A company I worked for once spent a fortune installing a turnstile and key card system to secure the building. The idea was simple: track the entry and exit of every employee. The execution, however, was anything but simple.
They built a single turnstile for a 12-story building, placing it directly in front of the six elevators. This meant everyone had to pass through the turnstile to access the elevators—and then scan their card again in the elevator to reach their floor. When they finally activated the system, chaos ensued.
Some key cards didn’t work, the turnstile would get stuck, or sometimes it shut down completely. Even when everything was functioning as intended, hundreds of employees lined up to enter the building each morning. The line stretched outside, wrapped around the building, and looped in on itself. Morning commutes and lunch breaks turned into logistical nightmares.
Their solution? Install a second turnstile. Great.
But then, the problem shifted to the elevators. Too many people crammed into the elevators, scrambling to scan their cards to get to their floors. I’d often end up riding the elevator up and down several times before successfully scanning my card and making it to my floor.
And yet, despite all this, nobody seemed concerned that the company’s most popular internal tool stored usernames and passwords in a cookie, refreshing sessions automatically. Physical security? Top priority. Cybersecurity? An afterthought.
This example is hardly unique. Companies often gravitate toward visible solutions, even when they come with significant trade-offs, while ignoring critical but invisible problems.
For instance, when you make backend improvements, like optimizing performance, fixing critical bugs, or improving server stability, it’s often met with silence. But add a flashy new feature, like a banner that displays a congratulatory message or a button with a trendy gradient, and suddenly everyone is clapping.
The same mindset applies to security. You could spend months securing sensitive data, implementing best practices for encryption, and shoring up vulnerabilities, and no one will notice. But install a badge scanner at the front desk, and the whole company applauds the "new security measures," even if it slows everything down.
Misaligned priorities often stem from how organizations measure success. Tangible, visible results are easier to recognize and celebrate than invisible improvements or preventative measures. A new feature can be demoed in a meeting, but how do you demo a 30% improvement in query response time?
It’s also about perception. Physical turnstiles give the feeling of security, even if the backend systems are riddled with vulnerabilities. A flashy new feature feels like progress, even if the system crashes more often because of unaddressed technical debt.
The cost of these misplaced priorities is often hidden. Employees spend more time navigating inefficiencies like broken turnstiles or slow elevators. Developers burn out fixing bugs that could have been avoided if performance issues had been prioritized. Customers suffer from downtime or security breaches because backend vulnerabilities weren’t addressed.
And yet, companies survive. Somehow, despite the chaos and inefficiencies, they continue to operate. But the question remains: how much time, money, and talent is wasted chasing visible "wins" while ignoring invisible necessities?
Finding the Balance
Focusing on invisible improvements doesn’t mean ignoring visible wins altogether. It’s about balance. Celebrating backend improvements, creating visibility for technical achievements, and educating stakeholders on the long-term benefits of these investments can help shift priorities.
For example, when fixing errors or improving performance, tie the work to business outcomes. "This optimization will save us X dollars in server costs," or "This security update prevents a potential breach that could cost us millions."
Similarly, when visible solutions like turnstiles or banners are implemented, take a moment to step back and ask, "What problem are we actually solving?" If the answer is "perception," then it’s time to reconsider. If you want to measure a company's security then ask: what happens after someone jumps over the turnstile?
Companies often get stuck in a cycle of chasing visible wins at the expense of invisible necessities. Turnstiles might make a building look secure, but they don’t protect against weak passwords stored in cookies. A flashy banner might draw attention, but it doesn’t fix a system that crashes under load.
The real progress lies in finding the right balance: addressing the critical, invisible issues while ensuring visible changes are thoughtful and meaningful. Because sometimes, the most important work isn’t the work you can see—it’s the work that keeps everything running.
Did you like this article? You can buy me a coffee.
Share your insightful comments here.
Comments
There are no comments added yet.
Let's hear your thoughts