Blog
Tips

Getting started with GenAI code: 30-60-90 day plan for CTOs and VPs of Engineering

There are a lot of promises — and risks — that come with bringing GenAI code into your organization. The tough reality is that engineering leaders, particularly CTOs and VPEs, will bear the brunt of responsibility for potential adverse outcomes of GenAI code.

Jan 17, 2024
#
min read
Share
X

Table of contents

Heading 2
Heading 3
Heading 3

Inaction, however, is not an option. One of the greatest risks of GenAI code, potentially, is not tapping into the productivity-enhancing benefits of these tools, at all.

Understanding that GenAI code is new territory for engineering leaders, we’ve put together a tactical plan to help you take your best steps forward  to balance potential risks.

The plan

10 Days 

  • Meet with Legal. Your legal team may be up to date on the latest and greatest news around GenAI code and the law — but don’t expect this. Be prepared to set the tone for your organization’s GenAI strategy. Clearly articulate what you know while still creating space to ask questions.
  • Meet with your CEO. Like legal, you may find yourself in a position where you need to explain the benefits and drawbacks. C-suites are doubtlessly aware of the investment that engineering teams represent. By underscoring the radical productivity improvements of GenAI code, you’ll be speaking your CEO’s language. Ask questions to clarify what executives would like to see from the implementation of new GenAI tools.
  • Form a Developer Council. Developers are craftspeople. Your GenAI code compliance program will be better with your engineering team’s direct involvement. While inclusion is important, don’t create an artificial blocker by creating a massive committee. It’s OK to assign more trusted senior developers, such as technical leads, as opposed to juniors to the task of evaluating GenAI tools. To the best extent possible, include diverse opinions about the role of AI in the council to facilitate discussion.

30 Days

  • Work with Legal. By the 30 day milestone, your legal team will have the bandwidth to digest what you’ve presented in your first 10 days. Because of the risks involved, it’s important to follow your legal team’s  lead on what must be done regarding compliance. Ensure you evaluate globally, locally, for your industry, and for your specific business. One key outcome at 30 days should be a concrete plan to update your engineering team  about the rapidly changing legal landscape around GenAI.
  • Your Developer Council should be up-and-running from a program standpoint. First, the Developer Council should meet with you and the legal team to understand the restrictions the org must work under. Decide on a standard format for developer guidelines that you’ll deliver to the whole engineering team. These guidelines should include whether or not the use of unspecified tools is permitted, in addition to rules around data leakage. The Developer Council should also be instrumental in helping to identify and define opportunities. What use cases should the team be focusing on initially?
  • At this stage, it’s time to get tactical about infrastructure and deployment. Your DevSecOps teams can take the list of GenAI tools that the Developer Council has selected and put together a plan to get these tools to engineers.
  • Finally, circling back to the CEO with the Developer Council’s progress is key. Together, the team should develop a presentation around GenAI efforts to message to all Developers and — potentially — some relevant stakeholders in the business. The point-person for sharing  this message is a critical decision. As CTO or CPE you should be a natural fit to lead the messaging here, but you can also consider leveraging the CEO (to accentuate top-down excitement and drive) or a leader from the Developer Council (to emphasize the grassroots bonafides of the program).

60 Days

  • Your development team should have been experimenting heavily for the past 30 days, collecting and surfacing data for you and the Council to analyze. Collect trends and key takeaways to present to your development group to show where progress is being made. Don’t make any major changes to programs at this point, however.
  • Check-in not just on software/technical goals as determined by the council, but business goals as defined by the CEO. Maximize alignment on these where possible, and prepare to share an update with stakeholders.
  • For larger and more experienced Teams, developing an internal AI model (including an LLM) is a potential play. Even when using off-the-shelf models to feed with just your organization’s codebase or data, the amount of effort involved can be significant. ETL teams will get valuable reps trying to feed pristine data to models while following strict governance guidelines!

90 Days

  • Take a purposeful look at how the GenAI industry has changed over the past 90 days. After 90 days, you’ll be in an interesting position. General maturity for AI tooling should be high, but the landscape of what’s available and what’s needed has probably gone through another minor cycle. 
  • Conduct something like a retrospective using the data you’ve been collecting on usage. Consider leveraging user interviews as well. Consider re-engineering or refocusing your team’s efforts if necessary - the chances of a perfect GenAI rollout the first time are slim!
CTOCEOLegalDeveloper CouncilDevSecOps
10 Days> Develop tooling shortlist and technology-focused goals.> Have a frank discussion about GenAI's potential benefits and drawbacks.> Meet with legal, to brief them on GenAI plans.> Form a Developer Council with a diverse collection of experts.> Provide a shortlist of tooling and control measures for the team to investigate.
30 Days> Leverage the Developer Council’s expertise and opinion for use case development.
> Connect stakeholder groups, and define specific timelines.		> Receive and refine business-focused goals around GenAI. Provide to the Developer Council.
> If applicable, facilitate conversations with Legal pertaining to limitations.		> Listen and follow Legal’s lead on compliance requirements.
> Ensure you evaluate global and local considerations for your industry and specific business.		> Organize a meeting with Legal. - Have the Council listen to risks and mitigation strategies directly.
> Settle tooling, initial use cases, and usage metrics.		> Receive & execute deployment plans, as applicable.
 
60 Days> Stay up to date with GenAI news.
> Facilitate GenAI tool usage as part of day-to-day work.
>Remind teams of what’s available.		> Update on efforts and progress.> Communicate deployment and control measures that were rolled out, if applicable.> Collect and investigate GenAI usage data.> Monitor and track compliance.
 
90 Days> Develop next strategic cycle - Start / Stop / Keep items to present to development teams and CEO.> Receive feedback for the next strategic cycle and progress on business-level goals.
> Present the next strategic cycle design.		> Conduct a “State of the industry” checkpoint around emerging legal issues.> Present and discuss GenAI Usage data
> Conduct interviews with Council members
> Receive feedback for the next strategic cycle.		> Communicate strategy changes, if applicable.
> Refine tooling, through simplification or new-new workflow engineering.

Conclusion 

Engineering leadership can often feel lonely when significant advances are made in the world of technology. While your leadership will be an irreplaceable aspect of the GenAI revolution, so too will the intellects of your team members. Excite them with the promise of a more automated future. Harness their enthusiasm to prove and build new capabilities. Lean on them for honesty, insight, and clarity. Recognize that the next 90 days may look dramatically different from the first, as we are still in the early days of GenAI’s evolution.


Keeping track of global GenAI compliance standards 

Periodically, Sema publishes a no-cost newsletter covering new developments in Gen AI code compliance. The newsletter shares snapshots and excerpts from Sema’s GenAI Code compliance Database. Topics include recent highlights of regulations, lawsuits, stakeholder requirements, mandatory standards, and optional compliance standards. The scope is global.


You can sign up to receive the newsletter here.


About Sema Technologies, Inc. 

Sema is the leader in comprehensive codebase scans with over $1T of enterprise software organizations evaluated to inform our dataset. We are now accepting pre-orders for AI Code Monitor, which translates compliance standards into “traffic light warnings” for CTOs leading fast-paced and highly productive engineering teams. You can learn more about our solution by contacting us here.


Disclosure

Sema publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only. To request reprint permission for any of our publications, please use our “Contact Us” form. The availability of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.

Sema Team

Executive engineering intelligence

Ryan McElroy

Ryan McElroy

Software Developer

Want to learn more?
Learn more about AI Code Monitor with a Demo
Book a demo

Are you ready?

Sema is now accepting pre-orders for GBOMs as part of the AI Code Monitor.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.