Radical Results: A Security Org's Version of Radical Candor
Evan Johnson
BSidesSF 2025 — Here Be Dragons · Day 2 · Main
Security teams are notoriously hard to evaluate — there are no quarterly numbers to hit, no obvious product ships, and success is often defined by things that don't happen. Evan Johnson, co-founder and CEO of RunReveal and former first security engineer at Cloudflare and Segment, proposes a two-axis framework adapted from the book Radical Candor: plotting security initiatives on a Cartesian plane of "vibes" (collaboration and cultural fit) versus "effectiveness" (actual risk reduction), then using those historical data points to understand how the team is perceived and where it can improve. ---
AI review
Johnson's 'Radical Results' vibes-vs-effectiveness quadrant is a genuinely useful diagnostic for security leaders who've built technically excellent teams that still fail to land organizational influence. The WebAuthn rollout story is an honest self-critique that most security leaders would never give on stage. But this is management consulting content in a security conference slot — interesting, not technical.