The top 10 questions that every engineering leader should be able to answer

by

We recently polled some of our top technical leaders and security experts to find out what key pieces of information they require to manage their resources effectively. We specifically asked “What are the top questions you need to answer about your business?” In part one of this two-part series, we looked at the perspective of the Chief Information Security Officer (CISO/CSO) and their approach to security.

In part two, we gain insights from the Chief Technology Officer (CTO) and engineering leadership on what they need to be aware of to successfully guide the product, strategy, and engineering teams. Since they’re usually (but not always) more hands-on with the people, processes, and technology used every day, we wanted to see if they were still in alignment with the CISOs we talked to.

High-level goals and strategy

Engineering leaders care about security and have important high-level objectives and goals similar to those of the CISO. These questions from one head of engineering emphasize planning, high priority objectives, and creating a strategy to reach those goals.

The top strategic engineering questions include:

  • How will we identify our strategic roadmap for next year?
  • How will we stick to those priorities?
  • What changes or additions to the engineering and product team are necessary to accomplish the strategic goals?
  • How do we continue to reduce our per transaction costs while speeding up our update cycles?

Get your (Jira) tickets for a deeper dive 

Conversations around these high-level concepts above often lead to the creation of epics, stories, tasks, and tickets (who doesn’t love Jira tickets?). When we drilled into more detail on some of these strategic objectives, we found that costs, infrastructure, and access were more top of mind for the engineering leadership than the CISO.

Identity and access management

Who has access to what is a key question for both CISOs and Engineering leadership. Not only are people so integral to your processes, but they are also a key factor in security risks. The top  questions cover permission reviews, offboarding, and even look at end user permissions, not just employees. 

The top IAM questions included: 

  • Do we have users that have the wrong level of access?
  • Do we have any terminated employees with active user accounts?
  • Are there any end-users that have been granted access to applications that we do not allow?

Infrastructure

Infrastructure questions seem to focus on efficiency, cost, and security. Engineering leaders want to know about old tech “lying around” or running in the cloud without being used. While questions like these may seem basic, they can be quite complex and difficult to answer in today’s multi-cloud and hybrid environments. To compile this information manually in the native UI, teams would need to log into different cloud providers individually, and switch back and forth between accounts checking every one. For a small engineering organization, this might be feasible, but for larger orgs with thousands of accounts across multiple clouds, it can take days or weeks to compile answers to questions like these. With the proper tooling and a way to consolidate and automate data collection, these questions can be answered in a matter of minutes.

The top infrastructure questions included:

  • Are we using any cloud runtimes that are deprecated or unsupported? (this could refer to old AMIs, old Lambda runtime, old Redis versions, etc.)
  • Are there any resources in regions that we do not use?
  • Are there any EC2 instances that are reachable from the public internet?

Solve the simple. Focus on the strategic.

What is your confidence level that you can answer questions like these accurately? While JupiterOne can’t help you decide on your product roadmap, we can help you answer critical questions about your infrastructure, access, security posture, and users to help support your strategic initiatives. With the added visibility and context that comes from connecting the dots across your assets and environments, we can help you find answers quickly, cut costs, and be more efficient and secure. In turn, that will create more space for you to debate roadmap and product priorities. You may not think that’s a good thing, but trust us, you’ll be glad you did.

What are some of the critical questions that you’re asking across your engineering teams? We’d love to hear how they align with our experts.

Kevin Miller
Kevin Miller

As Director of Product Marketing at JupiterOne, you can usually find Kevin researching competitors, digging into strategy, or collaborating with the product team on upcoming enhancements. With experience in FinTech, AppSec, and Cybersecurity, Kevin has a knack for simplifying technical concepts and communicating them effectively to the market.

Keep Reading

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets | JupiterOne
October 16, 2024
Blog
Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets

Vulnerability scanners flood teams with alerts, but CTEM helps prioritize based on exploitability and business impact, ensuring focus on the most critical threats.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.