Steve Wallace

CVE response strategy — three-pillar overhaul (process + tooling + strategic kernel review)

In Engineering Weekly Sync, Peter operationalized the 5/11 Leadership Roundtable vuln-handling commitment into three concrete pillars: (1) Chris Baek to restructure the embargo/CVE comms doc with Jamie, separating process from tooling/templates; (2) tooling strategy — Peter commits to email Greg requesting Claude Opus 4.7 whitelist for CIQ accounts AND to set up unbridled internal LLM models on Fuzzball for vuln investigations; (3) schedule strategic kernel philosophy review for early June, with Nathan and Justin to provide a list of downstream automation efforts to prioritize.

May 12

Late-August dedicated security hire timing (6 months post-Jasons departure)

Aligned with Steve in 1:1 that a dedicated security resource hire is appropriate in late August — six months after Jasons departure. Options on the table: full-time hire, fractional resource, or expanding the Shin Brothers role. Steve currently at 70% capacity on ISO 42001 documentation; workload expected to normalize after this week, with SOC 2 and ISO 27001 audits expected to be lighter.

May 7

Moody accountability: step up to senior contributor or be managed — framed as response to his growth ask

Flagged Moodys recent missed deadlines and failure to track work to Steve in 1:1, with explicit framing: this is a direct response to Moodys stated desire to become a senior contributor, not a punitive measure. Expectation set: Moody must step up and handle responsibility independently, not require close management. Steve aligned. Moody is out May 15-20 — coaching window is now.

May 7

Mariah escalates Stephen Moody project delays directly to Peter (bypass Wallace)

Mariah will notify Peter immediately when Steve Moody delays HR-relevant project work. Triggered by a 6-week unresponsiveness pattern on the Rippling/JIRA integration that Steve Wallace had not escalated. Direct-escalation bypasses the manager (Wallace) for HR-adjacent commitments while Peter assesses whether this is a Moody problem or a Wallace prioritization problem.

May 4

Ship CIQ kernel patch with extra fix; contribute upstream; race to be first/best on CVE response

Linux kernel CVE response: CIQ shipping 10 fixes vs CentOS Stream's 9 (CIQ found and is fixing an extra issue related to the CVE). Extra commit submitted upstream to centos-stream and acknowledged for inclusion. CIQ pushing to be first EL distro to release, with primary goal of customer reassurance and secondary goal of public proof point that CIQ contributes to security and is large enough to serve big customers. Also pushing patches to RLC kernels as fallback in case RH doesn't move quickly.

May 1

Approved ISO 42001 AI User profile addendum (~$30k)

Approved adding the optional AI User profile to CIQs ISO 42001 certification for approximately $30k, aligning the audit cycle for both Provider and User profiles over the three-year certification period.

Apr 17

Delivered Jira Hygiene Mandate to Engineering

In Engineering Weekly Sync, mandated immediate improvement in Jira hygiene after presenting 3.5 months of data showing >50% of tickets updated after their due date (most slips 2-4 weeks). Prioritized communication over speed — proactive updates required, aggressive initial targets (20-30% confidence) acceptable. Directed Chris Baek to add a 'blocked reason' field to Jira for stakeholder visibility.

Apr 17

Delivered Jira Hygiene Mandate to Engineering

Apr 15

Committed to engineering date hygiene confrontation with directs

Peter publicly committed in Leadership Roundtable to holding a tough conversation with his directs about deliverable date hygiene. Requested date-slip magnitude data from Chris Baek (days vs weeks) to focus on significant delays rather than minor variance.

Apr 14

Sensitive Decision

Sensitive

AI Governance Single-Track Pivot for ISO 42001

Pivoted AI governance from dual-track (internal vs products) to single rigorous model because CIQ products (RLCAI, Fuzzball, Werewolf) now directly integrate AI, changing the liability profile.

Mar 13

technical

RESF Monday Cutover — Finalized 3 PM PT Execution Plan

Finalized the RESF infrastructure cutover plan for Monday March 16 at 3 PM PT, including DNS NS record flip, AWS VPC firewalling, account disabling (Lewis, Neal), and security audit — accepting up to 24 hours of DNS-related downtime.

Mar 13

RESF Operational Security — Compartmentalize Until Board Action

Directed that Brian must not be told anything until after the RESF board notification. Emphasized extreme caution about leaks to Lewis. Approved Joseph being read into the initiative but warned about leak risk. Sequenced information flow: board action first, then notifications, then credential recovery.

Mar 10

Sensitive Decision

Sensitive

Team Building Mandate — 6-Month Priority Over Features

Directed all engineering managers to prioritize team building over feature delivery for the next six months. Includes permission to swap out low performers, with Peter providing air cover for the risks involved.

Mar 4

Directed RESF counter-narrative to Bjorn to prevent premature escalation

Directed Steve Wallace to email Bjorn (CC Peter) with evidence of positive RESF engagement through Mirror Manager project before Bjorn potentially takes aggressive action. Steve's team has made progress with Neil — environment access granted, Mirror Manager epic unblocked — while other teams report significant friction.

Feb 20

Delegated Jason Lewis termination coordination to Mariah for March 3

While preparing for Dubai trip, delegated coordination of Jason Lewis termination logistics to Mariah Rippee, asking her to work with Steve Wallace during the week Peter is out, targeting the first Monday of March (March 2).

Feb 6

Jason Lewis Termination - Ready to Action

Confirmed readiness to proceed with Jason Lewis termination now that the ISO 27001 certification letter has been received. Will coordinate with Steve Wallace and Mariah Rippee (HR) to execute. Jason recently requested a seat at the table for self-service discussions, unaware of the pending action.

Feb 4

Infrastructure Cost Savings Approval

Approved a $10K infrastructure savings proposal from Steve Wallace with the condition that it does not burden development work.

Feb 3

Clarified bonus evaluation framework - above and beyond for step-function impact

Clarified to Steve Wallace that bonuses are awarded for actions that are above and beyond standard role expectations and provide a step function for CIQ - not for standard job performance, which is covered by salary. Also confirmed TJ bonus (Greg approved Jan 23 via private DM) and committed to close the loop with Greg.

Jan 30

Approved transfer of Depot operations from Justin to Steve team

Approved transferring Depot operations from Justin team to Steve team as a test of Steve team SRE capabilities. Justin team will define the architecture for moving Depot to object storage, then hand off execution to Steve team who will own provisioning, infrastructure, and monitoring.

Jan 26

Require mandatory tagging of all fully AI-generated content

AI Committee established policy that all fully AI-generated content must be tagged to manage user expectations. Applies only to fully AI-generated content, not human-reviewed or AI-assisted work. Format and placement of tags is flexible.

Jan 24

Transfer Depot operations from Justin team to Steve team

Depot operations will transfer from Justin team to Steve team. Justin team will define the architecture for moving Depot to object storage, then hand off execution to Steve team for provisioning, infrastructure, and monitoring.

Jan 23

Jason Lewis layoff with Steve Wallace as compliance owner

Decided to proceed with Jason Lewis departure (structured as layoff) due to expectation misalignment and damaged relationship with Bjorn. Steve Wallace will assume all compliance responsibilities (ISO 27001, SOC 2, ISO 42001). Budget reserved for full-time replacement after 6-month layoff waiting period. Fractional hire and external auditor approved for interim.

Jan 23

Depot Management Transfer to SRE

Decided to transfer Depot management (monitoring, maintenance) from Justin org to Steve SRE team. Committed to connecting Steve and Justin to define the work distribution.

Jan 16

Jason Lewis Retention Review - Requested Written Impact Case

Paused final decision on Jason Lewis role and requested Steve write a formal case detailing the operational impact of Jason departure - specifically on ISO 27001/42001 certifications and CIQ Federal work.

Jan 16

Trinity Quirk & Chris Short Terminations Executed

Terminated Trinity Quirk for failing to progress NARF/CVE automation integration despite clear expectations. Terminated Chris Short for failing to deliver on critical RESF-related goals. Sent transparent communication to all of engineering explaining the WHY behind these decisions.

Jan 11

H1 Planning Strategy - Aggressive Goals with Staggered Milestones

Articulated H1 strategy: shift from hope to concrete plan with aggressive audacious goals. Achieve goals differently not just faster. Staggered milestones every 4-6 weeks for course correction. Missed milestones trigger retrospectives for process or personnel changes. Clear prioritization at Reno eliminating everything is P0 problem.

Dec 31

Championing AI Butler Adoption Internally

Shared detailed Slack MCP setup instructions with team members. Hosted/recorded AI Dashboard session demonstrating Butler setup. Personally using and advocating for meeting prep automation.

Dec 19

Championing AI Butler Internal Adoption

Hosted and recorded the AI Dashboard/Butler setup session to drive internal adoption of Claude-based personal productivity tools across CIQ. Shared personal use case of creating meeting prep notes from Slack/email/docs.

Dec 19