Innovation Week - Atlassian Security Team's 20% Time Ritual

Hi everyone! Atlassian Product Security Team would like to share about a ritual that we practice called “Innovation Week.” Last year, during the shift to work-from-home for everyone on the team, we conducted a team survey and discovered that our team was having difficulties making time for the part of our work called “20% time.” The move to fully remote work came with many changes to how we held meetings, and at the time casual collaboration was suffering for it. We decided to create a team ritual called “Innovation Week” and set the expectation that everyone on the Product Security team would participate at the same time.

What is Innovation Week?

Innovation is encouraged within Atlassian, and people need time and space to let their creative, innovative juices flow. For this reason we set aside 1 week every 5 weeks (20% of work time on the calendar) where we all pause our regular work, form ad-hoc teams, and tackle different challenges.

Whilst there are no particular rules on what you can or can't do, your idea needs to have value for personal growth, our mission, team effectiveness, or add customer value. There are presentations at the end of the week to share what you’ve learned and achieved – even if you didn’t get as far as you planned! It’s best to aim for something that you can deliver within the week, as Innovation Week aspirations can be difficult to follow through on once the team gets back into regular work.

Ceremonies

Demos are key! We do regional demos (live or recorded) at the end of the week, and/or write up a blog post, and then share the biggest impact projects in our monthly Security Town Hall meeting.

All business-as-usual meetings for the entire week must be canceled or rescheduled. However, team members who are on-call must still be available for incidents and escalations if their rotation falls during the Innovation Week. Security doesn’t stop in order to make time for innovation!

Notable projects

One memorable Innovation Week project was shipped by Riya Shah, Product Security Engineer. Atlassian Security team uses a dashboard tool called Security Scorecard to visualize a list of security requirements and measure whether teams are adopting them. Riya created a Slack bot to take the team-specific information from a scorecard and display it in a team’s Slack channel as an easy to read message with all of their status items in one place. This project was a highly popular opportunity for the security team to help improve our development teams' velocity.

Another popular project was also a process improvement. Help requests come to the Product Security team from all over the company and in various ways. Hayden Le, Product Security Engineer, took a look at our Product Security Help process and made a guide for people to sort requests and route them to the right destination.

There have also been many projects that take a look at the security of a service or device, either for education or to pave the way for more work on the roadmap to securing our own infrastructure and services.

Suggestions for finding inspiration

When we are looking for more inspiration or ideas on how to use our innovation time, we will check out a Jira board that captures proposed ideas or the Trello board that has a wishlist of various issues we would shoot for if there were a Time-Turner around. Tickets create a little extra peer accountability and a long backlog of ideas to tackle.

• Research an area that will add customer value, or reduce customer pain

• Improve our tools or process to make it easier/faster/safer to deliver on our projects

• Add a capability that opens up new possibilities for our team

• Learn a new tech stack

• Work with people you otherwise wouldn't day to day

• Continue working on your ShipIt project

• Self-Learning Training sessions

• Presentation preparation, e.g. for a brown bag, conference or meet-up

• Tech debt issues

Does it work?

A follow-up survey in May showed 80% of the team felt they were consistently getting more quality time to do their “20% time” work after the Innovation Week change. Team members shared that they were able to collaborate more often with people that they might not otherwise have a chance to work with, as well as feeling the satisfaction of being responsible for a project end-to-end entirely of their own choosing.

There’s also the boost to productivity for the other 4 weeks of the cycle. Product Security engineers said they were free to work on projects that would never otherwise rise up through the backlog to make it onto the roadmap.

Nishchala Tangirala, Product Security Engineer, explains:

“The thing I like about innovation week is we stop and think about our current processes and question - “Why are we doing things the way we are?” If we had this additional thing, it would've made things so much faster! It's this spark, that sets the trail ablaze for quick wins that makes our processes better! “

Anton Black, Product Security Engineer, added:

“I like the way it eliminates annoyances! Say there's some problem or annoyance I'm facing. Not every problem an engineer has can be turned into an official project, so many problems necessarily sit around and gather dust. But Innovation Week lets me clean these up! Even if a particular problem wasn't picked up as an official ProdSec project, I can still get rid of the problem and don't have the annoyance of it sitting around forever. “

Other research time opportunities at Atlassian

Of course there are also many more benefits that the company reaps when their engineers are doing innovative research on company time. The concept of “20% time” is spread company wide, and many times the results become future Atlassian patents, products and services.

Twice a year, the whole company is encouraged to take a 24 hour period, called ShipIt Days, to work on a project purely towards the goal of innovation in absolutely any area. Anything can be a ShipIt. We see everything from practical to inspiring, simple to insane, technical to non-technical. It’s described as “It's like 20% time on steroids.” So this concept is ingrained in our culture, and coached from the top by our founders.

Have an idea for how to improve this process? Come join us and BtCYS!