Getting the best out of an adversarial project

Posted on by Mark Myers Leave a comment

This post comes from watching two very different vendors, on two very different projects, handle a familiar situation. A project hits issues, the mood turns, and suddenly the vendor is no longer the most popular party in the room. What stood out was the contrast in how each vendor responded, and more importantly, how one of them managed to turn things around.

There are many times in delivery work where you can find yourself on the wrong side of client sentiment, and quite often it has very little to do with the quality of your work. Budgets change, and what was previously seen as good value suddenly looks expensive. Internal restructures happen, and contracts that once made sense are now resented. People move on, political dynamics shift, and you may have been brought in by someone who is no longer in favour.

Sometimes the issue is entirely external to your delivery. A change elsewhere in the organisation can make a project seem less relevant or less innovative. It is not your fault, but it is still your delivery, and that means you will feel the impact.

In these situations, the reason matters far less than the response. As a vendor or consultant, you are being paid to navigate this, whether it is fair or not. The question is how you handle it.

One option is to double down on delivery. That might mean absorbing additional cost, adding resources, or simply pushing harder to ensure the outcome lands well. In fixed price environments, some of this should already be accounted for, but there are times when you have to take a hit. Larger organisations often don’t opt for this type of response purely on short-term financial grounds, i.e., this year’s bonus. That is understandable, but it can be short sighted. Reputation has real value, and people have long memories. It is worth weighing the reputational cost before reacting defensively. In many cases, it is better to grit your teeth and deliver.

Secondly, do not get drawn into internal politics. As a vendor, your role is not to take sides. Stay focused on both the letter and the spirit of your delivery. Turning overly rigid or contractual in tone can be just as damaging as open frustration. Clients are looking for a quality service, not just a strict interpretation of a contract.

There will always be occasional clients who push too far, but they are the exception rather than the rule. In most cases, if you provide something they can confidently take up the chain and demonstrate as progress, you will remain in a good position.

Another practical point is resourcing. Some organisations respond to struggling projects by quietly rotating out strong people and replacing them with those who will simply maintain the status quo. This rarely helps. If anything, it reinforces decline. If a project is under pressure, it is worth putting strong people on it, or at least ensuring visible senior engagement. Even if the issue is largely political, visible commitment matters. It shows that you are taking the situation seriously.

Thirdly, look to the future. Even when a project is difficult, it helps to position it as a temporary setback rather than a defining failure. Talk about what can be improved next time and how you can work better together. That sense of continuity and investment can shift the tone of the relationship. If you demonstrate that you are thinking beyond the immediate problem, clients often respond in kind.

Finally, be careful in how you offer solutions or retrospective insight. When relationships become strained, it is very easy to slip into criticism. Phrases that imply fault or hindsight superiority will only escalate tension. It is far more effective to frame things collaboratively. i.e “If we had known this earlier, we would have approached it differently, and we can take that forward to the next project”. The aim is to reinforce that you are working together, not against each other.

In practice, much of this comes down to restraint. You will sometimes be blamed for things that are outside your control. That is part of the role. The vendors who handle it well are the ones who avoid becoming adversarial themselves, focus on delivery, and keep an eye on the longer term relationship.

Once the immediate tensions pass, and they usually do, those behaviours are what determine how well you work together going forward.

“That’s Not My Responsibility” – The Battle Cry of the Silo

Posted on by Mark Myers Leave a comment

Although the title sounds cynical, this is not intended to be a cynical post. In my role across integration, security, and general problem solving in architectural and IT spaces, “that’s not my responsibility” or “that’s not our department” is one of the most common responses I hear. It is also, in many cases, a perfectly reasonable one.

So it is worth taking a moment to understand why this response exists, and then look at how to work through it in a practical and human way.

Why does this happen?

In my experience, this response is very rarely driven by malice or laziness. It is usually a rational reaction to long term consequences.

Taking responsibility for something in a corporate environment often means owning it indefinitely. Processes and systems can live for decades. What looks like a small favour today can turn into an ongoing obligation that requires budget, support, and accountability years down the line.

There are also risks. If something goes wrong, particularly where there are compliance or legal implications, the person or team that accepted responsibility may be held accountable. That is a serious consideration, especially if they were not involved in shaping the original solution.

The more complex or unclear an issue is, the more likely it is that ownership is undefined. At that point, it effectively becomes a hot potato. People are not avoiding work, they are avoiding inheriting long term risk without the ability to properly manage it.

So how do you get things done?

When you need something fixed or owned, and everyone is stepping back, there are a few practical approaches that tend to work. None are perfect, but each has its place.

1. Escalation

This is the blunt instrument. Sometimes you need to escalate to someone who sits across both areas and can make a decision.

It works, but it should be used sparingly. Overuse damages trust and can give you a reputation for frankly being a bit of a d*** or only caring about your side of any problem.

2. Providing budget or resource

This is often the most effective and least confrontational approach.

If a team is constrained by time or funding, removing that constraint changes the conversation entirely. Offering budget, a cost centre, or even additional resource can turn a “no” into “when do you want it”.

Clarity helps. “I can fund this, when can it be delivered?” is a very different discussion to “can you do this for me?”

3. Removing competing pressure

Sometimes the issue is not the work itself, but competing demands.

If you can help reduce noise around a team by handling or deflecting other requests, you create space for your work to be considered properly. It also demonstrates that you are contributing, not just demanding.

4. Taking responsibility yourself

This works more often than it should.

By formally taking ownership, even temporarily, you remove the long term risk for others. A simple, clear statement of responsibility can be enough to unblock progress, especially if it protects the other team from future audit or support obligations.

It is about giving people confidence that they are not inheriting unknown liabilities.

5. Formalising ownership

This is the most sustainable option, but also the slowest.

If responsibility is unclear, define it properly. Get agreement, document it, and ensure it is recognised at an organisational level. This allows teams to plan, budget, and defend their position in future.

It also creates a repeatable process. Once something has been formalised once, it becomes easier to apply the same approach again.

The most important part

Whichever route you take, there is one thing that matters more than anything else.

Clean up after yourself.

Do not leave behind unclear ownership, unmanaged risk, or hidden technical debt. Do not put someone in a position where they will be questioned months or years later without context or support.

Reputations in this space last a long time. People remember who made their lives easier and who made them harder. The industry is smaller than it appears, and those impressions carry forward.

Solve the problem, but leave things in a better state than you found them.

Corporate term: “Kafka delivery”

Posted on by Mark Myers Leave a comment

Definition

A delivery approach where just enough paperwork is produced to ensure the outcome is no longer your responsibility.

Explanation

A “Kafka” delivery is characterised by the creation of sufficient documentation to avoid genuine ownership of delivery. Rather than focusing on outcomes, effort is directed towards ensuring responsibility is diluted or transferred. The aim is to demonstrate that the work has been passed on appropriately, so that when issues arise, accountability sits elsewhere.

In practice, this results in multiple parties positioning themselves as intermediaries rather than owners. Work is handed off repeatedly, with each step supported by documentation designed to show that due process has been followed. The emphasis shifts from delivery to defensibility, where the primary concern is being able to evidence that it is not your fault, not your responsibility, and not within your remit.

Ultimately, this becomes an exercise in structured buck passing, supported by just enough paperwork to withstand scrutiny when accountability is questioned. The result is a delivery that appears active on paper, but lacks clear ownership and, often, meaningful progress.

Disclaimer: As always these posts are not aimed at anyone client or employer and are just my personal observations over a lifetime of dealing with both management and frontline associates.

Never underestimate the per-user cost spike.

Posted on by Mark Myers Leave a comment

Never underestimate the per-user cost spike.

The full title of this post should really have been “Do not underestimate the cost per user on a small, well-planned project versus both a proof of concept and a ‘at scale’ system”, but that would have just looked silly.

One thing that is overlooked time and time again,        and eventually catches up with every project,        is that there is a jump in costs per active user when you go from a proof of concept to something that can work at scale before the advantages of a large-scale project starts bringing the costs back down.

Let me explain.

A proof of concept exists to answer a simple question. Will this work? Whether it is an application, a migration, or any other kind of system, particularly in a corporate environment, the aim is validation rather than longevity. The challenge comes when moving from that early validation to a solution that is robust, commercially sensible, and capable of operating at scale with a reasonable cost per user.

Between those two points sits a significant and often underestimated investment. It is the cost of building proper foundations.

This tends to appear most clearly in two common scenarios.

The first is the seemingly small project. For example, moving a limited number of users from one system to another, or implementing a narrowly scoped solution. The proof of concept is completed, the demonstration goes well, and confidence is high. Then the implementation costs are presented, and everyone has a heart attack. It only has ten users, so why does it cost so much?

The answer is that the cost is not driven by the number of users. It is driven by the need to build something correctly. Even for a small user base, the underlying architecture, security, supportability, and operational processes still need to be in place if the solution is to be reliable.

The second scenario is more subtle but ultimately more disruptive. A proof of concept is seen to work well, and the decision is made to move it directly into production. Initially, this can appear successful. It may run for months, sometimes even years, without major issues. However, without those foundational elements being in place, sooner or later things are going to go bang, and always at the least convenient moment.

When they do, they are rarely simple to fix. It is not a case of adding a little more budget or introducing a small process improvement. Instead, it often requires going back and rebuilding the core of the solution properly. By that point, the cost is usually higher than if it had been done correctly from the outset, as there is the added complexity of undoing or reworking what is already in place.

In effect, the cost has not been avoided, only delayed and now with interest.

When moving from a proof of concept to a production system, it is important to anticipate this increase in cost and to communicate it clearly to stakeholders. Likewise, when delivering something that appears small today but has the potential to scale in the future, the investment in solid foundations can seem disproportionate.

It is natural for that to prompt questions and resistance. However, it is worth being clear that reducing that investment rarely removes the cost. More often, it shifts it into the future, where it becomes more expensive and more disruptive to address.

The balance that is corporate standards

Posted on by Mark Myers Leave a comment

Security in any corporation is a long, drawn out balancing act. On one side, you have the security teams, who quite reasonably want to prevent anything unpleasant from happening to the company. They aim for a least-privilege model, where individuals have only the access required to do their job and nothing more.

On the other side, you have developers and users trying to get stuff done. They want flexibility, the freedom to build, test and promote as fast as possible. Their focus is on outcomes, whether that is generating revenue, delivering features, or improving performance.

Taken to extremes, neither approach works.

If you enforce only the bare minimum access across the board, you cripple progress. Teams slow down, and the company begins to feel rigid and bureaucratic. On the other side, leaving everything open in the name of speed is simply inviting trouble, particularly in a world where security threats are constant and evolving. The long term risks of that approach are difficult to nail down but often expensive to recover from.

So there has to be balance. In theory, this is where corporate standards come in. A need is justified from a business perspective, weighed against security and legal requirements, and a standard is formed that reflects that compromise.

In practice, however, the phrase “corporate standards” often is just used to justify an arbitrary standard.

To someone trying to deliver something new, it can sound like a closed door. It can imply that decisions have already been made, that they should not be questioned, and that the reasoning behind them is either unavailable or not open for discussion. When that happens, people do what people always do. They work around it.

Developers, in particular, tend to be driven and resourceful. If they are blocked without explanation, they will look for alternative routes to deliver what they are being paid for. That is how shadow IT appears, not through malice, but through frustration and a desire to deliver.

At the same time, it is not realistic to expose every detail behind a corporate standard. Some of those decisions are based on known vulnerabilities, internal limitations, or security considerations that should not be widely shared.

This is where a more pragmatic approach helps.

When denying a request or limiting access, it is often worth providing a brief, sensible explanation. Not a full breakdown of every risk, but enough context to show that the decision is considered and grounded in real constraints.

This does a few useful things. It treats the other party as a professional rather than an obstacle. It demonstrates that the standard is understood, not just followed blindly. And importantly, it gives people something to work with.

With even a small amount of context, a developer or business owner can frame a proper justification for change. They can ask for something specific rather than excessive. In many cases, they will request far less access than they initially thought they needed, simply because they understand the boundaries they are working with.

Corporate standards should not be a brick wall. They should be a guide that reflects the current balance between risk and progress. And like any balance, they need to be visible enough for people to work with, even if not every detail can be shared.

Get that right, and you deliver to the business without weakening security. Get it wrong, and people will find their own way around it anyway.