Cheating my way to success

Carl Tashian

Follow Smallstep

As I round the bend on two years as a Developer Advocate at Smallstep, I have to ask myself: Why is this going so well?

I remember my first conversation with CEO, Mike Malone. Mike is an infrastructure engineer-turned-CEO who hit me up on Twitter when I posted about looking at new opportunities. He read my history of random numbers and told me he believed that Public Key Infrastructure (PKI)—and Smallstep—needed this kind of accessible, technical treatment.

As an engineer I had configured TLS certificates for past projects, but I didn’t know much about them. Mike started telling me about the history of X.509 and asn.1, and our 30 minute coffee stretched into a couple hours.

Mike had piqued my curiosity about PKI that day. It’s a topic that I'd always been curious about but had never really dedicated myself to examining more closely.

I think that's one reason things are going well today: I'm still very interested in the opportunities and challenges of Infosec more broadly.

Now before we get to the part about cheating, let’s rewind a bit. In the year before joining Smallstep, I did a lot of writing. I wrote about everything from low-level computer networking to long-term computational research to startup leadership. With each piece I wrote, I followed my nose and I took my time. I was reporting to no one, I had no concrete deadlines, and part of what I'm proud of about these pieces is that they emerged so organically. On the other hand, I didn't have a large volume of output, and I wasn't committed very deeply to any research area.

Being at Smallstep has been a great focusing agent for my mind. I can't stray too far from the topic of PKI—and, for now, I don't want to! In my first year at the company, I wrote five or six blog posts that went to the top of Hacker News within hours after I posted them. I chalk this up to my genuine excitement. It's a lot more fun to read something written by a person who is excited and learning, than by someone who is tired and burned out. “Engaging content” cannot be written by someone who is not, themselves, engaged.

There’s something else, though. Something very important, and I’m a little embarrassed to admit it: At Smallstep, I’ve learned to cheat in order to maximize my creative output.

The most popular, highest-performing content I’ve written have one thing in common: I wrote them when I was cheating on my "official" work project. I don't know why, but I do my best work when I'm avoiding another project. I do my best work when there's the some pressure on me ("Oh I really should get back to that Important Official Project"), but not so much pressure that I feel unable to explore and play.

We need the ability to play. Play is both under appreciated and undervalued in Infosec- it’s an industry rife with pressure to deliver, and for a lot of people the only deliverable is burnout.

I remember seeing a documentary about Karl Lagerfeld, the Paris fashion designer, as he worked to design a season of clothes in the days leading up to a runway show. He had music playing in the background, a vase of flowers, with beautiful light streaming in through a window, and on the table next to him he had a French scented candle burning.

And I thought, "this guy understands creative flow." And I wondered why programmers and engineering teams don't work the same way? So, I found a nice candle I liked, and I light it sometimes when I’m at my desk. I still haven’t put any flowers out...yet!

When I frame what I do as “play”, creative flow opens up. The most playful post I wrote in these two years was The Poetics of CLI Command Names. This sort of post just comes pouring out when I’m in the right mindset. The post performed very well on Twitter and Hacker News, and it led me to meeting Ben Firshman, one of the creators of Docker Compose and a person who cares a lot about CLI usability. After long conversations about CLIs, Ben and I started a side project together with a couple other folks that became CLI Guidelines. Our team of four gelled quickly as we build out the first Google Doc that became the basis of the project. CLI Guidelines was a dream collaboration for me, and we had sustained creative energy throughout the project.

Amazing things happen when everyone is engaged, having fun doing what they are good at. We make this a priority at Smallstep. To me it feels like a universal truth of collaboration, too.

I know I am privileged and lucky to have a creative and playful career. I have been through several burnout cycles in the past, so I know that work doesn't always feel this way. But I’m shifting away from a long history of believing I need to slog through things, of shaming myself and "should"ing myself into getting things done that I'm not that excited about. While that sort of discipline is great when I need to get our taxes in on time, it is not a very creative zone for me. The creative output that comes from a slog is almost always mediocre.

My intention today is to trace the golden veins of creative energy through what I do, rather than chasing the "shoulds" and the deadlines.

It's not always a smooth ride. There are fallow periods sometimes, where the magic just isn’t there and I just need to rest in what can feel like wasted time. When I can trust that the next creative wave is coming, wandering through a creative fallow period can lead to amazing, unexpected new terrain.

Committing to this way of working has changed not only how I work, but how I approach my work. I continue to step back and look at what patterns are working for me creatively. What works for me won’t work for everyone! If there’s any general advice here, it’s “try to shape your work and life around your particular way of being creative.”