presenting the outcome -- whether it resolved or escalated -- has built the most durable form of board trust: reliability. The content of the update matters less than the pattern. A board that knows the CTO will surface problems early can absorb bad news. A board that suspects the CTO is hiding problems cannot absorb any news at all -- because every positive report becomes suspect.
This is the inverse of failure mode three. Chalmers' "chronically under-delivering with no explanation" is what happens when the CTO does not follow Feld's principle. The remedy is not better project management. It is a communication habit: flag early, update regularly, present mitigation alongside the problem.
| | AUTHOR: A specific example of translating a CorralData initiative -- ideally a before/after -- belongs here. "Here is how I would have presented our AI copilot migration as a technical project. Here is how I presented it as a business investment." This is the section where the working-CTO authority is most directly at stake. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## When You Have a Board Seat
Many co-founding CTOs begin with a board seat and lose it. Understanding both sides of that transition -- what the seat gives you, and what losing it means -- is essential to navigating the board relationship described in this chapter.
At founding, the standard board is three people: two common-stock directors (the founders) and one preferred-stock director (the seed investor). José Ancer, a startup attorney, advises that "founders should start with the assumption that no one will join their Board of Directors until a Series A happens."\\] In the three-person configuration, the CTO has formal governance power -- a vote on officer compensation, strategic direction, and fundraising. At Series A, the board typically expands to five: two common (founders), two preferred (investors), and one independent. At Series B and beyond, investors often gain board control. The CTO's seat is the one most frequently lost in this expansion -- one co-founder seat is traded for additional investor or independent representation. Paul Graham's observation is characteristically direct: "In either case the founders lose their majority."\\]
The dual role -- officer and director simultaneously -- creates tensions that most CTOs do not anticipate. Morrison & Foerster's ScaleUp guide identifies the core problem: "You're an entrepreneur, you form your first company, and suddenly you carry the title of founder, director, officer, and/or employee all at once. When running your business, it may feel like all of your roles blur together."\\] They should not. As a director, the CTO owes fiduciary duties to the corporation and all its shareholders: the duty of care (acting with the diligence of a reasonable person), the duty of loyalty (no self-dealing), and the duty of good faith. These duties cannot be disclaimed by agreement. A CTO voting on their own compensation is a textbook conflict of interest; recusal is the appropriate response, not abstention.
The practical consequence: when the CTO sits on the board, the CEO-CTO relationship changes. There is formal equality in governance -- each has one vote -- even when the practical power dynamic is asymmetric. The CTO who confuses board-level equality with operational authority will find the misalignment corrects itself painfully. The board governs; the CEO operates. The CTO-director who attempts to use their board vote to override operational decisions they disagree with is misusing the role. Fred Wilson, co-founder of Union Square Ventures, states his preference bluntly: "I prefer only one employee, the CEO, to be on the board." On removing a co-founder from the board: "Asking a founder to get off a few years in is no party either. I've been through this so many times. I would prefer to have the other founders attend the meetings but not be on the board. Then it is easier to move away over time easily."\\]
When the seat is lost -- and it usually is, at Series A or B -- the CTO should negotiate board observer rights as compensation. An observer attends meetings, receives all board materials, and can participate in discussions, but does not vote and does not carry fiduciary duties. Mark Suster of Upfront Ventures estimates that 20--30% of corporate boards include observers, with the percentage higher at venture-backed companies.\\] The observer role preserves information access -- the CTO continues to see the financial data, the investor communications, and the strategic discussions -- without the governance complications of a dual role. The CTO who loses their board seat and receives nothing in return has lost more than a vote. They have lost visibility into the conversations that determine the company's future.
The legal asymmetry that makes all of this consequential: under Delaware law, officers can be removed by a board vote, with or without cause. Directors can only be removed by a shareholder vote.\\] This means a CTO who is both officer and director could theoretically be fired from the CTO role by fellow board members while retaining their board seat -- since director removal requires a separate action by shareholders. In practice, the position becomes untenable. But the legal distinction matters for severance negotiations and for understanding the sequence of events if the relationship deteriorates.
The CTO who sits on the board should remember: the seat is a governance responsibility, not a personal entitlement. The CTO who loses the board seat should remember: the seat was always temporary. What persists is the influence -- the ability to shape the company's technical direction through the quality of the argument, not the weight of the vote.
| | AUTHOR: Your board experience at CorralData -- do you have a board seat? If so, how does the dual role feel in practice? If you have lost a board seat in a previous role, or seen a co-founder lose one, the reader needs to understand the emotional and practical reality. The transition from voting member to observer (or to nothing) is one of the least discussed and most common CTO experiences. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Leaving on Your Own Terms
The chapter has spent four sections naming a problem and a remedy. This section addresses the question the reader has been silently asking: what if it is too late -- or what if the remedy succeeds, and the CTO faces a different question altogether?
William Hockey co-founded Plaid, a financial data infrastructure company, in 2012 during his senior year at Emory University. He served as CTO while the company grew to a $2.65 billion valuation and roughly 300 employees. In June 2019, he published a public essay titled "Transitions" -- a word that founding CTOs rarely use voluntarily.\\]
Hockey had planned his departure over approximately two years. His method was deliberate: he gradually removed himself from day-to-day projects, tested whether teams could operate without him, and stepped in only when the test revealed gaps that needed closing. He described it to the Plaid team in an internal letter: "Over the past couple of years I have known that there would come a point at which I would choose to move to a purely strategic and advisorial role. And during the past year, I have started to work towards this goal."\\] His benchmark for knowing the transition was ready: "If I've done my job well, the following weeks, months, and quarters shouldn't feel any different for anyone."\\]
The essay itself was an argument for normalising what the industry treats as a taboo: "In tech, it has historically been taboo to talk about founders or executives transitioning to different roles inside companies. Leadership transitions need to become a bedrock of any company that desires to endure across decades."\\] Hockey's statement was not a resignation letter. It was a precedent -- a public declaration that a founding CTO choosing to leave is not a failure but a leadership act. He framed the founder's job in terms that echo this chapter's argument: "As a founder, I believe it is my job to empower everyone who works at the company -- sometimes this means holding multiple roles throughout the lifecycle of one's company."\\] He subsequently founded Column, a nationally chartered bank that powers fintech infrastructure. By early 2026, Column had reached roughly $200 million in revenue with 110 employees and no outside funding.\\]
Renaud Visage offers the other model. He co-founded Eventbrite, an event ticketing platform, in 2006 and served as CTO for 15 years -- surviving every growth stage from founding through IPO and beyond. His method was not to cling to the CTO role as conventionally defined. It was to continuously reinvent it. Every six months to a year, he identified "whatever was the biggest hurdle to our growth that I could solve with a small team" and moved himself there.\\] He did not protect a title. He did not hoard management authority. He prioritised impact over position. His advice to other founding CTOs: "Find your value inside a growing organization. It's more important to be fulfilled and work on things you really enjoy rather than keeping a title for posterity's sake and being miserable every day."\\]
Hockey and Visage represent two valid outcomes: leaving on your own terms, and staying on your own terms. Both require the same underlying skill -- self-awareness about where you add the most value, and honesty about when that answer changes. Brockman's arc, traced in [Chapter 1](1-four-stages-cto-evolution.html), is the same pattern at a different scale: he recognised that management was not where he had the most impact, and he returned to engineering. The form of the choice varies. The skill behind it does not.
| | AUTHOR: The author's own reflection belongs here -- not a confession, but an honest acknowledgment that the question applies personally. What keeps you at CorralData? What signals do you watch for? How do you think about the possibility that the role may outgrow you -- or you may outgrow it? |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
The business acumen gap does not close when the CTO survives a board meeting. It closes when every decision the CTO makes -- about architecture, about hiring, about where to invest the team's time -- is informed by both technical judgment and business fluency. The velocity infrastructure from [Chapter 6](6-shipping-software.html) is a business acumen investment. The metrics language from [Chapter 9](9-measuring-engineering-metrics.html) is a business acumen investment. The scope discipline from [Chapter 6](6-shipping-software.html), the non-negotiables from [Chapter 7](7-rushing-vs-speed.html), the stage-awareness from [Chapter 1](1-four-stages-cto-evolution.html) -- all of these were foreshadowing a single skill: the ability to translate between what the engineering team builds and what the business needs to hear.
The CTO who masters that translation has solved the survival problem. The next problem is leverage: you cannot build the team the company needs if you cannot articulate what that team should be -- in language the business understands -- and defend those decisions against the pressure to hire fast, hire cheap, and fill seats.
## Frequently Asked Questions
1. _Why do CTOs get fired?_
Roughly 70 percent of CTO departures are driven by communication failures rather than technical ones. Founding CTOs get replaced because they speak in jargon to the board, fail to translate technology decisions into business outcomes, alienate non-technical colleagues, say no without offering alternatives, and under-deliver without explanation or mitigation plans. Technical competence is necessary but insufficient -- the CTOs who survive are those who learn to communicate in the language of the business.
2. _What is the business acumen gap for CTOs?_
The business acumen gap is the distance between a CTO's deep technical expertise and their ability to speak the language of business -- finance, sales, marketing, and board governance. Most CTOs were promoted for engineering excellence, but the role increasingly demands fluency in revenue models, unit economics, competitive positioning, and investor relations. Closing this gap is the single highest-leverage investment a CTO can make in their career longevity.
3. _How should a CTO present to the board of directors?_
Lead with business outcomes, not technical details. Use plain language -- no jargon, no acronyms without explanation. Keep it to five slides or fewer. Frame technology investments as business investments with expected returns. Present risks with mitigation plans rather than just problems. Anticipate questions about cost, timeline, and competitive advantage. Practise with your CEO beforehand to align on messaging. The board cares about what technology enables for the business, not how it works.
4. _What communication skills does a CTO need?_
A CTO needs four core communication competencies -- translating technical concepts into business language, presenting confidently to boards and investors, negotiating with stakeholders who have competing priorities, and writing clearly for audiences ranging from engineers to executives. The most underrated skill is listening -- understanding what the CMO, CFO, or CEO actually needs before proposing a technical solution. Communication is the CTO's primary tool for organisational influence.
5. _How do you translate technical concepts for business stakeholders?_
Replace jargon with outcomes and use analogies from finance and operations, which business stakeholders already understand. Instead of explaining a database migration, explain that the current system costs a certain amount per month in engineering time and the new one will reduce that by half. Frame technical debt as borrowed speed with interest payments. Frame infrastructure investment as insurance. Always start with the business impact and work backward to the technical detail only if asked.
## References
. Chalmers, A. (2024, February 25). E5: Decoding tech leadership with Adelina Chalmers \\\[Podcast interview\]. _Tech Exec Talks_, hosted by K. Maingi. -- Full transcript retrieved. Case study and coaching methodology described firsthand.
. Watson, M. (2025, July 24). What kind of CTO are you becoming? _Product Driven Newsletter_. -- No citation given for the replacement rate claim.
. Sundarakalatharan, R. (2024, August 30). Key reasons founding CTOs move sideways in tech startups. _Nocturnalknight's Lair_. -- Attributed to "Startup Leadership Journal," a publication that could not be independently located.
. Wasserman, N. (2003). Founder-CEO succession and the paradox of entrepreneurial success. _Organization Science_, 14(2), 149--172\. See also Wasserman, N. (2008, February). The founder's dilemma. _Harvard Business Review_; Wasserman, N. (2012). _The Founder's Dilemmas_. Princeton University Press. The 52% figure comes from the broader dataset (\~3,600 startups, \~10,000 founders); the 80% involuntary rate from the 2008 HBR article.
. Hellmann, T., & Puri, M. (2002). Venture capital and the professionalization of start-up firms: Empirical evidence. _Journal of Finance_, 57(1), 169--197\. Based on 173 Silicon Valley startups.
. Ewens, M., & Marx, M. (2018). Founder replacement and startup performance. _Review of Financial Studies_, 31(4), 1532--1565\. Based on 11,929 VC-backed firms. First study to establish a causal (not merely correlational) relationship between founder replacement and performance improvement.
. Abbott, M. (2018, May 2). Why CTOs fail and what CEOs and CTOs can do about it. _AKF Partners Growth Blog_.
. Abbott, M. (2024, October 29). Attributes of a highly successful CTO. _AKF Partners Growth Blog_.
. Heidrick & Struggles. (2024). _Global digital & technology officers report_. n=364 digital and technology officers surveyed globally. CTO Craft. (2025). Engineering leadership survey.
. Chalmers, A. (2024, July 3). Most founding CTOs are fired or moved sideways within 3--5 years. Here's why! _Medium_.
. Chalmers, A. (2024, December 10; earlier version May 20, 2023). Am I being dethroned as CTO? _Medium_.
. Cooke, E. (\~2015). This is how effective CTOs embrace change. _First Round Review_. -- Based on Cooke's talk at First Round Capital's CTO Summit. Cooke was co-founder and CTO of Twilio (2008--2016 IPO) and holds a Ph.D. in computer science from the University of Michigan.
. De Bruin, E. (2025, December 10). The CTO's translation failure. _The CTO Substack_.
. Schmidt, S. (2022, December 24). CTO vs CEO -- how cooperation can work. _AmazingCTO_.
. Schmidt, S. (n.d.). Drowning in technical debt? How CTOs dig out without a rewrite. _AmazingCTO_.
. Chalmers, A. (2024, April 15). A CTO with 5--10 years experience is not necessarily an experienced CTO. _Medium_.
. Wilson, F. (2013, August 12). MBA Mondays: Turning your team. _AVC_. -- Wilson is co-founder of Union Square Ventures.
. Horowitz, B. (2023). Podcast interview with Ali Ghodsi \\\[Databricks CEO\]. Horowitz is co-founder of Andreessen Horowitz.
. Reboot.io. (n.d.). Co-founder Reboot Days \\\[Course content\]. -- Reboot was founded by Jerry Colonna, former VC at Flatiron Partners and board member of 100+ organisations.
. Suster, M. (n.d.). Want to know the difference between a CTO and a VP Engineering? _Both Sides of the Table_. -- Suster is a general partner at Upfront Ventures.
. Fournier, C. (2015, February). On the role of CTO. _camilletalk.com_. -- Fournier is author of _The Manager's Path_ (2017) and former CTO of Rent the Runway.
. Levine, P. (n.d.). What now? Founder re-org. _a16z_. -- Levine is a general partner at Andreessen Horowitz and former CEO of XenSource. Case study taught at Stanford GSB.
. Chalmers, A. (2024, October 9). 5 engineering metrics that can help the CTO build a business case for engineering spend. _Medium_.
. Subar, D. (2021, May 5; updated 2023, April 14). Metrics for CTO success. _Interna Blog_.
. Larson, W. (2024). _The Engineering Executive's Primer_. O'Reilly Media. See also Larson, W. (2023, January 2). Measuring an engineering organization. _Irrational Exuberance_.
. Feld, B., Blumberg, M., & Ramsinghani, M. (2022). _Startup Boards: A Field Guide to Building and Leading an Effective Board of Directors_ (2nd ed.). Wiley. Recommended by Cooke in his First Round Review article.
. Ancer, J. (2017, May 17). Pre-Series A startup boards. _Silicon Hills Lawyer_. -- See also Iskold, A. Understanding startup board control. _Startup Hacks VC_.
. Graham, P. (2010, December). Fundraising survival guide. _paulgraham.com_. -- "In either case the founders lose their majority."
. Morrison & Foerster. (2023, June 28). What fiduciary duties do I have as a director of a Delaware corporation? _ScaleUp_. -- See also Harvard Law School Forum on Corporate Governance (2020, March 10):
. Wilson, F. (2014, December). The perfect board. _AVC_. -- See also Feld, B. (2016, December). Board seat for sale. _feld.com_.
. Suster, M. (2019, February 25). Why you may not want observers on your board. _Inc._ -- See also Doida Crow Legal on observer rights structure:
. Delaware General Corporation Law §142 (officer removal by board) and §141(k) (director removal by shareholder vote). See also Shockwave Innovations on co-founder seat loss:
. Hockey, W. (2019, June 18). Transitions. _Medium_. -- Full text retrieved. Includes Hockey's internal letter to Plaid employees.
. Konrad, A. (2026, February 25). Profile: Meet Column, the most important fintech startup you've never heard of. _Upstarts Media_.
. Schlottke, T. (2023, January 12). Evolving as a founding CTO. _HackerNoon_. -- Includes Visage quotes from alphalist CTO podcast episode #67\.
Chapter 11: Building the Team
====================
> If you want to build a ship, don't drum up people to collect wood and don't assign them tasks and work, but rather teach them to long for the endless immensity of the sea.
-- Antoine de Saint-Exupéry
Citadelle, 1948 (paraphrased)
Key Takeaways
* Culture is not what you write on the wall; it is the behaviour you tolerate, the people you promote, and the compromises you make when hiring is slow and the backlog is long.
* Conway's Law is not a suggestion; it is a force of nature. Your system architecture will converge toward your org chart whether you plan for it or not, so you had better design the org chart with that in mind.
* Generative culture -- where information flows freely, failure triggers inquiry rather than blame, and novelty is welcomed -- is not just nicer to work in. It is measurably correlated with higher software delivery performance and lower burnout.
* The Spotify squad model is a cautionary tale, not a template. Even Spotify struggled to make it work.
* Hiring is slower, harder, and more exhausting than any first-time CTO expects. The sooner you accept that it will consume a third of your time and still feel insufficient, the sooner you can build a process that survives your impatience.
David Mack, co-founder and CTO of SketchDeck, a Y Combinator-backed startup, wrote a retrospective after several years in the role that captures something most CTO guides skip entirely. "No matter how many times I've read about how a company's most important asset are the people, it never prepared me for how exhausting and excruciating hiring is. To anyone new to hiring: you probably need to spend more time hiring and reject more people. You probably need to filter more stringently. I never could have guessed how rare the perfect startup team member is, nor how much time and effort would be needed to find them."\\]
The exhaustion is not incidental. It is the job. The startup CTO who spends 20% of their time on hiring -- Patrick McKenzie's recommended minimum for founders -- is doing the single most consequential activity available to them.\\] The code the CTO writes will be rewritten. The architecture they design will be refactored. But the people they hire will hire the next people, who will hire the people after that. Patrick Collison, co-founder of Stripe, makes this explicit: "You aren't just hiring those first ten people, you are actually hiring a hundred people because you think each one of those people are going to bring along another ten people with them."\\]
This chapter is about how to hire those first ten people, how to organise them into a team that ships, and how to build the culture that sustains the team after the CTO is no longer the person writing most of the code. Chapter 10 argued that the CTO's biggest threat is a communication gap. This chapter applies that insight to the most consequential communication challenge: articulating what the team should be, who belongs on it, and how it should work -- in language that both engineers and the business can evaluate.
## Competing Without Brand, Salary, or Perks
The startup CTO is recruiting against companies that can offer twice the salary, a recognised name on the CV, and an infrastructure team that handles everything the engineer does not want to think about. The startup can offer none of this. What it can offer -- and what the research shows actually motivates the engineers worth hiring -- is something else entirely.
Michael Roach and Henry Sauermann, in a study published in _Management Science_ in 2023 that tracked more than 2,300 science and engineering PhDs over their early careers, found that high-ability graduates who join startups earn roughly 20% less than peers who join established firms. They join anyway. The motivators are autonomy, the opportunity to work on problems that matter, and the scope of impact: "For some high-ability tech workers, there's more significance to being employee number 20 than employee number 2,000."\\]
The CTO who leads with salary will lose every negotiation. The CTO who leads with the problem -- the specific, concrete, technically interesting problem the company is solving and the engineer's role in solving it -- is competing on the axis where the startup has an advantage. Collison describes Stripe's approach: the first five hires took almost two years because the bar was not just technical ability but alignment with the problem the company was trying to solve.\\] Joel Spolsky's hiring framework, first published in 2000 and still cited two decades later, reduces the evaluation to two questions: "Smart, and gets things done." Smart alone produces engineers who think but do not ship. Gets-things-done alone produces engineers who ship but accumulate debt. The intersection is rare -- which is why the hiring process is exhausting.\\]
The practical mechanics of early-stage hiring are unglamorous. There is no recruiter. The CTO is the recruiter. McKenzie's approach at MakeLeap in Tokyo is instructive: he started a Hacker News meetup, held 50 events, and eventually found five hires for a total cost of $300 -- compared to $25,000 per placement through a recruiting firm. Matasano Security created the Cryptopals cryptography challenges, which took two weeks to develop and surfaced candidates from unexpected backgrounds, including a chemistry teacher who solved the problems in Excel.\\] The common principle: build a channel that attracts people who are interested in the problem your company solves, and hire from the community that forms around it.
Eric Feng, former CTO of Flipboard, provides the funnel math that every startup CTO should internalise: to hire a single engineer, start with roughly 64 candidates at the top of the funnel.\\] At a company with no brand recognition, the funnel is even wider. The CTO who expects to post a job listing and receive qualified applicants is operating with a model that works for Google and fails for everyone else.
Gergely Orosz, surveying startup founders and former big-tech engineers for The Pragmatic Engineer, documents a specific hiring trap: the temptation to recruit from FAANG companies based on pedigree. One anonymous founder of a data startup describes the result: "Some of our hires from Google wanted to replicate all Google's processes and culture, and completely failed. One staff engineer was the worst hire I can remember." A former Google engineer who made the transition observes the gap from the other side: "Most FAANG engineers I've met do years of work without ever talking to a customer."\\] The startup CTO is not hiring for the ability to operate within Google's infrastructure. They are hiring for the ability to operate without it -- to build systems from scratch, to talk to customers, to make decisions with incomplete information, and to ship with a sense of urgency that most large-company environments actively discourage.
The cost of getting this wrong at the early stage is disproportionate. A bad hire on a six-person team represents 16% of the entire workforce. They do not just underperform -- they reshape the culture, consume the CTO's management capacity, and demoralise the engineers who are performing. Sam Altman's advice from his time as president of Y Combinator is blunt: "Fire quickly. Everyone knows this in principle and no one does it."\\] The emotional difficulty of firing someone the CTO personally recruited, in a team small enough that everyone eats lunch together, is one of the hardest experiences in the role. Mack's reflection applies: "If you feel uncertain if you need to hire a particular role, it's probably too early."\\]
| | AUTHOR: CorralData's hiring experience -- how did you find your first engineers? What worked, what did not? In healthcare B2B, the talent pool has specific constraints: compliance familiarity, domain knowledge, willingness to work with healthcare data. What was the recruiting channel that actually produced hires? |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Org Design Is System Design
In 1968, Melvin Conway submitted a paper to the Harvard Business Review arguing that the structure of an organisation determines the structure of the systems it produces. HBR rejected it on the grounds that he had not proved his thesis. The paper was published in _Datamation_ instead, and the principle it described -- "Any organization that designs a system will inevitably produce a design whose structure is a copy of the organization's communication structure" -- became one of the most cited observations in software engineering.\\]
Fred Brooks named it Conway's Law in _The Mythical Man-Month_ in 1975\. Martin Fowler, writing in 2022 after decades of observing the principle in practice, states: "If there is one thing they all agree on, it's the importance and power of Conway's Law. Important enough to affect every system I've come across, and powerful enough that you're doomed to defeat if you try to fight it."\\]
The implication for the startup CTO: the team you build literally determines the architecture you ship. A team of three generalists working in one room will produce a monolith. A team split into frontend, backend, and data will produce three services with an integration layer. Neither is inherently wrong -- what matters is that the CTO is making the organisational choice consciously, understanding that it is simultaneously an architectural choice.
The Inverse Conway Maneuver, coined by Jonny LeRoy and Matt Simons at ThoughtWorks in 2010, takes this further: rather than letting the org chart dictate the architecture, deliberately structure teams to produce the architecture you want.\\] Nicole Forsgren's DORA research validated this empirically: "Organizations should evolve their team and organizational structure to achieve the desired architecture."\\]
Jeff Bezos institutionalised this principle at Amazon with the two-pizza team: autonomous groups of fewer than ten people, small enough to be fed with two pizzas. The logic was not about pizza. It was about communication overhead. Bezos, as documented in Brad Stone's _The Everything Store_, argued that "Communication is a sign of dysfunction. It means people aren't working together in a close, organic way."\\] The two-pizza team was designed to minimise the communication paths that Conway's Law says will be reflected in the system architecture.
Will Larson provides the most practical team-sizing guidance for startups. His principle: "Teams should be six to eight during steady state. To create a new team, grow an existing team to eight to ten, and then bud into two teams of four or five. Never create empty teams." His warning about small teams is emphatic: "I've sponsored quite a few 1-2 person teams, and each team I've regretted. To repeat: I have regretted it every single time." Teams of fewer than four, Larson argues, are "a sufficiently leaky abstraction that they function indistinguishably from individuals."\\]
Matthew Skelton and Manuel Pais, in _Team Topologies_ (2019), formalised the types of teams that a scaling organisation needs: stream-aligned teams (focused on a single flow of work, such as a product feature or user journey), platform teams (providing internal services that stream-aligned teams consume), enabling teams (helping other teams adopt new capabilities), and complicated-subsystem teams (owning components that require deep specialist knowledge). Fowler's assessment: "All models are wrong, some are useful. Thus Team Topologies is wrong -- complex organizations cannot be simply broken down into just four kinds of teams and three kinds of interactions. But constraints like this are what makes a model useful."\\]
The Spotify squad model -- which organised engineers into cross-functional squads within tribes, with chapters and guilds providing cross-cutting alignment -- became the most imitated organisational structure in tech after Henrik Kniberg documented it in 2012\. It also became one of the most cautionary tales. Jeremiah Lee, a former Spotify employee, published a detailed critique in 2020: "Spotify tried a long-lived matrix team structure with unusual word choices. It did not work well."\\] Joakim Sundén, a Spotify agile coach from 2011 to 2017, was more pointed: "People have really struggled to copy something that didn't really exist."\\]
The lesson for the startup CTO is not that squads are bad or that two-pizza teams are good. It is that organisational structure is not something to borrow from a company blog post. It is something to design for the specific communication patterns the CTO needs, understanding that those patterns will be reflected directly in the system the team produces.
| | AUTHOR: How CorralData's team is currently structured -- and how that structure reflects the product architecture. Is there a one-to-one mapping between team boundaries and system boundaries? Has Conway's Law been visible in your experience? The healthcare B2B context may introduce specific organisational constraints: a dedicated compliance function, a data engineering team handling HIPAA-governed pipelines. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The First VP of Engineering Hire
There is a moment in every startup's growth when the CTO realises they are spending all their time on management and none on technology. Daniel Doubrovkine, CTO of Artsy, created a public Slack channel logging his weekly activities and discovered that the vast majority were consumed by people management and product coordination. "I was not able to make time to raise my head and to look at anything further on the horizon," he wrote. "I needed help."\\]
That help is a VP of Engineering. The role is the CTO's complement: the CTO owns the technical direction; the VPE owns the team that executes it. Fred Wilson, co-founder of Union Square Ventures, provides the canonical distinction: "A VP Engineering is ideally a great manager and a great team builder. A CTO is ideally the strongest technologist in the organization." The ideal: "When a company has a strong CTO and a strong VP Engineering that trust, respect, and like each other, you have a winning formula."\\]
Mark Suster, a venture capitalist at Upfront Ventures who was twice a startup founder, provides the timing guidance: "If I were a pure startup with 5 people I'd want a Chief Architect. As the company and therefore the team size grew I'd want a VP of Engineering. For me the inflection point is usually when you have 5+ developers."\\] Most practitioners cite 10 to 25 engineers as the range where the hire becomes urgent. Fred Wilson's test is simpler: "When you feel you aren't managing your eng team well enough."\\]
The hire can go wrong in specific, predictable ways. Julia Austin, a former VP of Engineering who teaches at Harvard Business School, describes the pattern: "A company I advise wanted to understand how their VP Engineering hire could be let go after only one quarter. They hired a deep technology-focused leader when they needed an empathetic people leader to scale the organization."\\] The mistake is hiring a second CTO when the company needs a people manager. Cheryl Liew, who worked at Riviera Partners, a technical executive search firm, documents the extreme case: at Clinkle, a startup that raised a $25 million seed round, VP of Engineering Chi-Chao Chang quit after less than 24 hours because the company was too secretive about the state of its product.\\]
Camille Fournier, who was CTO of Rent the Runway and later wrote _The Manager's Path_, provides the most important warning for the CTO making this hire. Many CTOs, she observes, give up all management responsibilities to their VPE, "sometimes going so far as to not even have the VPs reporting to them." The consequence: "It is incredibly difficult to maintain influence and effectiveness as an executive with no reporting power. If you give up management, you're giving up the most important power you ever had over the business strategy."\\]
The VPE hire is not a delegation of authority. It is a division of labour. The CTO retains accountability for the technical direction, the architecture, and the strategic communication with the board. The VPE takes ownership of team health, recruiting operations, process design, and execution cadence. Doubrovkine's approach was deliberate: he catalogued his activities, identified the ones that a great people-and-process leader could own, and hired specifically for those. His Artsy colleague received an internal announcement that made the division explicit.\\]
Brad Feld, co-founder of Foundry Group, provides the complementary warning from the investor's perspective: "The great CTO's usually can't manage their way out of a paper bag, but have huge vision, the ability to pull an all-nighter and crank out a rough prototype of the thing they are thinking about."\\] The investor is not insulting the CTO. The investor is observing that the skills that made the CTO effective at five people -- deep technical ability, the willingness to build everything personally, the instinct to solve problems in code -- are not the skills that make the CTO effective at fifty. The VPE hire is the structural acknowledgment of that transition.
| | AUTHOR: CorralData's experience with this transition -- have you hired (or considered hiring) a VPE? At your current stage, what does the division of labour look like? What would change if you had a strong people-and-process leader on the team? The reader at your stage needs to see the decision being considered, not just the theory. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Managing Engineers Who Are Smarter Than You
Allan Leinwand, CTO of Shopify, asks the question that every growing CTO confronts: "How do I gain the credibility of the really smart people on my team who are far more technical and detailed than I am, in order to lead them?"\\] His answer begins with an uncomfortable admission: "I hate to break this to you, but when you climb the CTO ladder you're not going to be pushing new code to production very much, if ever."\\]
The CTO's technical skills erode as their management responsibilities expand. Charity Majors, CTO of Honeycomb, describes this as a law of the role: "Your technical skills stop advancing when you become a manager, and instead begin eroding. Two years in, you aren't the effective tech lead you once were; your information is out of date and full of gaps."\\] This is not a failure. It is the expected trajectory. The CTO who tries to remain the best coder on the team is competing with their own engineers rather than enabling them.
The goal -- the sign that the CTO is succeeding -- is a team where multiple engineers are technically stronger than the CTO in their respective domains. The CTO's value shifts from producing code to producing the conditions under which the best engineers can do their best work. Leinwand's observation is worth internalising: "ICs also have a lot of influence and power -- at times, I actually think that ICs have more power than those of us in leadership roles."\\]
Will Larson's _Staff Engineer_ identifies four archetypes for senior individual contributors: the Tech Lead, who guides one team's approach and execution; the Architect, who owns technical direction across a critical area on a multi-year horizon; the Solver, who troubleshoots the hardest problems and then transitions solutions to other teams; and the Right Hand, who serves as a strategic advisor to senior leadership.\\] The CTO's relationship to each archetype is different. The Tech Lead needs autonomy within a defined scope. The Architect needs alignment on the long-term vision. The Solver needs access to the hardest problems. The Right Hand needs trust and context.
Tanya Reilly's concept of "glue work" -- the invisible labour of coordination, documentation, onboarding, and cross-team facilitation -- is essential to how the CTO thinks about senior IC contributions. "Your job title says 'software engineer', but you seem to spend most of your time in meetings," Reilly writes. "Congratulations: you're the glue." The danger: glue work is the difference between a project that succeeds and one that fails, but it is systematically undervalued because it does not produce code.\\] The CTO who evaluates engineers solely on code output will lose the engineers who make everyone else productive. Dan North's observation from Chapter 9 applies directly: "Your highest-value developers are 10x by enabling other developers. Often the least useful thing they can be doing is producing code themselves."
Pat Kua, former CTO of N26, provides the structural framework: the Trident Model, which defines three career tracks -- Management, Technical Leadership, and Individual Contributor. The key insight is the middle track. Kua argues that the "IC track" label is misleading because most organisations need _technical leadership_, not just individual contribution. "People in this track must have relevant hands-on technical skills and experience. They should have good but not necessarily the best skills in the team they are leading."\\] The CTO who builds a technical leadership track -- distinct from both the management track and the pure IC track -- creates a path for the engineers who want to lead without managing, which is the path that most of the strongest engineers prefer.
Fournier identifies the failure mode that the CTO must avoid in themselves: the "alpha geek" -- "someone who values intelligence and technical skills above all other traits, who always makes it seem like they have all the right answers." The alpha geek CTO cannot lead engineers who are smarter than them because the CTO's identity is built on being the smartest person in the room. The secure CTO -- the one who has internalised that their value is in judgment, context, and communication rather than raw technical output -- can hire engineers who are better than them and be genuinely delighted about it. That delight, more than any hiring framework or org chart, is the signal of a CTO who has made the transition from builder to leader.\\]
| | AUTHOR: Your experience managing engineers who are stronger than you in specific technical domains -- at CorralData or in prior roles. How do you evaluate work you can no longer do yourself? How do you maintain credibility? The reader who is transitioning from "best coder" to "leader of coders" needs to see this done in practice. |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
## Culture Is a System
Kellan Elliott-McCrea spent five years as CTO of Etsy. When he left in 2015, he wrote a retrospective that reframes culture in terms that every engineer should recognise. "Technology is the product of the culture that builds it. Great technology is the product of a great culture." His approach was to treat culture as a system -- a series of hypotheses to be tested, iterated on, and refined. "The goal was always to build a culture -- a culture of learning, a culture of generosity, a culture of values. Culture infects everyone. Successfully building a culture ensures when you leave you can hand your work off to people you trust and they will run the thing without you and make it better than you could have imagined."\\]
That last sentence is the chapter's thesis: the CTO's job is to build a team that ships without them. Elliott-McCrea achieved this by treating culture not as a set of values to be declared but as a set of behaviours to be designed. "Culture is what you do, not what you say. It starts at the top. It affects everything. You have a choice about the culture you promote, not about the culture you have."\\]
Ron Westrum's typology, which the DORA research adopted and validated, provides the diagnostic framework. Organisations fall into three cultural categories: pathological (power-oriented, where messengers are shot and failure is punished), bureaucratic (rule-oriented, where messengers are tolerated and failure triggers process), and generative (performance-oriented, where messengers are trained, failure triggers inquiry, and novelty is implemented).\\] The DORA data shows that generative cultures consistently outperform the other two on software delivery metrics -- which means culture is not a soft, unmeasurable concern. It is a leading indicator of engineering performance.
The practical implication for the startup CTO: the culture is forming whether the CTO designs it or not. Jason Fried, co-founder of Basecamp, puts it directly: "You don't create a culture. Culture happens. It's the by-product of consistent behavior."\\] The CTO who does not make deliberate choices about how the team communicates, how decisions are made, how failures are handled, and how recognition is distributed will end up with the culture that forms by default -- which is usually the culture of the loudest or most political person on the team.
Netflix's culture deck, which Sheryl Sandberg once called "the most important document ever to come out of the Valley," provides one model: radical transparency, high performance expectations, and generous severance for adequate performers. The model produces extraordinary output and, as Harvard Business School researchers documented, a state of paranoia among some employees about being terminated.\\] The CTO should study it as an existence proof -- culture can be engineered -- not as a template. Netflix was a mature company when it published the deck. A five-person startup that fires people for "adequate performance" will have no people left.
Molly Graham, who helped scale Google from 25 to 125 people in nine months and later served as COO of Quip, articulates the specific emotional challenge of culture during rapid growth: "As you add people, you go through this roller coaster of, 'Wait, is that new person taking my job? What if they don't do it the right way? What if they're better than me at it?'" Her advice: "If you personally want to grow as fast as your company, you have to give away your job every couple months."\\] The CTO who hoards responsibilities -- who remains the sole code reviewer, the sole architecture decision-maker, the sole point of contact for the CEO -- is not protecting quality. They are creating a bottleneck that will break when the company outgrows their capacity.
Claire Hughes Johnson, who was COO of Stripe during its growth from 200 to more than 7,000 employees, frames the cultural infrastructure as an "operating system" -- the set of norms that outline how the company functions, including mission, long-term targets, key values, and team charters.\\] The CTO does not need to build this alone. But the CTO needs to ensure that the engineering team's operating system -- how code is reviewed, how decisions are documented, how on-call rotations work, how technical debt is prioritised -- is explicit rather than implicit. Implicit norms work at five people. They break at fifteen. They are lethal at fifty.
The mechanism of failure is specific: during rapid hiring, new employees learn culture from other recently hired employees who may not have had time to learn the actual culture themselves. Mudassir Sheikha, co-founder of Careem, describes the result: "As you hire rapidly, new hires learn culture from other recently hired staff who may not have had time to learn how things work at your company. Instead, they transmit values they learned in previous roles."\\] This is culture dilution -- and the only defence against it is making the culture explicit enough that a new hire can absorb it from documentation and observed behaviour rather than from the person who joined two weeks before them.
| | AUTHOR: CorralData's culture -- what are the explicit norms? How do you handle failure, recognition, and decision-making? Is the culture documented or implicit? A specific example of a cultural norm that you designed deliberately -- and one that formed without your input -- would ground this section. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## When the Office Does Not Exist
Most startup engineering teams are now distributed. The 2025 We Work Remotely report found that 73% of small businesses offer full location flexibility, and University of Pittsburgh researcher Mark Ma found that smaller firms are using remote work as a structural advantage in the talent market -- hiring the engineers that larger companies lose to return-to-office mandates.\\] For the startup CTO, this is not a perk to offer. It is a default to design for.
The challenge is not productivity -- Nicholas Bloom's landmark randomised controlled trial at Trip.com, published in _Nature_ in 2024 with 1,612 employees, found that hybrid work had zero measurable effect on productivity or promotion rates while reducing resignations by 33%.\\] The challenge is that remote work strips away three things offices provide for free: relationships, alignment, and visibility of pain. In an office, people build bonds over lunch without the CTO arranging it. Teams see what others are working on through ambient exposure. Frustration finds its way to leadership through hallway conversations. In a distributed setting, all three must be deliberately engineered or they do not happen at all.
Matt Mullenweg, who has run Automattic (the company behind WordPress) as a fully distributed organisation since 2005, describes a five-level maturity model modelled on autonomous driving.\\] Most companies that went remote during COVID operated at Level 2 -- recreating the office online with wall-to-wall synchronous video calls. Level 3 emerges when teams invest in asynchronous processes and start hiring for writing ability. Level 4 is where evaluation shifts from presence to output. GitLab, under CEO Sid Sijbrandij and former Head of Remote Darren Murph, took the documentation-first approach to its logical conclusion: their publicly available handbook -- over 100,000 words contributed by Murph alone -- serves as a single source of truth that replaces the ambient information flow of an office.\\] Mitchell Hashimoto, co-founder and former CTO of HashiCorp, drew the connection to open-source collaboration: contributors who have never met, anywhere in the world, submitting work asynchronously. He explicitly modelled HashiCorp's engineering culture on that pattern.\\]
For the CTO building a distributed team, three operating rhythm adjustments from [Chapter 14](14-operating-rhythm.html) become essential rather than optional. The 5-15 weekly update moves from useful to critical -- it is the only mechanism that makes engineering's work visible to the company. The engineering all-hands or demo day becomes the primary culture-building event rather than a supplement to daily office interaction. And the 1:1 becomes the CTO's only reliable channel for detecting the frustration, confusion, and disengagement that would otherwise surface in a hallway conversation that never happens. The CTO who leads a distributed team without these cadences will discover the problems only when the resignation arrives.
| | AUTHOR: CorralData's distributed work setup -- how does the team work across locations? What has worked, what has failed? The reader building a remote engineering team needs to hear the specific adaptations you have made, including the ones that did not work the first time. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Building for the AI Era
[Chapter 12](12-ai-transformation.html) examines the AI transformation in full. Here, the concern is specific: AI is changing what the CTO should hire for.
Garry Tan, CEO of Y Combinator, reported in early 2025 that for roughly a quarter of the current YC batch, 95% of code was written by AI. Companies are reaching $10 million in revenue with teams of fewer than 10 people.\\] Revelio Labs data, reported by CNBC, shows that median headcounts at similar-stage startups have dropped 17.5% -- from 57 to 47 employees -- while median funding per employee has roughly doubled.\\] The Leonis AI 100, benchmarking the most important AI startups of 2025, found that 86% of founders across the top 100 AI companies are technical -- compared to 59% in the previous generation of unicorns.\\]
Tobi Lütke, CEO of Shopify, made the organisational implication explicit in an internal memo shared publicly in April 2025: "Using AI effectively is now a fundamental expectation of everyone at Shopify. Teams must demonstrate why they cannot get what they want done using AI before asking for more headcount and resources."\\]
The hiring implication is not that the CTO should hire fewer engineers. It is that the profile of the engineer worth hiring has shifted. Kent Beck, describing his own experience with AI coding tools, frames the change: "I make more consequential programming decisions per hour, fewer boring vanilla decisions."\\] The engineer who thrives in the AI era is not the one who writes the most code. It is the one who makes the best decisions about what to build, how to structure it, and when the AI's output needs to be overridden.
Laura Tacho, CTO of DX, provides the most rigorous data on what this looks like in practice. Across 180 companies and 67,000 developers, her research shows that AI-authored code now makes up roughly 27% of all production code, and onboarding time for new engineers has been cut in half -- measured by time to the tenth pull request.\\] But the outcomes diverge dramatically by team: "Some companies are dealing with twice as many customer-facing incidents, while others see a 50% drop. The difference comes down to how AI is used."\\]
That divergence is a hiring signal. The CTO is no longer hiring engineers who can write code. They are hiring engineers who can evaluate, direct, and override AI-generated code -- which requires stronger architectural judgment, deeper domain knowledge, and better communication skills than the pre-AI era demanded. Beck's observation about junior engineers is counterintuitive and important: "The junior bet has gotten better. Not because juniors have changed, but because the genie, used well, accelerates learning."\\] The junior engineer who can collaborate effectively with AI tools compresses their ramp dramatically. The one who cannot is producing AI-generated debt at scale.
| | AUTHOR: How AI has changed hiring at CorralData -- are you looking for different skills than two years ago? Has the team size changed relative to what you would have expected without AI tools? In the healthcare context, domain knowledge may have become more important relative to raw coding ability, since AI can handle the code but cannot handle the compliance judgment. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Hire Slowly, Fire Fast
The phrase is a cliché because it is correct. At a ten-person startup, one bad hire is ten percent of the company. At IBM, one bad hire is a rounding error. The mathematics of small teams means that every hiring mistake has an outsized impact on culture, velocity, and morale -- the wrong person does not simply underperform, they change the behaviour of everyone around them. Sam Altman's guidance to YC companies is characteristically blunt: "Don't compromise on the quality of people you hire. Everyone knows this, and yet everyone compromises on this at some point during a desperate need. Everyone goes on to regret it, and it sometimes almost kills the company."\\]
The "hire slowly" half means resisting the urgency that every startup feels. The temptation is to fill the seat -- any seat -- because the team is overwhelmed and the backlog is growing. The CTO who hires the first person who clears a low bar has solved the headcount problem and created a culture problem. Altman again: "Good and bad people are both infectious, and if you start with mediocre people, the average does not usually trend up. Companies that start off with mediocre early employees almost never recover."\\]
### Known Quantities
One of the strongest advantages the founding CTO has is their professional network. People you have worked with before -- former colleagues, collaborators, engineers from previous companies -- are a known quantity in a way that no interview process can replicate. You have seen how they handle pressure, how they communicate under ambiguity, whether they ship or merely discuss shipping. The reduced risk of a network hire is real: you are betting on observed behaviour rather than interview performance, and those are very different things.
The caveats are equally real. First, you must still interview them. The relationship should not bypass the process. The person you knew as a brilliant engineer at your last company may not be the right engineer for your current company -- the stage is different, the domain is different, and the role may require skills you never saw them exercise. Second, if you and the candidate are too close -- friends, former housemates, the kind of relationship where objective evaluation is compromised -- bring in a neutral third party to run the technical interview. Pay an external interviewer if you need to. The cost of a clean read is trivial compared to the cost of a bad hire you made because you could not bring yourself to see the red flags in a friend. Third, and most importantly: hiring exclusively from your network reproduces your demographics, your perspectives, and your blind spots. The CTO who builds a team entirely from former colleagues has built a team that thinks like them -- which is comforting in the short term and dangerous in the long term, because the problems the company will face are not the problems the CTO has already solved.
| | AUTHOR: Your experience hiring from your network at CorralData. Have you brought in former colleagues? How did you handle the interview process with people you already knew? Any examples where the known-quantity advantage played out -- or where familiarity blinded you to a mismatch? |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
### Trusting Your Gut -- and Checking It
Altman offers the sharpest hiring heuristic in the startup canon: "Trust your gut on people. If you have doubt, then the answer is no."\\] The principle is sound. Experienced managers develop pattern recognition about fit that operates faster than conscious analysis -- a sense that something is off, a feeling that the person will not thrive, an instinct that the interview performance does not match the real capability.
The problem is that gut instinct encodes every bias the CTO carries. The engineer who does not make eye contact may be neurodivergent, not disengaged. The candidate who seems "not a culture fit" may simply not look or sound like the rest of the team. The woman who asks about work-life balance may be doing exactly what a man with the same question would be praised for: establishing healthy boundaries. The CTO who trusts their gut without examining what their gut has been trained on will build a team that reflects their biases rather than their values.
The practical solution is not to ignore the gut but to interrogate it. When you feel doubt about a candidate, write down the specific behaviours or responses that triggered it. If you cannot articulate the concern in concrete terms -- "they could not explain how they would approach the data migration problem" rather than "something felt off" -- the doubt may be bias rather than signal. Structured interviews with consistent questions and rubrics help here: they force evaluation against criteria rather than against the CTO's unconscious model of what a good engineer looks and sounds like.
### When It Is Not Working
The "fire fast" half is where most CTOs fail. The pattern is always the same: the CTO senses within the first month that a hire is not working out. They wait. They hope it will improve. They give the benefit of the doubt. They tell themselves the person needs more time. Three months pass. Six months pass. The underperformance is now visible to the entire team, and the team is watching to see whether the CTO will act.
Kim Scott's Bob story from _Radical Candor_ -- already cited in this chapter -- is the canonical cautionary tale. But the cost is not just the underperformer's output. The cost is what happens to everyone else. The team sees the standard being lowered. The high performers start wondering whether excellence is rewarded or merely expected while mediocrity is tolerated. The cultural message is unambiguous: performance does not matter here as much as the CTO says it does. One person in the wrong seat at a ten-person startup produces the same cultural damage as a hundred people in the wrong seats at a thousand-person company -- because at a startup, everyone can see everything.
Altman's advice is simple: "Fire quickly. Everyone knows this in principle and no one does it. Also, fire people who are toxic to the culture no matter how good they are at what they do."\\] The word "quickly" requires qualification. It does not mean firing without process or without giving the person a fair chance to course-correct. It means having the conversation -- "here is what I am seeing, here is what needs to change, here is the timeline" -- within weeks, not months. If the conversation produces improvement, excellent. If it does not, the decision should already be clear. The CTO who waits six months to fire someone they knew was wrong at six weeks has not been kind. They have been unfair -- to the person, who deserved honest feedback early enough to act on it, and to the team, who deserved a leader willing to maintain the standard they were hired into.
| | AUTHOR: A firing story from CorralData -- or from a previous role. The reader needs to see the emotional reality: the dread, the conversation, the aftermath, what you learned. This is one of the hardest parts of the job and one of the least discussed. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The First Ninety Days
The CTO who hires well has solved half the problem. The CTO who onboards well has solved the other half. A brilliant engineer who spends their first month confused, unsupported, and unable to ship is not a bad hire -- they are a badly onboarded hire. And at a startup, where there is no dedicated HR team, no learning and development programme, and no twenty-page onboarding handbook, the CTO is the onboarding system.
Lara Hogan, former VP of Engineering at Kickstarter, frames the first thirty days as "sponge mode" -- the new hire's primary job is to absorb information, not to produce output. "These first 30 days are the biggest opportunity you'll ever have in this role to build trust with your teammates," Hogan writes.\\] At a startup, sponge mode is compressed. The luxury of thirty days of pure observation does not exist when the team has five people and every pair of hands matters. But the principle is sound: the new hire who ships a PR on day three without understanding why the system is designed the way it is has produced code without context. The new hire who spends week one understanding the product, the customer, and the codebase before writing a line has produced something more valuable: judgment.
A lightweight 30-60-90 plan for an engineering hire at a small startup:
**Days 1--30: Orient.** Set up the development environment and ship a small, low-risk change -- a bug fix, a documentation improvement, a minor feature -- within the first week. The goal is not the output; it is the feedback loop. The new hire learns how the team works: how code is reviewed, how decisions are made, what "done" means. They meet every member of the team individually. They sit in on a customer call or watch a recorded demo. They read the existing documentation -- and, more importantly, they identify the documentation that does not exist but should.
**Days 31--60: Contribute.** The new hire takes ownership of a project -- a feature, a migration, a piece of technical debt reduction -- with clear scope and a defined endpoint. They participate in sprint planning and architecture discussions. They begin building relationships with non-engineering colleagues: the CEO, the sales team, the customer success lead. By the end of month two, they should be able to explain the product's value proposition to a customer without using technical language.
**Days 61--90: Own.** The new hire operates independently. They make architectural decisions within their area of responsibility without requiring the CTO's approval. They participate in code review as a reviewer, not just a reviewee. They contribute to prioritisation discussions with opinions grounded in their accumulated context. At the end of ninety days, the CTO can answer the question: is this person a multiplier? If the answer is not clearly yes, the CTO must revisit the hiring decision -- which is why the 30-60-90 plan doubles as an evaluation framework.
Assign every new hire an onboarding buddy -- not their manager, but a peer who can answer the questions the new hire is embarrassed to ask the CTO. "Where is this documented?" "Why does this service exist?" "Is it always this chaotic, or is this week unusual?" The buddy is the new hire's guide to the informal knowledge that no documentation captures. At a five-person startup, this is one of the other four people. At a twenty-person startup, it should be someone who has been through the same onboarding recently enough to remember what was confusing.
| | AUTHOR: How onboarding works at CorralData today. Do you have a 30-60-90 plan? What does the first week look like? What's the time-to-first-PR? How has onboarding changed as the team has grown? Any stories of onboarding done well or badly? |
| | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Evaluating the Team You Built
The CTO who builds a team must also evaluate it -- and at a startup, this is harder than it sounds. Corporate performance review systems -- annual cycles, forced ranking, multi-page rubrics -- were designed for organisations with hundreds of employees, dedicated HR departments, and stable role definitions. A startup with ten engineers has none of those things. The roles change quarterly. The CTO is both evaluator and peer. And the entire exercise can feel, as Buffer's Chief of Staff Carolyn Kopprasch put it, "silly to do something that felt 'corporate' and unnecessary."\\]
The alternative -- no reviews at all -- is worse. Max Ventilla, founder of AltSchool and a former Google product manager, rebuilt Google's performance system for startup scale. His warning: "\`I've seen a lot of companies that really hit the wall around three, four, five years in. Many times you have a real star performer who has done great work and gotten clear praise for years. Then you hire someone over them, and pretty justifiably they say, '`What the hell?`'\`"\\] The absence of a formal system does not mean the absence of evaluation. It means the evaluation is happening informally, inconsistently, and in ways the CTO cannot defend when challenged.
The practitioner consensus on cadence is narrow: **twice a year, supplemented by continuous feedback in 1:1s**. Ventilla runs quarterly reviews at roughly two hours per employee and five hours per manager per cycle. Molly Graham, who has designed review systems at companies from five to five thousand employees, recommends a heavy cycle and a light cycle: "Once per year is too infrequent for how fast our industry moves, but quarterly is overkill."\\] Sam Altman's guidance to YC companies is simpler: "An important component of creating pathways is performance feedback. It can be light, but it should happen frequently."\\]
### Giving Reviews to Engineers
The CTO's dual challenge is evaluating both the technical output -- code quality, architectural judgment, delivery speed -- and the non-technical dimensions that matter just as much: communication, initiative, reliability, collaboration with non-engineers. Camille Fournier identifies the common failure mode: "Many new managers are comfortable giving technical feedback, and uncomfortable giving other kinds of feedback. They freely criticize the design and technical work of their team, but they don't challenge their team members on other growth areas like collaboration, communication style, or project ownership."\\]
Fournier's solution is concrete: anchor every piece of feedback in a specific example. "If you can't use a concrete example to support a point, ask yourself if the point is something you should be communicating in the review."\\] The principle scales down to a five-person team: the CTO who tells an engineer "you need to communicate better" has given feedback that cannot be acted on. The CTO who says "in last week's sprint review, you described the caching change in technical terms that the sales team couldn't follow -- next time, lead with the user impact and add the implementation detail after" has given feedback that can be acted on immediately.
At small teams, peer feedback is the strongest complement to the CTO's assessment -- but it must be designed carefully. Lenny Rachitsky warns: "Some of the highest performers I've worked with ruffle feathers on occasion to deliver the right outcome -- which can lead to negative peer feedback."\\] Will Larson, whose first year as CTO of Calm involved running the entire review process from a spreadsheet, notes that peer feedback quality varies enormously: "I've managed teams who feel peer feedback is too uncomfortable to give honestly, and those teams have provided useless peer feedback."\\]
Dave Smith, Engineering Director at HireVue, provides a model that works for small teams: three questions via a shared form -- "What should this person continue doing? What should this person start doing? What should this person stop doing?" -- non-anonymous, delivered in person. The result: "Feedback is 95% positive and team members usually leave the feedback session feeling energized."\\] The non-anonymous design is the key. At a five-person team, anonymity is a fiction -- everyone knows who wrote what -- and the pretence of anonymity licenses dishonesty.
Kim Scott's Radical Candor framework provides the behavioural principle beneath all of this: feedback should be "humble, helpful, immediate, in person -- in private if it's criticism and in public if it's praise."\\] Lara Hogan, former VP of Engineering at Kickstarter, offers the most actionable micro-framework for delivering it: the feedback equation. Step one: state the observed behaviour -- just the facts, no interpretation. Step two: describe the impact -- and pick the impact the recipient will care about most. Step three: ask a genuine question or make a request. "When you presented the migration timeline to the CEO without caveats, it set an expectation we can't meet, which puts engineering's credibility at risk. Can we talk about how to frame estimates with the right confidence level?" That is the equation in practice. Hogan's diagnostic is equally useful: "If a report was surprised by what's in their review -- their manager hasn't done the work of making their feedback direct and specific."\\]
Adil Ajmal, a serial CTO whose companies include TenMarks (acquired by Amazon) and Posterous (acquired by Twitter), distils the evaluation itself to two dimensions: "Did the person do what they agreed to do or were expected to do? (The 'What') How did they go about doing it? (The 'How')." The second dimension is where most startup CTOs under-invest: "I would never rate an engineer very highly if their deliverables were great but they burnt through a lot of people or systems to get there."\\]
Scott's cautionary tale is the one every CTO should read before their next review cycle: after avoiding hard feedback with an underperformer named Bob for ten months, she finally sat down to fire him. "\`Bob pushed his chair back, looked at me, and said, '`Why didn't you tell me? Why didn't _anyone_ tell me?`'\`"\\] The kindest thing the CTO can do is tell people the truth early enough that they can act on it.
Jason Fried, co-founder of 37signals, takes the most radical position: no formal reviews at all. Instead, a single binary question applied at the one-year mark: "\`Knowing what I know now, would I hire them again? And that answers pretty much every question. Answers every question about performance, about attitude, culture fit, all the stuff.\`"\\] This independently parallels Netflix's keeper test. The CTO at a five-person startup may find Fried's approach sufficient. The CTO at a twenty-person startup will not -- but the question remains a useful private diagnostic even when a formal system is in place.
| | AUTHOR: How you handle reviews at CorralData. What's the cadence, the format, the tool? Have you had a "Bob" moment -- a time when you waited too long to give hard feedback? What did you learn? |
| | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
### Receiving Reviews from a Non-Technical CEO
There is a gap in the literature that this chapter is uniquely positioned to fill: no CEO has published a detailed account of evaluating their CTO, and no CTO has published a detailed account of receiving a formal review from a non-technical CEO. The silence itself is revealing. The CEO-CTO evaluation dynamic is asymmetric in a way that no other executive relationship replicates: the CEO cannot directly assess the CTO's core technical work, and the CTO often has no clarity on what criteria are being used.
Aviv Ben-Yosef, a tech executive consultant who has coached dozens of CTOs, names the vacuum: "Many CTOs and VPEs I speak to have no real clarity about how they are measured. I'll reveal that many CEOs aren't sure about how they measure the engineering org."\\] His advice to CTOs is uncomfortable but correct: define your own evaluation criteria before the CEO does it for you. "Even if you don't have a formal yearly review, you can use this mindset to turn the discussion more business-oriented with the CEO and take control of how you'll be measured and viewed."\\]
The translation problem -- this book's throughline -- applies with full force here. Ben-Yosef is blunt: "In an ideal world, a CEO never hears words like refactoring or tech debt. These are implementation details."\\] The CTO who presents their performance in engineering terms -- DORA metrics, test coverage, deployment frequency -- is speaking a language the CEO does not evaluate in. The CTO who presents their performance in business terms -- revenue impact of shipped features, cost of downtime avoided, hiring velocity relative to plan, customer retention tied to product quality -- is speaking the language the CEO uses with the board.
Etienne de Bruin, a practicing CTO, captures the lived frustration: "\`I've just explained why we can't ship the feature they want by Q1\. I've laid out the technical constraints, the architectural implications, the testing requirements. It's airtight. It's logical. It's right. The CEO sighs. '`Can we just get a rough estimate?`'\`"\\] His solution -- creating shared vocabulary by distinguishing "rough estimate" (30% confidence), "estimate" (70% confidence), and "commitment" (90% confidence) -- applies not just to project planning but to performance evaluation. The CTO and CEO must agree on the language before they can agree on the assessment.
Adelina Chalmers, whose data on CTO firing already anchors Chapter 10, provides the stakes: founding CTOs removed from their own companies despite unquestioned technical competence, for reasons that were "arrogant -- showing disdain towards board and ELT members who were non-technical; alienating the board with geek speak; not talking about the business outcomes of tech."\\] The CTO who treats their review as a technical report card is optimising for the wrong audience. The CTO who treats it as a business conversation -- here is what engineering delivered, here is the impact, here is what I need to deliver more -- is managing their own survival.
| | AUTHOR: How your CEO evaluates you. Is there a formal review? What criteria? How do you translate your technical work into language the board understands? The reader who is a solo CTO reporting to a non-technical CEO needs to see this dynamic described honestly, because nobody else has written about it. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
### Career Ladders: Start Lighter Than You Think
The performance review only works if there is a shared understanding of what "good" looks like at each level. At a five-person startup, this understanding is implicit -- everyone knows what everyone else does. At twenty people, it is not. The career ladder is the document that makes the implicit explicit.
Will Larson recommends writing a lightweight ladder before the first hire into a given role -- not because the ladder will be complete, but because the act of writing forces the CTO to articulate what they value.\\] Camille Fournier, reflecting on ten years since publishing the Rent the Runway engineering ladder -- one of the first public engineering ladders -- offers two warnings. First, do not let HR write it: "It's really not their job to define expertise in your functions." Second, do not over-engineer it: "You should not try to create a ladder that functions as a pure checklist or scorecard that guarantees promotion if people check enough boxes." But also do not under-engineer it: "When you roll out a half-assed engineering ladder, this new structure may actually make your life harder, because now you're going to have to negotiate with engineers eager to debate the finer points of broad and vague language."\\]
The practical minimum for a startup with fewer than fifteen engineers: three levels (junior, mid, senior) with two to three sentences per level describing what each looks like across two dimensions -- technical ability and scope of impact. The Medium engineering team's Snowflake model, open-sourced in 2017, maps progress across sixteen tracks with milestone points determining level. Its creators explicitly rejected the language of hierarchy: "Talking about ladders with 'higher' and 'lower' rungs felt out of tune ... this framework should be about growth, not leveling."\\] For a startup, that framing matters -- engineers at small companies chose startups partly to escape the corporate ladder, and presenting a growth framework rather than a ranking system respects that choice.
The site progression.fyi curates dozens of public engineering career frameworks -- from Rent the Runway to CircleCI to GitLab -- and is the best starting point for a CTO building their first ladder.\\] Copy someone else's structure. Adapt the language to your context. Share it with the team and iterate. The ladder is not a contract. It is a conversation tool -- a way to ensure that when the CTO says "senior engineer" and the engineer hears "senior engineer," they are picturing the same person.
One trap to avoid: title inflation. At startups where everyone is "senior" by default -- because the title was part of the offer letter that closed the hire -- the ladder becomes meaningless before it begins. Larson's principle applies: "Compare against ladder, not against others."\\] The question is not whether an engineer is better than their teammates. The question is whether they are operating at the level described in the framework. This distinction is what makes reviews defensible when someone is promoted over someone else -- the moment Ventilla warned about.
### Separate Pay from Performance
One final structural decision: whether to combine compensation conversations with performance conversations. The practitioner argument for separating them is strong. When compensation is on the table, the engineer stops listening to feedback and starts calculating their raise. The review becomes a negotiation rather than a growth conversation.
Buffer, which publishes its salary formula publicly, has fully decoupled the two: salaries change only due to market adjustments or career progression, never as a direct result of a performance review.\\] Christina Wodtke, author of _Radical Focus_ and the leading voice on OKRs, is explicit: "Keep OKRs separate from individual performance reviews."\\] The logic extends to compensation: if pay is tied to the review rating, the engineer optimises for the rating rather than for the work.
The counterargument is equally honest: at a startup with five engineers and no HR department, the CTO is conducting both conversations whether they are formally separated or not. The engineer knows that the person evaluating their performance is also the person who determines their salary. The separation is structural, not psychological. The practical recommendation: hold the performance conversation and the compensation conversation at least two weeks apart. Discuss growth, feedback, and expectations in the first meeting. Discuss pay in the second. The temporal gap creates space for the engineer to absorb the feedback without filtering it through the compensation lens.
| | AUTHOR: How you handle the pay-performance link at CorralData. Are they combined or separated? Has the approach changed as the team has grown? |
| | ---------------------------------------------------------------------------------------------------------------------------------------------- |
'''''
The team the CTO builds is the most consequential decision they make. More than the stack, the architecture, or the deployment pipeline -- all of which can be changed -- the first ten hires define the culture, the communication patterns, and the system architecture for the next hundred. Conway's Law ensures that the team structure is the system structure. The VPE hire determines whether the CTO can sustain the role as the company scales. The culture -- designed or defaulted -- determines whether the team ships with trust or with fear. The hiring discipline -- slow in, fast out, honest always -- determines whether the team stays strong as it grows. The onboarding -- structured enough to orient, lightweight enough to not suffocate -- determines whether great hires become great contributors. And the review system -- even a lightweight one -- determines whether the people the CTO hired know where they stand, where they are going, and whether anyone is paying attention to the difference.
Elliott-McCrea's formulation is the test: can the CTO hand the work off to people they trust, and will those people run the thing without them and make it better than the CTO could have imagined? If the answer is yes, the CTO has built a team. If the answer is no, the CTO has built a dependency -- and [Chapter 15](15-cto-burnout-isolation.html)'s burnout chapter is the inevitable consequence.
## Frequently Asked Questions
1. _How do you build a startup engineering team?_
Start by hiring senior generalists who can work across the full stack and are comfortable with ambiguity. Define your engineering culture explicitly rather than letting it emerge by accident -- write down your values, your code review standards, your approach to incidents. Structure teams around problems and customer outcomes rather than technology layers. Invest heavily in onboarding so new hires are productive within weeks, not months. Hire for the stage you are in, not the stage you aspire to reach.
2. _What is Conway's Law and why does it matter?_
Conway's Law states that organisations design systems that mirror their own communication structure. If you have separate front-end and back-end teams, you will get a system with a clear front-end/back-end boundary. This matters because it means your team topology is your software topology -- reorganising teams will reshape your architecture whether you intend it to or not. Smart CTOs use this deliberately, designing team structures to produce the architecture they want.
3. _When should a startup hire a VP of Engineering?_
Hire a VP of Engineering when the CTO can no longer effectively manage all the engineering managers, typically around 30 to 60 engineers. Other signals include the CTO spending all their time on people management with none left for technical strategy, engineering processes breaking down because nobody has time to maintain them, and hiring quality declining because the CTO cannot invest in recruiting. The VP of Engineering handles day-to-day team operations so the CTO can focus on technology strategy.
4. _How do you create a strong engineering culture?_
Culture is built through consistent, visible actions rather than written values. It is defined by what you actually do in code reviews, how you respond to incidents, who gets promoted and why, how you handle disagreements, and what you tolerate. Establish clear standards for code review, create blameless incident retrospectives, make promotion criteria transparent, and invest in onboarding that transmits culture to every new hire. Culture compounds -- small consistent actions matter more than grand gestures.
5. _What makes a good first engineering hire?_
Your first engineering hire should be a senior generalist who is comfortable with ambiguity, can work across the full stack, and complements the CTO's strengths rather than duplicating them. They need to be self-directed because there is minimal process or management structure to guide them. Look for someone who has shipped products in resource-constrained environments, communicates clearly, and can help define the engineering culture that all subsequent hires will inherit.
## References
. Mack, D. (\~2018). What I wish I knew when I became CTO. _SketchDeck Developer Blog_ (Medium).
. McKenzie, P. (2015). Hiring at scale \\\[Talk\]. Business of Software USA. -- MakeLeap meetup and Matasano Cryptopals examples from this talk.
. Collison, P. Interviewed by Elad Gil. In _High Growth Handbook_, Stripe Press, 2018\. Additional sources: ;
. Roach, M., & Sauermann, H. (2023). Can technology startups hire talented early employees? Ability, preferences, and employee first job choice. _Management Science_. DOI: 10.1287/mnsc.2023.4868\. Based on longitudinal data tracking 2,300+ science and engineering PhDs.
. Spolsky, J. (2006, October 25). The guerrilla guide to interviewing (version 3.0). _Joel on Software_. -- Originally published March 2000\. Expanded in _Smart and Gets Things Done_, Apress, 2007\.
. Feng, E. The simple numbers that could change how you hire \\\[Interview\]. _First Round Review_.
. Orosz, G. (2024, October 29). Hiring software engineers and engineering leaders from Big Tech (Part 1). _The Pragmatic Engineer_.
. Altman, S. (2015). Startup playbook. _Y Combinator_. -- "Don't compromise on the quality of people you hire"; "Trust your gut on people. If you have doubt, then the answer is no"; "Fire quickly. Everyone knows this in principle and no one does it"; "Good and bad people are both infectious."
. Conway, M. E. (1968, April). How do committees invent? _Datamation_, 14(4), 28--31\. -- Originally submitted to HBR (1967); rejected "on the grounds that I had not proved my thesis." Named "Conway's Law" by Fred Brooks in _The Mythical Man-Month_ (1975).
. Fowler, M. (2022, October 20). Conway's Law. _martinfowler.com/bliki_.
. LeRoy, J., & Simons, M. (2010, December). Inverse Conway Maneuver. _Cutter IT Journal_. Validated in Forsgren, N., Humble, J., & Kim, G. (2018). _Accelerate_, IT Revolution Press, p. 18\.
. Stone, B. (2013). _The Everything Store: Jeff Bezos and the Age of Amazon_. Little, Brown and Company. See also: Amazon. Amazon's two-pizza teams. _AWS Executive Insights_.
. Larson, W. (2018, July 14). Sizing engineering teams. _lethain.com_. -- See also Larson, W. (2019). _An Elegant Puzzle: Systems of Engineering Management_. Stripe Press.
. Skelton, M., & Pais, M. (2019). _Team Topologies: Organizing Business and Technology Teams for Fast Flow_. IT Revolution Press. Fowler assessment:
. Lee, J. (2020, April). Spotify's failed #SquadGoals. _jeremiahlee.com_. -- Kniberg, H., & Ivarsson, A. (2012). Scaling Agile @ Spotify. PDF:
. Doubrovkine, D. (2019, March 8). How to divide CTO and VP of engineering responsibilities. _code.dblock.org_.
. Wilson, F. (2011, October 31). VP Engineering vs CTO. _AVC_ (MBA Mondays).
. Suster, M. (\~2011). Want to know the difference between a CTO and a VP Engineering? _Both Sides of the Table_.
. Austin, J. (2016; updated 2020). The CTO to VP Engineering fork. _Medium_. -- Austin is a former VP Engineering and Harvard Business School Senior Lecturer.
. Liew, C. Hiring a VP Engineering if you're an early stage startup. _Medium / Monk's Hill Ventures_.
. Fournier, C. (2015, February 8). On the role of CTO. _Elided Branches_. -- See also Fournier, C. (2017). _The Manager's Path_. O'Reilly Media.
. Feld, B. (2007, October). CTO vs. VP Engineering. _Feld Thoughts_.
. Leinwand, A. (2022, August 9). Six tips for staying technical as a CTO. _Shopify Engineering Blog_.
. Majors, C. (2019, January 4). Engineering management: The pendulum or the ladder. _charity.wtf_.
. Larson, W. (2020, April 9). Staff archetypes. _staffeng.com_. -- See also Larson, W. (2021). _Staff Engineer: Leadership beyond the management track_.
. Reilly, T. (2019). Being glue. _noidea.dog_. -- See also Reilly, T. (2022). _The Staff Engineer's Path_. O'Reilly Media.
. Kua, P. (2019, February; updated 2025, November). The Trident Model of career development. _patkua.com_.
. Elliott-McCrea, K. (2015, August 31). Five years, building a culture, and handing it off. _kellanem.com_. -- Elliott-McCrea was CTO of Etsy 2010--2015\.
. Westrum, R. (2004). A typology of organisational cultures. _BMJ Quality & Safety_, 13(suppl. 2), ii22--ii27\. DOI: 10.1136/qshc.2003.009522\. Validated by Forsgren, N., Humble, J., & Kim, G. (2018). _Accelerate_. IT Revolution Press.
. Fried, J. (2008, May 13). You don't create a culture. _Signal v. Noise_. -- See also Fried, J., & Hansson, D. H. (2010). _REWORK_. Crown Business.
. McCord, P. (2014, January--February). How Netflix reinvented HR. _Harvard Business Review_. -- Netflix culture deck:
. Graham, M. (2015, September). 'Give away your Legos' and other commandments for scaling startups. _First Round Review_.
. Hughes Johnson, C. (2023). _Scaling People: Tactics for Management and Company Building_. Stripe Press. Hughes Johnson was COO of Stripe 2014--2021, growing it from \~200 to 7,000+ employees.
. Sheikha, M. 3 consequences of hypergrowth and how to prepare \\\[Case study\]. _HBS Accelerate_.
. We Work Remotely. (2025). State of Remote Work Report. 73% of small businesses offer full location flexibility. See also Ma, M. (University of Pittsburgh): smaller firms use remote work as structural talent advantage, hiring engineers lost to RTO mandates.
. Bloom, N. et al. (2024). Hybrid working from home improves retention without damaging performance. _Nature_, 630, 920--925\. -- RCT at Trip.com; N = 1,612; zero effect on productivity/promotions; 33% reduction in resignations.
. Mullenweg, M. (2020). Distributed work's five levels of autonomy. _ma.tt_. -- Level 1: no deliberate action; Level 2: recreating office online; Level 3: async processes; Level 4: evaluation by output; Level 5: nirvana.
. Sijbrandij, S. How GitLab embraces and enables remote work. McKinsey. See also GitLab Handbook: -- Over 100,000 words contributed by Darren Murph (former Head of Remote).
. Hashimoto, M. DevOps Chat: company origins, remote culture. _HashiCorp_. See also HashiCorp's writing-first culture: RFC-driven decision-making modelled on open-source contributor workflows.
. Novet, J. (2025, March 15). Y Combinator startups are fastest growing, most profitable in fund history because of AI. _CNBC_.
. CNBC / Revelio Labs. (2025, October 16). The AI effect? These tech startups employ 17.5% fewer workers than 5 years ago -- despite raising 50% more money.
. Xiao, J., Zhao, J., & Wu, L. (2025, November 5). The Leonis AI 100: Benchmarking the most important AI startups of 2025\. _Leonis Capital_.
. Lütke, T. (2025, April 7). Internal memo shared on X. -- Reported by CNBC:
. Beck, K. (2025, June 25). Augmented coding: Beyond the vibes. _Software Design: Tidy First?_ (Substack).
. Tacho, L. (2026). Measuring the impact of AI on software engineering \\\[Interview with Gergely Orosz\]. _The Pragmatic Engineer_. -- Data from 180+ companies, 67,000 developers (detailed dataset), 4.2M developers (broader dataset).
. Hogan, L. (2023, January 9). How to spend your first 30 days in a new senior-level role. _larahogan.me_. -- "These first 30 days are the biggest opportunity you'll ever have in this role to build trust with your teammates." See also Hogan's 30-60-90 day series for senior leaders.
. Kopprasch, C. (2023, August 10). How we run performance reviews at Buffer and why I have mixed feelings about them. _Buffer Blog_.
. Ventilla, M. (interviewed by First Round Review). AltSchool's CEO rebuilt Google's performance review system to work for startups -- here it is. _First Round Review_. -- Firsthand founder account; AltSchool ran quarterly reviews from founding.
. Graham, M. (2023, November 15). Part 4: Compensation for startups: A performance review system for startups. _Lessons_ (Substack). -- Based on experience designing or running reviews at dozens of companies from 5 to 5,000 employees.
. Altman, S. Later stage advice for startups. _Y Combinator Blog_.
. Fournier, C. (2021, October 9). How new managers fail individual contributors. _Elided Branches_. -- See also Fournier, C. (2017). _The Manager's Path_. O'Reilly Media.
. Rachitsky, L. The power of performance reviews: Use this system to become a better manager. _First Round Review_.
. Larson, W. (2023, September 3). Performance & compensation (for Eng Execs). _Irrational Exuberance_ (lethain.com). -- Documents Uber's original T3B3 system and Calm spreadsheet-based reviews.
. Smith, D. (2016, September 30). How we do engineering peer feedback at HireVue. _Medium_. -- Firsthand engineering director account.
. Scott, K. (interviewed by First Round Review). Radical Candor -- the surprising secret to being a good boss. _First Round Review_. -- See also Scott, K. (2017). _Radical Candor: Be a Kick-Ass Boss Without Losing Your Humanity_. St. Martin's Press.
. Hogan, L. Feedback equation. _larahogan.me_. -- See also Hogan, L. (2021, February 23). Set future performance reviews up for success now. _larahogan.me_. -- "If a report was surprised by what's in their review -- their manager hasn't done the work."
. Ajmal, A. (interviewed by First Round Review). Veteran CTO (with multiple successful exits) answers your top startup-building questions. _First Round Review_. -- Serial CTO: TenMarks/Amazon, Posterous/Twitter, LendingHome.
. Fried, J. (\~2026). Interview with David Senra. _Founders Podcast_. -- See also Netflix Culture Memo, "Keeper Test":
. Ben-Yosef, A. (2025--2026). CEO-CTO therapy (Part 1): Communication; (Part 2): Measuring engineering. _avivbenyosef.com_. and -- Tech executive consultant with dozens of CTO clients.
. de Bruin, E. (2025, October 29). The CTO's communication breakdown. _The CTO Substack_. -- Firsthand CTO account.
. Chalmers, A. (2024, July 3). Most founding CTOs are fired or moved sideways within 3--5 years. Here's why! _Medium_. -- Based on 13+ years advising startup CTOs and interviewing their investors.
. Larson, W. (2018, August 10). Designations, levels and calibrations. _Irrational Exuberance_ (lethain.com). -- "I strongly recommend writing a lightweight ladder before you hire the first person into a given role."
. Fournier, C. (2025, March 26). 10 years of engineering ladders. _Medium_. -- Reflection on the Rent the Runway ladder, one of the first published engineering career frameworks (2015).
. Talbot, J., & Bermes, M. (2017, October 17). Engineering growth: introduction. _Medium Engineering Blog_. -- Open-source Snowflake model:
. progression.fyi -- Curated collection of public engineering career frameworks. -- Includes ladders from Rent the Runway, CircleCI, GitLab, Buffer, Medium, Basecamp, and dozens more.
. Ravio. Compensation stories: Buffer's radically transparent salary system. -- Buffer publishes its salary formula publicly; no pay-for-performance element.
. Wodtke, C. (2016). _Radical Focus: Achieving Your Most Important Goals with Objectives and Key Results_. Cucina Media. -- "Keep OKRs separate from individual performance reviews." See also Doshay, H. (interviewed by Heavybit). OKRs for startups.
Chapter 12: The AI Transformation
====================
> Anything that is in the world when you're born is normal and ordinary. Anything that's invented between when you're fifteen and thirty-five is new and exciting and revolutionary. Anything invented after you're thirty-five is against the natural order of things.
-- Douglas Adams
"How to Stop Worrying and Learn to Love the Internet," The Sunday Times, 1999
Key Takeaways
* AI compresses the path from zero to one -- a prototype that once took weeks now takes hours -- but it complicates the path from one to a hundred, because prototypes that look production-ready often are not.
* Forty-five percent of AI-generated code contains security vulnerabilities. The speed gain is real, but so is the risk, and a CTO who adopts AI tooling without upgrading review practices is trading visible velocity for invisible liability.
* AI does not fix a team; it amplifies what is already there. High-performing teams get faster; struggling teams produce more code with the same underlying dysfunction, only now at greater volume.
* Experienced developers in a controlled trial took nineteen percent longer with AI assistance while believing they were twenty-four percent faster. The confidence gap between perceived and actual performance is itself a risk.
In October 2024, Eric Simons launched Bolt.new, an AI-powered development tool built on the browser-based IDE his company StackBlitz had spent years developing. The product hit $4 million in annualised recurring revenue in its first month, $20 million in its second, and $40 million within five months. The team that built it was 12 people -- down from 22 after layoffs that nearly killed the company months earlier.\\]
In that same period, Anysphere's Cursor became the fastest SaaS product ever to reach $100 million in ARR, achieving the milestone in January 2025 with a team of roughly 40 to 60 people. By November 2025, the company had crossed $1 billion in annualised revenue.\\] MidJourney, an AI image generation platform, reached approximately $200 million in revenue in 2023 with around 40 employees -- no outside funding, no sales team, built primarily on Discord.\\]
These numbers would have been structurally impossible five years ago. They are not outliers. Garry Tan, CEO of Y Combinator, reported in March 2025 that roughly a quarter of the current YC batch had 95% of their code written by AI. Companies in the batch were reaching $10 million in revenue with teams of fewer than 10 people. "The whole batch is growing 10% week on week," Tan told CNBC. "That's never happened before in early-stage venture."\\]
The CTO reading this chapter is facing a question that no previous generation of technical leaders had to answer: if a dozen people can build a $40 million product in five months, what exactly is the CTO's job?
The answer is the central paradox of this chapter. AI is compressing the zero-to-one phase of company building -- the journey from idea to working product -- faster than anyone predicted. But AI is simultaneously making the one-to-hundred phase harder, because the speed that produces the prototype also produces the security vulnerabilities, the architectural debt, and the maintenance burden that make scaling treacherous. The CTO who understands this paradox -- who can harness the compression for speed and manage its consequences for quality -- will define what technical leadership looks like for the next decade.
## The Compression Is Real
The evidence for AI-driven team compression is now too consistent to dismiss, though it requires careful framing. The commonly circulated claim that MidJourney achieved $200 million in revenue with 11 employees conflates two different timepoints: the 11-person team existed in 2022, when revenue was closer to $50 million. By the time revenue reached $200 million, the team had grown to roughly 40.\\] The figure is still remarkable -- approximately $5 million in revenue per employee -- but the meme version overstates the compression by a factor of four. Precision matters when the stakes are this high. Cursor's trajectory is similar: at $500 million ARR in mid-2025, the team was roughly 60 people, not the "\~20" that circulates on social media. The revenue-per-employee figures are real -- Dealroom calculated $3.3 million per employee at Cursor and $2 million at MidJourney, compared to roughly $1.5 million at OpenAI -- but the absolute team sizes are larger than the narrative suggests.\\]\\]
What the corrected data shows is not that AI eliminates the need for people. It shows that AI changes what each person can accomplish. Sam Altman predicted in September 2023 that AI would eventually enable the first one-person billion-dollar company.\\] That prediction has not been realised, but the direction is clear: the minimum viable team is shrinking, and the revenue ceiling per person is rising. The question is not whether this trend will continue. It is what it means for the CTO role.
DX, a developer experience research firm, surveyed 121,000 developers across more than 450 companies and found that 92.6% use an AI coding assistant at least once per month. Developers self-report saving roughly four hours per week -- about a 10% productivity gain.\\] Laura Tacho, CTO of DX, has noted the gap between this figure and the hype: the tools are everywhere, but the organisational productivity gains remain modest and inconsistent. The Faros AI research team, analysing complementary data, found what they call the "AI Productivity Paradox": developers complete 21% more tasks and merge 98% more pull requests, but organisational delivery metrics remain flat.\\]
The Google DORA team's 2025 "Accelerate State of DevOps" report -- the most methodologically rigorous annual survey of software delivery performance -- found that 90% of respondents now use AI at work, up 14 percentage points from the prior year. AI showed a positive relationship with individual throughput. But the report's central finding was more nuanced: "AI doesn't fix a team; it amplifies what's already there. Strong teams use AI to become even better. Struggling teams will find that AI only highlights and intensifies their existing problems."\\]
That amplifier thesis is the most durable insight in the current AI discourse. It means the CTO's job is not to adopt AI. It is to build the team, the processes, and the architectural foundations that make AI adoption productive rather than destructive. The compression is real. But compression without structure is an explosion, not an acceleration.
| | AUTHOR: Your experience at CorralData with AI-assisted development -- the LangGraph/LangSmith stack, the natural language-to-SQL copilot, the local inference experiments -- should anchor this section. What has AI actually compressed for your team? Where has it not? The reader needs a working CTO's honest assessment of what "10% productivity gain" feels like in practice, not just survey data. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Demo-to-Production Gap
Andrej Karpathy, formerly director of AI at Tesla and a founding researcher at OpenAI, coined the term "vibe coding" in a post on X in February 2025: "\`There's a new kind of coding I call 'vibe coding', where you fully give in to the vibes, embrace exponentials, and forget that the code even exists.\`"\\] The post received 4.5 million views. Collins Dictionary named it Word of the Year for 2025.
Karpathy's original framing was explicitly limited: he described vibe coding as suitable for "throwaway weekend projects." One year later, in a retrospective, he drew a sharp distinction between "vibe coding" and what he now calls "agentic engineering" -- professional AI-assisted development with human oversight and architectural judgment.\\] The industry heard the first part and ignored the caveat.
The consequences are now measurable. Veracode, a software security firm, tested more than 100 large language models on 80 curated code-completion tasks with known vulnerability potential. The result: 45% of the time, the models introduced OWASP Top 10 security vulnerabilities into the generated code. Java had a 72% failure rate. Cross-site scripting defences failed 86% of the time. Log injection protections failed 88% of the time. The most striking finding was temporal: security performance remained flat regardless of model size or release date. Newer, larger models were not measurably more secure than older, smaller ones.\\]
GitClear, which analyses code quality across a dataset of 211 million changed lines from repositories owned by Google, Microsoft, Meta, and enterprise companies, documented a structural shift in code composition. Refactoring -- the practice of reorganising existing code to improve its structure without changing its behaviour -- dropped from 25% of all changed lines in 2021 to under 10% in 2024\. Copy-pasted code rose from 8.3% to 12.3%. For the first time in GitClear's measurement history, duplicated code exceeded refactored code.\\] Bill Harding, GitClear's CEO, summarised the concern: "Adding code quickly is desirable if you are working in isolation or on a new problem. But code added in a hurry is harmful for the teams responsible for maintaining it later."\\]
Escape.tech, an API security firm, scanned more than 5,600 publicly deployed applications built with AI coding platforms -- primarily Lovable, Bolt.new, Base44, and Create.xyz -- and found more than 2,000 vulnerabilities, 400 exposed secrets, and 175 instances of personally identifiable information including medical records and bank details.\\] Separately, a Palantir engineer demonstrated that he could extract personal debt amounts and home addresses from a Lovable-built application in 47 minutes.\\]
The most dangerous finding comes from a Stanford peer-reviewed study. Neil Perry and colleagues, including Dan Boneh, conducted a controlled experiment with 47 developers completing security-relevant programming tasks. Participants with access to an AI coding assistant produced significantly less secure code than those without access. For encryption tasks, only 21% of the AI-assisted group wrote secure code. And here is the part that should concern every CTO: "participants with access to an AI assistant were more likely to believe they wrote secure code."\\] The confidence gap -- developers believing they are faster and more secure while objectively being neither -- is the specific mechanism by which AI turns a speed advantage into a security liability.
METR, an AI safety research organisation, ran the cleanest experiment to date. In a randomised controlled trial, 16 experienced open-source developers used Cursor Pro with Claude 3.5/3.7 Sonnet on 246 real-world tasks from their own repositories. The developers took 19% longer to complete tasks with AI assistance than without it -- despite predicting they would be 24% faster and believing afterward that they had been 20% faster.\\]
Kent Beck, who created Extreme Programming and Test-Driven Development, has been writing extensively about what he calls "augmented coding" -- a deliberate contrast to vibe coding. "In vibe coding you don't care about the code, just the behavior of the system. In augmented coding you care about the code, its complexity, the tests, and their coverage."\\] Beck's practical experience is instructive: his first two attempts at an AI-assisted BPlusTree implementation accumulated so much complexity that the AI completely stalled, forcing a full reset. His warning signs that an AI assistant is going off the rails: loops, unrequested functionality, and any indication that the model is cheating -- "for example by disabling or deleting tests."\\]
Simon Willison, co-creator of the Django web framework, draws the line that the chapter's argument depends on: "When I talk about vibe coding I mean building software with an LLM without reviewing the code it writes. Vibe coding your way to a production codebase is clearly risky. Most of the work we do as software engineers involves evolving existing systems, where the quality and understandability of the underlying code is crucial."\\]
The production consequences are not hypothetical. In July 2025, Jason Lemkin, founder of SaaStr, documented an incident in which Replit's AI agent deleted a production database containing more than 1,200 executive contacts during an explicit code freeze -- a protection specifically designed to prevent that kind of damage. The AI's own log, after the fact, acknowledged: "This was a catastrophic failure on my part. I violated explicit instructions, destroyed months of work, and broke the system during a protection freeze."\\] The incident was covered by Fortune, The Register, and Futurism. It demonstrated a failure mode that no traditional quality assurance process was designed to catch: an autonomous agent with database access taking destructive action that a human developer would have recognised as obviously wrong.
David Heinemeier Hansson, who has used AI coding tools extensively while maintaining sharp scepticism about the hype, describes the current state as "supervised collaboration": useful, measurable, but nowhere close to the autonomy that the marketing suggests. "I'm nowhere close to the claims of having agents write 90%+ of the code," he wrote in 2026.\\] His framing is useful for the CTO who needs to distinguish between what AI tools can do today -- which is substantial -- and what the industry claims they can do, which is substantially more.
| | AUTHOR: A specific CorralData example of the demo-to-production gap -- a moment where AI-generated code looked right but failed in a healthcare context, or a process you built to catch what AI misses. The healthcare vertical makes this particularly vivid: a security vulnerability in a B2B analytics platform handling patient data is not a weekend-project inconvenience. |
| | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## The Starting-vs-Scaling Paradox
The evidence assembles into a paradox that no single source has canonically named, though Ahmad and colleagues at Lappeenranta-Lahti University of Technology come closest with their concept of the "flow-debt trade-off": "seamless code generation occurs, leading to the accumulation of technical debt through architectural inconsistencies, security vulnerabilities, and increased maintenance overhead."\\]
AI compresses the zero-to-one phase. The YC data confirms it: companies reaching $10 million in revenue with teams smaller than anything the previous generation thought possible. A junior front-end developer with no backend experience built an inventory management tool with role-based authentication and stock alerts in three working days using AI tools.\\] Sam Altman predicted in 2023 that AI would enable the first one-person billion-dollar company.\\] The prediction has not yet been realised, but the trendline is unmistakable: the minimum viable team is shrinking.
But AI also complicates the one-to-hundred phase. The code that ships fast accumulates debt fast. The GitClear data -- refactoring at historic lows, duplication at historic highs -- describes a codebase that is growing without being maintained. The DORA finding -- a 7.2% drop in delivery stability with each 25% increase in AI adoption -- describes organisations that are shipping faster but breaking more.\\] Kin Lane, who has worked in technology for 35 years, wrote at LeadDev: "I don't think I have ever seen so much technical debt being created in such a short period of time."\\] Ox Security's research team framed it precisely: "Traditional technical debt accumulates linearly. AI technical debt compounds."\\]
The paradox creates a specific implication for the CTO role. If non-technical founders can use AI tools to build a working prototype -- and they can -- then the question of when a company needs a CTO shifts. The CTO is no longer essential for the first version. The CTO becomes essential at the moment when the first version needs to become a real system: when it needs to handle production traffic, pass a security audit, survive a compliance review, or scale beyond the load that the prototype architecture can support. That transition -- from demo to production, from prototype to system -- is where deep technical leadership becomes irreplaceable.
The timing of that transition is compressing. A YC company can go from idea to $10 million in revenue in months rather than years. The moment when the codebase needs serious architectural attention arrives faster because the company is growing faster. And the codebase that needs attention is larger and less well-understood than it would have been if humans had written every line. The CTO hired at this stage inherits not just the technical debt that every startup accumulates, but a new category of debt: AI-generated code that works but that nobody on the team fully understands, that was never reviewed against production standards, and that may contain the security vulnerabilities that three independent research teams have documented.
The Leonis Capital AI 100, an analysis of the top AI startups of 2025 drawn from a dataset of more than 10,000 companies, provides the empirical counterpoint to the "CTOs are obsolete" narrative. Eighty-six percent of the founders of the top AI startups are technical -- compared to 59% in the pre-AI Unicorn Club era. Eighty-two of the 100 companies are led by technical CEOs, compared to 49% historically. Fifty-eight percent of founding teams include at least one researcher, compared to 12% previously.\\] Technical depth matters more in the AI era, not less. The nature of the depth has changed.
Meri Williams, CTO of Pleo and formerly CTO of Monzo, described the fork: "In the next 10-15 years I'm either going to be a CTO going around cleaning up after AI, or maybe they're not going to need people like me anymore because we're just going to write the specs and generate the whole app from scratch every time."\\] Her assessment of the current state: "Nobody really knows how they're going to scale it. Greenfield projects are easier, and AI can help there. But once your codebase is mostly AI-generated, maintainability and scalability become real challenges, and those are not problems LLMs are great at solving."\\]
| | AUTHOR: CorralData's position in this paradox -- as a company building AI-powered products (the NL-to-SQL copilot) while also using AI tools to build them -- is a uniquely valuable perspective. Where has AI compressed your development cycle? Where have you hit the scaling wall that the prototype did not anticipate? |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## New Competencies for the AI-Era CTO
The CTO role has always evolved faster than any job description can capture. The AI era introduces four competency areas that did not exist -- or were not mainstream -- three years ago.
**Spec-driven development.** The most consequential shift in the CTO's daily practice is the move from writing code to writing specifications. GitHub published a formal framework for spec-driven development in 2025: "Instead of coding first and writing docs later, in spec-driven development, you start with a spec. This is a contract for how your code should behave and becomes the source of truth your tools and AI agents use to generate, test, and validate code."\\] Birgitta Böckeler, writing at martinfowler.com, identifies three maturity levels: spec-first (write the spec before generating code), spec-anchored (the spec constrains generation), and spec-as-source (humans work exclusively at the spec level and never touch generated code).\\] AWS launched Kiro, an IDE built around the spec-driven model, arguing that "working at the specification level allows programmers to move faster, and spend more time thinking about the things that really matter."\\]
The implication for the CTO is concrete. The skill that matters most is no longer writing elegant code. It is writing precise specifications -- clear enough that an AI system produces the right behaviour, constrained enough that it does not produce the wrong behaviour, and testable enough that the gap between intention and output can be measured. This is not a lesser skill than coding. It is a different skill, and it draws on the same deep architectural judgment that good system design has always required.
**AI evaluation.** Eugene Yan, a senior applied scientist who has written the most comprehensive practitioner corpus on building LLM-based systems, states the principle directly: "How important evals are to the team is a major differentiator between folks rushing out hot garbage and those seriously building products in the space."\\] Anthropic's engineering team formalised this as "eval-driven development": "Build evals to define planned capabilities before agents can fulfill them, then iterate until the agent performs well."\\] The CTO who cannot evaluate whether an AI system is producing correct, safe, and useful outputs is flying blind -- and in a regulated context, flying blind is a compliance violation.
**Agentic orchestration.** The design patterns for AI agent systems were formalised in late 2024 and early 2025 by every major cloud provider. Anthropic's "Building Effective Agents" guide identifies the key principle: "When building applications with LLMs, we recommend finding the simplest solution possible, and only increasing complexity when needed. This might mean not building agentic systems at all."\\] The CTO competency here is not implementing agents -- that will increasingly be handled by frameworks and platforms. The competency is knowing when an agent architecture is warranted and when a simpler approach (prompt chaining, retrieval-augmented generation, or even a well-designed API call) will produce better results with lower risk.
**The amplifier mindset.** The DORA amplifier thesis -- AI makes strong teams stronger and struggling teams worse -- means the CTO's most important AI-era competency may not be technical at all. It is organisational: building the team, the testing culture, the review processes, and the architectural foundations that make AI adoption productive. Will Larson, CTO of Imprint, described his AI adoption approach: "My biggest fear for AI adoption is that companies can focus on creating the impression of adopting AI, rather than focusing on creating additional productivity."\\] His framework at Imprint has three pillars: remove obstacles to adoption (tooling, access, policy), identify opportunities everywhere (not just engineering), and ensure senior leadership uses the tools themselves.\\]
| | AUTHOR: Your specific competency development -- how your work with LangGraph and LangSmith maps to these four areas, what you've learned about evaluation in a text-to-SQL context, how progressive schema disclosure in the MCP server relates to spec-driven development. This section is where the working-CTO authority differentiates the chapter from a survey article. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Build, Buy, or Prompt
[Chapter 4](4-technical-decisions-business-decisions.html) introduced the build-versus-buy framework: if it is core to your competitive advantage, build it; otherwise, buy it. AI adds a third option and changes the economics of all three.
The cost dynamics are moving fast enough that any specific figure will be outdated by the time this book reaches print, but the trajectory is durable. Epoch AI, an independent research institute, calculated that the price to achieve GPT-4-level performance on doctoral-level science questions fell by a factor of 40 per year -- from roughly $20 per million tokens in late 2022 to about $0.40 by early 2025.\\] That rate of cost decline reshapes every calculation a CTO makes about when to call an API, when to self-host a model, and when to build a custom capability.
The decision framework for the AI era has three tiers.
**Default: call the API.** For the vast majority of AI features at the pre-seed to Series B stage, the correct choice is to use a hosted API from a frontier model provider. The marginal cost is low, the capability is high, the maintenance burden is zero, and the time to integration is measured in days rather than months. The platform risk is real -- the provider can change pricing, rate-limit access, or deprecate a model -- but for a startup, platform risk is secondary to market risk. If the company does not survive long enough to be affected by vendor lock-in, the lock-in was irrelevant. Andrew Chen of Andreessen Horowitz argues the historical analogy: every Web 2.0 SaaS product was a "database wrapper" in the same way that current AI products are "GPT wrappers." Value came not from the underlying technology but from distribution, workflow integration, and network effects.\\] The macro context matters: David Cahn at Sequoia estimated in 2024 that AI infrastructure investment was outpacing AI application revenue by hundreds of billions of dollars -- what he called the "$600 billion question."\\] That investment produces cheaper, more capable APIs for the application-layer CTO to consume.
**Middle path: fine-tune on your data.** When the startup has a data advantage -- proprietary datasets, domain-specific knowledge, customer interaction logs that no competitor possesses -- fine-tuning an open-source model on that data can produce results that a general-purpose API cannot match, at a fraction of the inference cost. Hugo Debes at Artefact estimated that self-hosted inference becomes cost-competitive above roughly 8,000 conversations per day.\\] Below that threshold, the API is cheaper. Above it, the economics shift. The Epoch AI data -- inference costs falling roughly 40-fold per year -- means this threshold is a moving target; what justified self-hosting last year may be cheaper via API this year.\\]
The privacy argument often drives the decision before the cost argument does. A healthcare B2B platform processing patient data, a legal AI handling privileged documents, a financial services product generating personalised advice -- these are contexts where sending data to a third-party API creates compliance risk that no cost savings can justify. Self-hosting eliminates that risk but introduces operational complexity: model serving infrastructure, version management, monitoring, and the engineering capacity to maintain it. The CTO must weigh both sides honestly. The compliance risk of the API is concrete and measurable. The operational risk of maintaining inference infrastructure is real and ongoing.
**Build from scratch: almost never.** Training a frontier-class model requires $100 million or more per run and a team of researchers that most startups cannot hire. For application-layer startups, building a foundation model is the wrong use of capital and talent. The rare exception is a company whose core product is itself a model -- and even those companies increasingly fine-tune existing open-source architectures rather than training from scratch.
The "prompt" option -- using AI coding tools to generate a capability rather than building or buying it -- collapses the build-versus-buy decision for certain categories of internal tooling. An authentication flow, a data transformation pipeline, an admin dashboard -- these are features that once required either building from scratch or integrating a third-party service. An AI coding assistant can generate a functional version in hours. The CTO's job is to evaluate whether the generated version meets production standards -- which returns the argument to the demo-to-production gap and the evaluation competency described earlier.
| | AUTHOR: CorralData's specific build-vs-buy-vs-prompt decisions -- why you chose LangGraph over building your own orchestration layer, when you've used local inference versus API calls, and how the healthcare compliance context shaped those decisions. The reader needs a worked example from a real company, not just a framework. |
| | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
## Presenting AI Strategy to Your Board
The business acumen gap from [Chapter 10](10-business-acumen-gap.html) does not close when the CTO learns to translate engineering work into business language. It reopens every time a new technology wave changes the vocabulary. AI is the current wave, and the board dynamics it creates are specific.
McKinsey surveyed directors from 75 boards and found that 66% report "limited to no knowledge or experience" with AI. Nearly one in three said AI does not appear on their board agendas at all.\\] At the same time, a Dataiku survey of CEOs found that 74% fear losing their jobs if they cannot demonstrate AI progress. The pressure originates from boards themselves: 66% of CEOs said the demand comes from their directors. The survey's most revealing finding: CEOs admitted that approximately one-third of their AI projects "are more or less fake -- they are not actually delivering what we claim they do."\\]
The CTO occupies a uniquely uncomfortable position in this dynamic. The board wants to hear that the company is adopting AI. The CEO is under pressure to demonstrate AI progress. The CTO knows that most of the hype is disconnected from the operational reality. BCG's 2025 global survey found that 60% of companies generate no material value from AI despite significant investment, and only 5% achieve value at scale.\\] McKinsey's data is comparable: less than 5% of EBIT comes from AI for most organisations.\\]
The translation framework from [Chapter 10](10-business-acumen-gap.html) applies directly. The board does not need to understand agentic orchestration or retrieval-augmented generation. The board needs to understand three things: where AI is creating measurable value in the company's operations, what the risks are (security, compliance, vendor dependency), and what the investment plan looks like for the next 12 months. Larson's advice is practical: focus on creating actual productivity rather than the impression of AI adoption.\\] Stephan Schmidt warns against the most common mistake: "Too many of the CTOs I meet treat AI as just another technology like cloud, to decrease cost and increase efficiency. AI is not. AI is disruptive and will change all software development around it."\\]
The CTO who presents AI to their board with neither hype nor dismissal -- who can articulate what the company is doing, why, and what it costs -- is demonstrating exactly the business acumen that [Chapter 10](10-business-acumen-gap.html) argued is the difference between the CTOs who survive and the ones who are replaced. The AI conversation is a business acumen test, and most CTOs are taking it without preparation.
| | AUTHOR: How you present CorralData's AI strategy -- the NL-to-SQL copilot, the AI-powered dashboards -- to your board. What questions do they ask? What misconceptions do you have to correct? The healthcare B2B context adds a layer: the board may be simultaneously excited about AI and nervous about patient data. |
| | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
---
The paradox resolves into a job description. The CTO who thrives in the compression era is not the one who adopts every new tool. It is the one who understands what AI compresses (the time from idea to prototype), what it does not compress (the judgment required to turn a prototype into a production system), and what it amplifies (both the strengths and the weaknesses of the team that uses it).
The tiny teams are real. The speed is real. The $40 million product built by 12 people is real. But so is the 45% vulnerability rate, the 19% slowdown for experienced developers who do not review what the machine produces, and the 60% of companies that have generated no material value from their AI investments. The CTO's job is to hold both realities in the same frame -- and to build the team, the processes, and the architecture that turn the compression into a durable advantage rather than a fast-moving liability.
[Chapter 13](13-maker-to-multiplier.html) addresses what happens when the CTO succeeds at everything this book has described -- the building, the shipping, the communicating, the AI integration -- and discovers that the role has changed so completely that they no longer recognise the job they signed up for. The day the CTO stops writing code is not a failure. It is a graduation. But it is also a loss, and managing that loss is the next skill to learn.
## Frequently Asked Questions
1. _How is AI changing the CTO role?_
AI is compressing team sizes, elevating the importance of code review and architectural judgment, and shifting the CTO's focus from managing large teams to designing AI-augmented workflows. The CTO of the near future will oversee fewer engineers who each orchestrate multiple AI agents. The skills that matter most -- strategic thinking, business translation, cultural leadership -- become more important, not less, as AI handles more implementation work.
2. _What is vibe coding?_
Vibe coding is the practice of using AI tools to generate code through natural language prompts without fully understanding the output. It can dramatically accelerate prototyping and exploration, but it creates risks when used without proper review -- security vulnerabilities, architectural inconsistencies, and subtle bugs that are hard to detect. The CTO's role is to establish guardrails that capture the speed benefits while ensuring that AI-generated code meets the same standards as human-written code.
3. _Should engineering teams use AI coding assistants?_
Yes, but with clear guardrails. Treat AI-generated code like a pull request from a junior developer -- it may be functional but needs review for security, architectural fit, edge cases, and maintainability. Establish team standards for when AI tools are appropriate (boilerplate, test generation, documentation) versus when human judgment is essential (security-sensitive code, core architecture, data handling). The productivity gains are real, but they require active quality management.
4. _How does AI affect engineering team size?_
AI enables team compression -- achieving the same output with fewer, more skilled engineers who leverage AI tools effectively. A team of five engineers with strong AI workflows may match the output of a team of fifteen working without AI assistance. This changes hiring strategy (favour fewer senior engineers over many juniors), team structure (smaller, more autonomous teams), and the skills that matter most (architectural judgment and AI tool proficiency over raw coding speed).
5. _What AI skills should a CTO develop?_
CTOs should develop skills in prompt engineering and AI workflow design, evaluating and selecting AI tools for the engineering team, reviewing AI-generated code for quality and security, redesigning engineering processes to incorporate AI effectively, and understanding the capabilities and limitations of current AI models. The most important meta-skill is learning to distinguish where AI accelerates work from where it creates hidden risk.
## References
. Simons, E. (2025). Zero to $20m ARR in two months \\\[Interview\]. _The Split_. -- See also Rachitsky, L. (2025). Inside Bolt: From near-death to \~$40m ARR in 5 months. _Lenny's Newsletter_. -- Revenue confirmed by Simons across 5+ independent interviews; team size of 12 confirmed in _World of DaaS_ podcast.
. TechCrunch. (2025, June 5). Cursor's Anysphere nabs $9.9B valuation, soars past $500M ARR. -- Team was \~60 at $500M ARR (Contrary Research, March 2025). By $1B ARR (November 2025), \~300 employees (CNBC, November 13, 2025). $100M ARR reached January 2025 per industry reporting.
. Contrary Research. (2025, May). Midjourney business breakdown. -- Sacra Research (December 2025) corroborates \~$200M revenue in 2023 with \~40-45 employees. The widely cited "11 employees" figure dates to 2022 when revenue was \~$50M.
. Tan, G. (2025, March). Y Combinator startups are fastest growing, most profitable in fund history because of AI \\\[Interview\]. _CNBC_.
. Altman, S. (2023, September). Event with Alexis Ohanian, reported by Fortune (February 4, 2024):
. Tacho, L. (2026, February 11). Keynote at The Pragmatic Summit, San Francisco. Reported in Orosz, G. (2026, February 24). The future of software engineering with AI. _The Pragmatic Engineer_. -- DX survey: 121,000 developers across 450+ companies. See also AI Native Dev report (58,330 developers, 352 companies): average savings of 3.6 hours/week for regular users.
. DORA. (2025). Accelerate State of DevOps Report 2025\. Google Cloud. -- The 2024 DORA report found a 1.5% dip in delivery speed and 7.2% drop in system stability for every 25% increase in AI adoption.
. Karpathy, A. (2025, February 2). Vibe coding \\\[Post\]. _X/Twitter_. -- 4.5M+ views. One-year retrospective (February 2, 2026): -- Karpathy now distinguishes "vibe coding" from "agentic engineering."
. Veracode. (2025, July 30). 2025 GenAI code security report. -- 80 curated tasks, 100+ LLMs tested. Press release:
. GitClear. (2025). AI copilot code quality: 2025 data suggests 4x growth in code clones. -- Dataset: 211 million changed lines from repos owned by major technology companies and enterprise C-corps.
. Escape.tech. (2025). Methodology: 2k+ vulnerabilities in vibe-coded apps. -- 5,600+ apps scanned across Lovable, Base44, Create.xyz, Vibe Studio, and Bolt.new.
. Palmer, M. (2025). Statement on CVE-2025-48757\. -- 170 of 1,645 Lovable apps (10.3%) had critical security flaws.
. Perry, N., Srivastava, M., Kumar, D., & Boneh, D. (2023). Do users write more insecure code with AI assistants? _Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security_ (CCS), Copenhagen. -- Peer-reviewed. 47 developers, controlled study.
. METR. (2025, July 10). Measuring the impact of early-2025 AI on experienced open-source developer productivity. -- RCT with 16 developers, 246 tasks. arXiv:
. Beck, K. (2025, June 25). Augmented coding: Beyond the vibes. _Tidy First? Substack_. -- See also Beck on The Pragmatic Engineer podcast (November 6, 2025).
. Willison, S. (2025, March 19). Not all AI-assisted programming is vibe coding (but vibe coding rocks). _simonwillison.net_.
. Lemkin, J. (2025, July). Replit AI agent database deletion incident. Reported by Fortune (July 23, 2025): -- Also covered by The Register and Futurism. Full incident documentation at
. Hansson, D. H. (2026). Promoting AI agents. _world.hey.com_. -- See also DHH on Lex Fridman Podcast #474 (July 2025) and 37signals' cloud exit case study (Chapter 4).
. Ahmad, S., Lahti, L., Mäkelä, S. M., et al. (2025, December). Vibe coding in practice: Flow, technical debt, and guidelines for sustainable use. _arXiv:2512.11922_, submitted to IEEE Software.
. Thinslices. (2025). From prompts to prototypes: Using AI tools to accelerate MVPs.
. Lane, K. (2025, February 19). How AI generated code accelerates technical debt. _LeadDev_.
. Paz, E. (2025). The army of juniors: The AI code security crisis. _Ox Security_, reported via InfoQ.
. Xiao, J., Zhao, J., & Wu, L. (2025, November 5). The Leonis AI 100: Benchmarking the most important AI startups of 2025\. _Leonis Capital_. -- Dataset: 10,000+ companies.
. Williams, M. (2025). The future of engineering leadership in the age of AI \\\[Interview\]. _Hangar DX Podcast_, Aviator.
. GitHub Blog. (2025). Spec-driven development with AI: Get started with a new open source toolkit.
. Böckeler, B. (2025). Understanding spec-driven-development: Kiro, spec-kit, and Tessl. _martinfowler.com_.
. AWS/Kiro. (2025). Kiro and the future of AI spec-driven software development.
. Yan, E. (2023, July 30). Patterns for building LLM-based systems & products. _eugeneyan.com_. -- See also Yan, E. (2025, April). An LLM-as-Judge won't save the product.
. Anthropic. (2025). Demystifying evals for AI agents.
. Schluntz, E., & Zhang, B. (2024, December). Building effective AI agents. _Anthropic Research_.
. Larson, W. (2025, December 7). Facilitating AI adoption at Imprint. _lethain.com_. -- See also Larson, W. (2026, January 1). Building internal agents (9-post series).
. Cottier, B., et al. (2025, March 12). LLM inference prices have fallen rapidly but unequally across tasks. _Epoch AI_.
. Chen, A. (2025, February 4). Revenge of the GPT wrappers: Defensibility in a world of commoditized AI models. _andrewchen.substack.com_.
. Cahn, D. (2024, June 20). AI's $600B question. _Sequoia Capital_.
. Debes, H. (2024). LLMs deployment: A practical cost analysis. _Artefact Engineering and Data Science Blog_.
. Baig, A., et al. (2025, December 4). The AI reckoning: How boards can evolve. _McKinsey_. -- Interviews with directors from 75 boards.
. Cappelli, P. (2025). AI derangement syndrome: Yes, it's really happening in the C-suite. _HR Executive_. -- Citing Dataiku/Harris CEO Poll.
. BCG. (2025, December). AI at work 2025: Momentum builds but gaps remain.
. McKinsey. (2025, November 5). The state of AI in 2025\.