Collaborating With a Cross-Functional Expert
17 June, 2021

Engineering Manager at Sourcegraph
Problem
At my previous job, my team, the product engineering team, was having some trouble cooperating with the security team. We had a lot of interaction with security, mostly concerning vulnerabilities that they’d discovered and new initiatives that we would be collaborating on for the company.
For our purposes, a thorough security review process was essential. The problem that we were experiencing was that there were multiple security engineers reporting their findings to us, and, each time we wanted to have another security review or risk assessment, a different person would be assigned from their end.
Our colleagues from security didn’t necessarily have equal amounts of context when it came to what our objectives entailed. All of the different feedback and suggestions from them were great, but it took a lot of time to bring every new person who became involved up to speed. There was a lot of back and forth and additional work.
Actions taken
We approached the other team and suggested: instead of one of many engineers from their side, assigning only one security expert as our official point of contact. We pledged to invest the time and energy into training them completely on my team and our processes, onboarding them and giving them the knowledge and the expertise needed to function fully in the role.
They would have the opportunity to bond with my team and to build relationships within the company from that perspective. In the long run, we would be able to reduce the back and forth and to have a more common understanding around security problems and our application restraints in order to conduct a more effective security review.
They thought that it would be a good idea. We got our security expert assigned to us. We were already in the process of onboarding a new product engineer, so they were able to go through the process together. We invited this person to all of our outings and social events. In one or two months, we were able to drastically change the way that we worked. We had a new initiative in front of us, and, with our new security expert, all of our security reviews have been really productive and smooth. Ad hoc vulnerability reporting was still done by multiple people as different engineers conducted different penetration tests, but we relied heavily on this one person who was able to provide that context to the security team and to be this kind
of bridge between us and them.
Lessons learned
- Assigning a specific security engineer to every single team became a company-wide policy after this experience. This unique solution was applied widely and to our advantage as a company.
- My team really enjoyed having somebody specific to talk to about the problems that they were having. We weren’t just throwing our problems over the wall anymore. We became more equipped to work together and to collaborate effectively.
- Both teams were able to acquire a more nuanced understanding of both the other side’s domain, as well as the domain that they already were experts in beforehand. They not only had access to more new information on a professional level; there was also this human-to-human interaction that allowed them to move past the distance of a distributed remote environment.
Discover Plato
Scale your coaching effort for your engineering and product teams
Develop yourself to become a stronger engineering / product leader
Related stories
6 February
Internal Hackathons invite team spirit and collaboration which are critical whether an engineering org is co-located or operating remotely spread across 20 times zones. Hackathons give employees the opportunity to connect and network while they solve fun & relevant challenges.

Balki Kodarapu
Senior Director of Engineering at SupportLogic
5 December
Your Org Team may as well be a Sports team. Let's explore how this cohesive, multi-skilled team can be optimized for Great Group Playoff.

Jaroslav Pantsjoha
Google Cloud Practice lead at Contino
29 November
Why DevSecOps matter and what's really in it for you, the team and the organisation?
Vikash Chhaganlal
Head of Engineering at Xero
25 October
Mrunal Kapade, an Engineering leader, based in Silicon Valley, shares tips that helped reduce attrition in the remote engineering teams while leading multiple teams from startups to Fortune 500 companies.

Mrunal Kapade
Director of Engineering at Inspire Energy
2 August
Jonathan Ducharme, Engineering Manager at AlleyCorp Nord, encourages the importance of a workplace environment that cultivates mental wellness.

Jonathan Ducharme
Engineering Manager at AlleyCorp Nord