https://steveblank.com/2022/06/20/finding-and-growing-the-islands-of-innovation-inside-a-large-company-action-plan-for-a-new-cto/
How to Define Product Market Fit For Your Startup
This nearly made it to the article of the week. Many companies struggle with product-market fit. Not understanding where a company stands (MVP, Searching for product-market fit, Scaling) leads to a lot of problems (e.g. Marketing wants to scale and development thinks it’s an MVP while product management iterates for product-market fit). This is a fuzzy concept, this article for the first time tries to build a methodology around PMF for different companies. Should be very helpful to some of you (the reason it didn’t make it to the article of the week spot)
https://afirsttimefounder.substack.com/p/how-to-define-product-market-fit-for-your-startup
How To Transition From Engineering To A Product Manager Role
How is this relevant to you, dear CTO? I do think part of reuniting (see above) engineering and product management is the CTPO role (which will take away most of your daily pain). This might mean you moving into product management. So, this article.
https://hackernoon.com/how-to-transition-from-engineering-to-a-product-manager-role-c4dadad3d776
PagerDuty Security Training
With my coachees, I always talk about security. For CTOs coming from a developer role, this is a challenge. As developers, they don’t care (meh I need to deliver!) and as CTOs it’s critical to their role (and the reason for sleepless nights, oh if I’d only had added more security as a developer). Here is good content that you can use for some good sleep!
Infected via HDMI!
About security: Did you know that a laptop plugged into an HDMI plug could infect your network? In my last CTO role, I plugged all USB ports of all the Macs, but I didn’t know I had to plug HDMI ports too!
https://git.cuvoodoo.info/kingkevin/board/src/branch/hdmi_firewall/README.md
Now Amazon debuts an AI programming assistant – CodeWhisperer
After Microsoft with Github, Amazon also launches an AI-assisted auto-completion tool for developers called CodeWhisperer. Is this going the way of CASE (and an ill-advised new way to develop software in the 80s) or the future? (Well it is for sure the far future, but I mean the 5-year future).
https://www.theregister.com/2022/06/23/amazon_codewhisperer/
Announcing our Next-generation AI models
And another tool for auto code completion based on ML.
https://www.tabnine.com/blog/announcing-tabnine-next-generation/
The ending of Product Management
I hope so! (see above again) This also reminds me of my last newsletter, on why big tech doesn’t use Scrum (go read that also)
https://medium.com/@anfonn/the-ending-of-product-management-40153938154d
The Documentation Triangle (or, why code isn’t self-documenting)
I’ve talked a lot about software documentation, as a CTO and as a software researcher (Yes worked in research some time). I knew people are forgetting the “Why?” to document, which is the most important question to answer in your documentation. But this article builds a neat triangle of What-Why-How. Worth a (short) read.
https://sourceless.org/posts/the-documentation-triangle.html
How To: Server-Side Request Forgery (SSRF)
I hadn’t been aware of that. As soon as a user can submit an URL (e.g. webhook) that your servers execute, you probably have an SSRF problem. Do you have one in your code? Check now.
https://www.hackerone.com/application-security/how-server-side-request-forgery-ssrf