GetReal’s Tom Cross on Goal Orientation That Sabotages First-Time Managers

The Story This time

The transition from individual contributor to manager destroys more promising security leaders than any technical challenge they’ll face. Tom Cross, Head of Threat Research at GetReal, learned this while managing IBM’s X-Force Research team, where his instinct to achieve goals directly conflicted with his responsibility to develop people until he harnessed that perspective.

Tom reflects on why vulnerability researchers need dedicated time for self-directed projects independent of business priorities, and how that balance creates environments where people give 120% because they’re doing what they love. Tom and Ben also explore how Dunning-Kruger effects create friction between security teams and IT organizations, and how professional networks built over 25 years become almost everything about senior leadership opportunities.

Stories We’re Telling Today

• The incompatibility between manager time and maker time in software engineering organizations.
• Why vulnerability researchers require structured time for personal projects independent of business priorities to maintain engagement.
• How distributed team management demands deliberate communication structures to replace information osmosis, including weekly one-on-ones and context-rich updates.
• Transitioning from individual contributor to manager requires abandoning goal achievement orientation in favor of coaching people.
• How Dunning-Kruger effects create persistent friction where IT professionals overestimate their security understanding.
• Recognizing when people aren’t aligned with their roles and creating mutual agreement about misalignment before off-boarding.
• Emotional detachment from organizational bureaucracy as a critical survival skill for security leaders dealing with constant obstacles.

Too busy; didn’t listen:

• Technical managers who hire people smarter than themselves build more powerful organizations; those who maintain authority through expertise create weaker teams.
• Software engineering productivity requires uninterrupted “maker time.” A 30-minute meeting can destroy an entire afternoon because the cognitive reload is so expensive.
• The transition from individual contributor to manager demands abandoning goal achievement orientation for people coaching, accepting that work won’t be done as well or as quickly as you would do it yourself.
• Professional networks built across 25 years of security leadership become almost everything about senior opportunities, with alumni relationships from early career positions creating recruiting pipelines decades later.

Skip to the Highlight of the Episode

37:58-38:27 “You end up in this management role, but you still have this goal orientation where you want to see the work get done and you have these people that you delegate the work to who may not be as good as you are at achieving those goals. And it’s really hard to shift your mindset from focusing on achieving the goal to focusing on coaching the person that’s there to the point where they achieve the goal.”