Uncertainty and the One Mission Metric that Matters

Rethinking Risk, Metrics, and Mission in the Age of Digital Delivery

The "Uncertainty and the One Mission Metric That Matters" session block at Prodacity 2025 tackled a challenge that haunts both government and enterprise:  making decisions in the face of uncertainty and overwhelming data. The speakers—David Bland, Alistair Croll, and Clinton Herget (along with Luke Strebel and Asare Nkansah)—offered a blueprint for navigating uncertainty, testing what truly matters, and focusing on one mission metric that drives outcomes rather than drowning in meaningless KPIs.

Here are the four major takeaways from the session block.

1. Face Uncertainty. Navigate It. Win.

"You win by learning faster than everyone else." - David Bland

From Business to Government: Applying Lean Thinking to Missions

David Bland has spent years helping startups, enterprises, and now governments navigate uncertainty. His work blends design thinking, lean startup, and business model innovation to help organizations test assumptions before making big investments.

Bland pointed out that many government projects get stuck in "mission design" mode where teams spend years refining strategy but never actually test their ideas in the real world. The result? Multi-year roadmaps that collapse on first contact with reality.

To avoid this, Bland introduced a structured approach to uncertainty:

  1. Mission Model Canvas → A one-page strategy tool that clarifies the mission, beneficiaries, value propositions, and impact factors.
  2. Assumption Mapping → Identify risky assumptions early and test them before committing resources.
  3. Continuous Experimentation → Run small, cheap experiments to validate what actually works before scaling.

“You can't pivot if you're broke.”David Bland

How Government Can Adapt This Mindset

  • Shift from static plans to adaptive strategies.
  • Test before investing. Too often, agencies make massive, untested bets that don’t work in practice.
  • Recognize that failure is part of learning. The goal isn’t to avoid failure but to fail fast, inexpensively, and purposely.
David Bland on stage at Prodacity 2025

2. The Danger of Measuring the Wrong Things

“When a measure becomes a target, it ceases to be a good measure.”Goodhart’s Law (cited by Alistair Croll)

The "Cobra Effect:" How Bad Metrics Lead to Worse Outcomes

Alistair Croll told a fascinating story about Goodhart’s Law, the idea that once a metric becomes a goal, it stops being useful.

He shared real-world examples of measurement failures, including:

  • British colonial officials paying bounties for dead cobras only for locals to breed cobras to collect the reward.
  • The U.S. rewarding the Afghan military for soldier headcounts leading officials to create "ghost soldiers" to inflate numbers.
  • Tech companies optimizing for "engagement," leading to addictive and harmful social media algorithms.

Croll’s key takeaway? Metrics are a tool—not the mission itself.

“The one metric that matters must be a consequence of the mission, not the goal of the mission.”Alistair Croll

How Bureaucracy Kills Mission-Focused Metrics

Croll illustrated how government processes turn simple missions into overly complex bureaucratic systems:

  1. A government agency sets a clear goal (e.g. improve service delivery).
  2. Over time, layers of rules, reporting, and compliance requirements pile on.
  3. Employees optimize for process compliance, not actual outcomes.
  4. The system becomes so rigid that new technology and innovation can’t break through.

To fix this, Croll proposed four new principles for measuring what matters:

  • Inconvenient – If a metric is too easy to collect, it’s probably wrong.
  • Resilient –  Metrics must be resistant to gaming and manipulation.
  • Outward-facing – Metrics should reflect the people it serves, not the agency tracking it.
  • Mission-focused – Metrics must reflect actual mission success, not internal efficiency.

“Your job is not to move the metric. The metric must be a consequence of the mission.”Alistair Croll

Alistair Croll

3. DevSecOps & the Challenge of Security in a Fast-Moving World

VA's High-Velocity Software Delivery: A Case Study

Clinton Herget, Luke Strebel, and Asare Nkansah took these strategic insights and applied them to real-world software delivery at the VA.

The VA’s secure release pipeline must balance speed, security, and usability and it’s an ongoing challenge. Some key insights from their experience:

  • Developers don’t want to be slowed down by security. Traditional cybersecurity kills flow state, increases cognitive load, and lengthens feedback loops.
  • Security teams are incentivized to block progress. Their job is to minimize risk, not maximize impact which often puts them at odds with developers.
  • Bad metrics drive bad behavior. If developers are measured on the number of features they ship, they’ll optimize for that, potentially ignoring security risks.

The Solution: Build Security Into the Pipeline, Not As a Gate

The VA team shared how they’re addressing these issues by:

  • Embedding security experts into development teams—so security isn’t an afterthought.
  • Providing clear, actionable feedback—so developers know how to fix vulnerabilities immediately.
  • Focusing on outcome-driven security metrics—not just compliance checklists.

“We are not in the business of shipping software. We are in the business of delivering value to Veterans.”Luke Strebel

Clinton Herget, Luke Strebel, Asare Nkansah on stage at Prodacity

4. Shifting from Input Metrics to Outcome Metrics

“You can deploy software millions of times a day if all you're doing is changing comments.”Clinton Herget

From Activity-Based Metrics to Mission-Driven Metrics

One of the biggest mistakes in government (and industry) is measuring input and output metrics rather than true outcomes.

For example:
❌ "How many software releases did we do?" (Activity)
✅ "Did this release improve patient care at the VA?" (Outcome)

❌ "How many security vulnerabilities did we fix?" (Activity)
✅ "How much did we reduce actual cybersecurity risk?" (Outcome)

Government agencies often default to tracking what’s easy to measure even if those numbers don’t reflect mission success. The solution? Define success by mission impact, not internal processes.

“Are you shifting security left—or are you just throwing responsibility over the fence?” Asare Nkansah

TLDR; Takeaways for Federal Agencies & Contractors

  • Embrace uncertainty. Test before investing in large-scale initiatives.
  • Metrics must be a byproduct of the mission—not the goal itself.
  • Security should be an enabler, not a blocker. Build it into workflows, don’t bolt it on.
  • Move from input metrics to outcome metrics. Measure real mission impact, not just activity.

About the Prodacity 2025 Blog Series

This blog is part of a series which distills insights from talks at Prodacity 2025. This entry covers the session block "Uncertainty and the One Mission Metric That Matters," featuring David Bland, Alistair Croll, Clinton Herget, Luke Strebel, and Asare Nkansah. Want these insights and other Prodacity announcements delivered straight to your inbox? Subscribe here.

Keep reading

Related posts

Prodacity
Recoding America: A Lean Government Enterprise
Prodacity
Connect Dots & Measure Results for Mission Success
Prodacity
Working Backwards and the Messy Middle of GovTech Modernization
No items found.