I am an Inverted Product Manager (PM): success is determined by the things that don’t happen. There are other PMs that, like me, fight spam and abuse. Here is how my job differs from a “traditional” PM, and how it does not.
Before joining Google, I had a start-up where we created a web-based OKR (Objectives and Key Results) tool when OKRs weren’t cool yet. Our goal was to create value for customers and we looked at metrics that followed that outcome: Daily activities, usage of features, revenue movements in the funnel etc. Success would be when one of these metrics would go up (brushing off some details I know). But then I joined Google in a new role and everything changed
At Google, I joined the “Hijacking” team. This team protects Google’s billions of users against account take-over. Behind the scenes they keep all of us that have a Google account safe from criminals, mischievous people and abusers that are out to give us a bad day. Like me there are many others PMs: those that stop all the spam from getting in your inbox, those who keep bad content off the web, those that prevent criminal goods from being sold on the web, those that design products to keep our infra online etc. All at the scale of billions. Over the last 6 years, I’ve learned that the job of the PM in this space is really different from the PM role I was doing before.
The inverted PM
Our success is determined by the things that don’t happen: the account that doesn’t get hijacked, the article or review that never gets posted, the picture that doesn’t spread, the spam that isn’t delivered to your inbox or the server that doesn’t go down. We drive graphs down, our success is “Inverted”, we are “inverted PMs”. So here are 6 key differences between being an Inverted PM and a traditional PM (if that even exists ;-).
Your persona is different: “It’s the user and the abuser”
At least in my case I have to deal with a multi-sided problem. My main focus of course are my users. I try to keep the good users in their accounts while keeping the hijackers out. But hijackers are also my users. I need to figure out how they think, at scale, and then release features and policies to keep them out of my users’ accounts while not inconveniencing the users too much. You might say that other PMs have a similar multi-sided-ness like in market places and you would be right. In our case however, the two kinds of users actually don’t mutually benefit each other, it’s inverse.
You strategize differently: “Your problem is adversarial”
The inverted PM “fights” badness. But behind this badness are always other humans. It means that as you launch protections, these malicious actors also adapt and find ways back in. Your problem is adversarial, you can never fully close it. You need to be comfortable with this ongoing “battle” against the badness you fight. It also means you can’t strategize like a traditional PM looking at user needs. You can’t decide that you want to “Become the leader in category X” or “increase customer satisfaction by Y” etc. You can however, like a traditional PM, prioritize the features and policies that you think will have the biggest impact on the problem you are trying to solve.
You measure differently: “The Invisible Line”
As PMs, we obsess about metrics to see if the things we launched actually had the impact we envisioned. However Inverted PMs have a big challenge there that I call: “the invisible line”. As an inverted PM you can never 100% know, how much badness is really out there (depending on availability of evidence at your disposal). You sometimes get glimpses of it, but all you have is the badness you detected. When the detected badness goes up, it doesn’t mean you did a bad job, you’re just detecting more. When it goes down, it doesn’t mean you did a good job either, the abusers might just have given up. The reverse is also true here of course. This concept of the invisible line makes it harder for Inverted PMs to easily explain impact and keep their teams accountable.
You launch differently: “Comparison is vital”
What you can do as an inverted PM is to measure how well the features and policies you launch actually do. You can launch a new feature to a subset of the population and measure the change in detected badness after. Then you can assume that at this time, for this policy the impact is what you see. But again making sure that stakeholders understand that this is only for this one launch at this one time is important since the overall metrics might seem to move inconsistently with what you’ve just launched.
You communicate differently: “Security is like air”
Someone once told me: “Security is like air, you don’t notice it’s there until it’s missing”. When we as inverted PMs communicate we have to focus more on the impact of our work not happening. We also need to explain our area and the adversarial nature of our work. Some executive might ask: “why don’t we just make it impossible to upload something like this”. Then you have to explain all of the above items. The opportunity is in bringing people together, alongside you. To have people rally behind this mission of creating a world free of the badness you are stopping which leads me to the next and final difference.
Your impact is different: “Saving one is worth it”
This final difference to me is the main reason I’ve stayed in this space for so long. As a PM I get to save people’s lives from being impacted by abusers. Imagine a hijacker getting into your account and getting to view everything…. single…. thing… you have in there. I’ve had the privilege of walking alongside a few hijacking victims and have seen the damage it does. So if I can wake up every day and save at least one of them, it’s worth it: ¨Saving one is worth it¨. Many Inverted PMs have these kinds of missions which come with great impact to the world, it keeps us going, that out there, there are at least a few people who don’t have to go through this hardship.
So there you have it, the difference between a “traditional” PM and an “Inverted” PM that I’ve observed over the years. If you are an inverted PM and have more differences, connect on LinkedIn and drop me a message.
And remember, it doesn’t matter for which area you are an “Inverted PM”. You can find your “one”, your person, and then: “Saving one is Worth it”.
Photo by Nadine Shaabana on Unsplash
Interesting view points Jeroen. What will stick with me for long is “Saving one is Worth it” given the examples you gave me in our conversation.
I think that Security is always “assumed” and never really measured in absolute terms till we see something failing.
You folks are doing a wonderful job.