Designing for what could go wrong
Some notes on my first safety by design workshop and why this work is still worthwhile
I try to keep this space as separate from my ✨business offerings✨ as possible, but you’ll have to indulge me because I am tired.
I just wrapped up my first workshop on practical ways to embed safety by design in your organization. The more I do this work, the more I think of it not as “Safety by Design” in the sanitized product sense, but as designing for risk.
That framing feels more honest about what we’re actually doing: trying to figure out how things can go wrong before they go spectacularly, gobsmackingly wrong. I assume none of us are working in ideal conditions right now, and those of us concerned with safe, healthy, humane technology are just trying to make headway where we can.
Here’s a quick recap of the main points of today’s workshop:
Safety is a Growth Strategy
There’s a persistent myth that safety is the enemy of growth. But really, safety is infrastructure, laying the stage for growth that doesn’t collapse under its own weight.
We covered ways to reframe safety concerns in terms that execs care about:
Designing for risk means asking more questions
Product teams are often asking “what could go right?” while the work of trust and safety involves asking, repeatedly and honestly, “what could go wrong?” Responsible product development requires bringing both together.
Some of the other magic questions for safety by design:
Can this feature be used to harass or mislead, even when it’s working as intended?
Are there loopholes that undercut existing safety tools?
What’s the worst that could happen? How bad is it? And how far could it reach?
We talked about safety as an org design problem
Risk doesn’t just present itself through product design, or the nefarious intentions of “bad actors.” Rather, it’s in the culture, incentives, and decision-making patterns that your company fosters. So we also talked about organizational risk—how siloed decisionmaking, unrealistic delivery expectations, and “move fast” mandates can set the stage for complex failures.
Me being me, in this section we took some detours into aviation safety and human factors (I have a longer piece coming commemorating the late William Langeweische and how his aviation journalism shaped how I think about safety risk).
Your narrative matters more than your title
This is where you see my past as a rhetoric scholar come out, because if there’s one thing I always want people to take away from these sessions, it’s this: You don’t need a VP title to influence safety.
Instead, you need to:
Understand what your stakeholders care about (money? speed? brand? values?)
Frame problems in their terms, not just your own
Let go of “perfect” and co-create what’s practical
Build internal allies who repeat your arguments when you’re not in the room
We also talked about common failure modes for safety by design programs: conflicting advice, invisible processes, and teams that aren’t empowered to say “no” until it’s too late.
…. and then I ran out of time to do a Q&A because this is just what happens when you do something live for the first time, as I should have known.
In any case, it felt really good to teach this material without a principal engineer getting in my DMs during the presentation and telling me all the things I’m doing wrong in real time (an actual thing that happened at a past workplace!). It felt good not to have to sugarcoat things in corpo-speak and to actually say the quiet part out loud.
Because here’s the thing: doing safety work means believing that growth has limits. And it’s exhausting to try and make that case inside institutions that are built on the fantasy of infinite growth and profit at any cost.
Now, in this new chapter, I am fortunate to only work with orgs that share my values. So while I might be tired on a physical level, I’m more energized than I have been in a long time.