Leigh Hennig
Feb 27, 2026 - Jun 18, 2026
6
Decisions
0
Active Todos
5
Patterns
Categories
Decisions (6)
EU Cyber Resilience Act - scope hinges on legal definitions; Bjorn to engage lawyers; aim to publish our own definitions
On the CRA thread (raised by Leigh Hennig re a Sept 11 deadline for RESF/Rocky/CIQ), Peter directed that the entire scope hinges on two definitions - vulnerability and actively exploited - and delegated Bjorn to engage lawyers to weigh in. Strategic aim: ideally CIQ/RESF publishes its own definitions, reframing CRA compliance as living up to our stated market promises rather than being exposed to outside interpretation. Until legal responds, nothing to do.
Mandate CIQ build/test pipeline converge with the RESFs — one unified project, Nathan accountable, coordination over speed
Peter laid down a mandate that CIQs Linux build/test pipeline will become functionally identical to the RESFs over time — a single consolidated project rather than parallel tooling. Nathan drives and is held accountable for closing the CIQ-to-RESF gaps (hardware parity, cut over to Koji, mirrored build infrastructure, a full validation framework that runs PR-specific tests). Justins build world must sign on and use it everywhere. Ryans gauntlet/outfitter tooling and Leighs RESF-side work are welcome only if they plug into the one project rather than forking. Peter explicitly chose coordination over speed even though it slows Ryans faster build-it-now instinct.
RESF — Orchestrated demand-pull approach for CIQ help
Directed that CIQ help should come through RESF team requests (especially Taylor/Sherif) rather than being imposed from above. Reinforced 'CIQ will help if you ask' messaging through Greg and Leigh. Wants RESF work driven like a project with visibility into requests.
RESF — Committed CIQ resources (Dieter/Nathan) and proposed tech lead structure
Committed Dieter and Nathan to near-full-time RESF work. Proposed Dieter as RESF tech lead reporting to Peter for ~1 year. Told Leigh both are available immediately (Dieter now, Nathan when back from vacation). Scheduled Tuesday alignment meeting with Greg/Bjorn/Max to formalize structure and authority. Briefed Max on strategy: unified front with Bjorn, carrots and sticks approach for Greg meeting.
RESF Monday Cutover — Finalized 3 PM PT Execution Plan
Finalized the RESF infrastructure cutover plan for Monday March 16 at 3 PM PT, including DNS NS record flip, AWS VPC firewalling, account disabling (Lewis, Neal), and security audit — accepting up to 24 hours of DNS-related downtime.
Committed to RESF day-of execution planning meeting next week
Committed in #internal-resf-escalation to organizing a meeting next week to build an execution plan for the RESF day-of lockdown. Directed Sarah to invite Nathan, Max, Justin, and Dieter. Bjorn is finishing messaging drafts this weekend, so technical execution planning must be ready to match the communication track.
Related Patterns (5)
Executive Sponsorship for Strategic Partnerships
Strategic cross-company initiatives and major client partnerships require executive-level accountability to move at the right pace and ensure proper prioritization.
Small Circle for Sensitive Operations
When executing sensitive strategic operations, keep the circle of informed people as small as possible to prevent leaks that could accelerate hostile action or undermine the initiative.
Protect Engineering Capacity
When external demands threaten to overload engineering capacity, protect capacity by either requiring the demand to come with additional resources, or forcing hard prioritization choices upstream.
Lead by Example with New Tools
When championing new tools or processes, personally use them and share results rather than just advocating. Learning by doing and demonstrating value through example is more effective than mandates.
Protect Engineering Focus Through Process
When faced with requests that would disrupt engineering focus (from sales, governance, product, or other stakeholders), establish processes that protect engineering ability to innovate while still satisfying legitimate concerns. Prefer systematic solutions over ad-hoc responses.