IT Leadership | Sten Vesterli's Blog

Excessive Quality

February 20, 2026February 20, 2026IT LeadershipLean

Excessive quality is “muda” – waste. If you’ve been exposed to Lean, you know the seven types of waste. One of the common ones in IT is overprocessing. Building high-quality software for a temporary need is overprocessing.

Much of the discussion about crappy AI-generated code fails to make the distinction between critical systems that lives depend upon and which will be maintained for decades, and one-off temporary solutions.

Spending scarce human programmer resources on building tactical, short-lived systems is overprocessing. Let the AI build it.

Losing the Picture

February 18, 2026February 18, 2026IT LeadershipAI, Bugs

The fear of every Air Traffic Controller is “losing the picture.” That is the situation where your mental model of where everyone is and where they are going starts breaking down. It is very hard to regain the picture, and the controller will ask for help. Usually, the supervisor will split the sector and assign the relief controller to one half of it.

I have often seen IT organizations that have “lost the picture,” but there is never a relief controller available to step in. They simply continue struggling to keep the system running while the bug reports and enhancement requests pile up.

The number one reason why a team loses the picture used to be that the complexity grows until it reaches the limit of what the team can handle, and then the most experienced person leaves. That is hard enough to handle. Today, some teams are happily letting AI tools build code they don’t understand, even from the beginning. They are rapidly losing the picture, as the emerging horror stories about teams drowning in AI code clearly show.

The Usability War

February 16, 2026February 16, 2026IT LeadershipShadow IT, Usability

When your users don’t like what you offer, they will use something else. If your secure communication app is cumbersome and slow, people will take to insecure but user-friendly commercial software.

The U.S. Secretary of War couldn’t be bothered to use the Pentagon-supplied app and leaked classified information on WhatsApp. Now, Russia is restricting Telegram only to figure out that its soldiers in Ukraine depend on it.

Have you compared usage data with expected usage? If those numbers are far apart, it means your users are finding other ways.

Invisible Problems

February 13, 2026February 12, 2026IT LeadershipAwareness, Problems, Risk

“We don’t see a problem.” That is the typical response when a company is investigated for unsafe products or features. Latest car in point: Ford’s BlueCruise self-driving feature.

They might be right in claiming that customers have not reported problems to them. But when the National Highway Traffic Safety Administration (NHTSA) started to take an interest, they could easily compile 2,000 claims of malfunctioning self-driving features.

How are you gathering customer feedback? The fact that you don’t receive any problem reports doesn’t mean there are no problems.

The Missing AI Business Model

February 12, 2026February 11, 2026IT LeadershipAI, Flexibility

OpenAI has started running ads in ChatGPT. For now, they say they are “testing” the feature in the U.S., but there is little doubt it will eventually be rolled out globally.

Just like all the other AI companies, OpenAI is burning cash at an unsustainable rate – using more than 10x what they make on the compute they consume. Some of them will fail.

If you are using external AI tools in any of your systems, make sure your developers are plugging in the AI in a way that makes it easily replaceable. As the shakedown starts, you’ll be seeing price hikes on the paid plans as well, and you need to be able to quickly and easily change to another provider. Or run an Open Source model in-house.

Unknown AI Policies

February 9, 2026February 8, 2026IT LeadershipAI, Leadership, Policy, Risk

Does everyone in your IT organization know what your rules are regarding AI use? 60% of employees report using AI tools, while fewer than 20% say they know the company’s AI policy.

That is not because the policies don’t exist. More than 80% of IT leaders report that their organizations have formulated polices for AI use.

How are you going to close that gap?

Digital Sovereignty Score

February 6, 2026February 6, 2026IT Leadership

The city of Munich has developed a digital sovereignty score, and have started rating all their IT systems with it. They will also use it for evaluating new systems. This is an interesting approach.

Vendor lock-in has always been a valid evaluation point when selecting a vendor or architecture. I would never have thought that vendor nationality would end up being a factor, but it is now.

Only Outsiders Can See the Faults

February 4, 2026February 4, 2026IT LeadershipFeatures, Outside opinion, Red Team, Risk

Would you design a product with a sleek but potentially deadly feature? Most people wouldn’t, but aerodynamics and design have led to at least 15 people dying in burning Teslas when the electric doors wouldn’t open. The Chinese are no longer having it, and are ordering all cars to have a mechanical door release both inside and outside the vehicle from January 1st next year.

Thousands of trade-offs are made when designing products. But some outcomes are so bad that they ought to disqualify a feature. Product owners want a great product with awesome features, and are not capable of imagining all the bad things that could happen. Even if you don’t have a dedicated Red Team, you need someone outside the product team to probe your products for weaknesses. The people building it can’t see them.

How Many People are Indispensable?

February 2, 2026February 2, 2026IT LeadershipLeadership, resilience

How many people are indispensable in your IT organization (you included)? The right answer is zero. The typical answer is in single digits. It is your job as an IT leader to bring this number down.

It happens automatically as you try to reduce headcount. Just as optimizing your supply chain makes it brittle and prone to disruption, cutting headcount to the bare minimum risks chaos when a key person leaves or is hit by a health or family issue.

There should be two people who can handle every important job. Make these buddy teams explicit and allocate a budget for them. It costs you very little to give each two-person team an allowance for a restaurant meal every two months and to let them attend a conference or event together once a year.

Do you have a list of your key people, the jobs they do, and who could take over? If you don’t, it might be a good idea to start one.

Backup Communication Channels

January 30, 2026January 30, 2026IT Leadershipbackup, Communication, Planning, resilience, Risk

What is the difference between 30 individual soldiers and a platoon? Leadership and the ability to communicate.

The first step in your resilience planning is to ensure that you can still communicate, even when faced with an onslaught of Russian hackers or American government officials.

That could mean an on-premise open source mail server and a basic web server. Every workstation and company smartphone could have a separate open source mail client and web browser preconfigured for those servers.

There are many other options – the paranoid and those with high threat levels might have spare phones running GrapheneOS and Briar, or even establish their own Meshtastic mesh network.

If you don’t have a backup communication channel, you urgently need to establish one. Especially if you are outside the U.S. and depend on U.S. services.