A woman smiles at the camera. Text: "We don't want to scare [people] into using our products. It's not about fear. But we do want to be honest about the current climate and the information that’s vulnerable, and explain how they can protect it. ... We don’t just want to tell people what to worry about; we want to offer them actual solutions."
Categories: staff profiles

Director of Product Management Sally Richardson on building a safer internet

October is Cybersecurity Awareness Month — but for Sally Richardson and Mozilla’s Protection, Experimentation, and Identity team, safety and privacy are top-of-mind all year long. Below, Sally shares what brought her to Mozilla after stints at Microsoft and Facebook, her approach to leadership, and what her team is doing to make the internet more secure for some of the most vulnerable voices online. 

First, tell us about your team and the work they do.

Our team is called PXI, which stands for “protection, experimentation, and identity.” I have a team of product managers and UX, which includes designers, researchers, and content strategists. Everything we do is focused on safety and security, but most of our work falls in two categories. The first is consumer-facing products, including VPN, Relay, and Monitor. The customer segment we have decided to focus on are people who are vulnerable to exposure; we take what we call an “extreme user design” approach, which means we build for the edge cases. In terms of security, that might be an abortion provider, a therapist, or an activist — someone in the public eye whose data may be sensitive, and who because of that is more likely to experience online abuse, harassment, and violence. We design for those users because their voices are important, and we don’t want them to withdraw from the internet, and because a product that works for them will also scale to the rest of the population.

The other side of PXI’s portfolio is ecosystem support, which includes infrastructure products like accounts, subscriptions, and Nimbus, our experimentations platform. Ecosystem support is like the connective tissue of Mozilla—it supports our consumer-facing products and the products we use internally, as well.


What did you do before Mozilla, and why did you join?

I didn’t start out in tech; I worked in consumer packaged goods at Campbell’s and Sara Lee. I got to take executives through strategy exercises like wargaming and scenario planning, which was really fun and an education for me. Because the products are perishable and the margins are small, consumer packaged goods companies are incredibly data-driven, and I think learning in that environment shaped my career. My first job in tech was at Microsoft, and I remember being shocked at the lack of data. The margins were high — especially in 2011 — and the market wasn’t crowded, so they didn’t need to be as methodical. But it’s always valuable to think about who you’re building for, the value a product will offer, and how it will do in the market.

I realized this was a place where I could combine my skills and experience with the values I believe in — outside of work, I serve on the boards of Pro-Choice Washington and the Northwest African American Museum. Protecting vulnerable populations is important to me. Mozilla is also unique in that we’re not publicly owned, which reduces the risk of making trade-offs for short-term financial reasons. Plus, we have a track record of not only building responsible technology but also working toward legislation that supports it and allows people to operate with more rights, in the U.S. and around the world. Mozilla’s fourth principle, which says online security and privacy is fundamental—we really do live that value. It’s the reason we’re all here.


How do you approach your job as a leader?

I believe my role is to ensure my team (and the organization we work with) has clarity on our direction, strategy, and goals and that they are set up for success. But I also try to give them the space to lead. It’s important for [product managers] to make their own decisions and run their roadmaps and their teams on their own. They set the vision. They determine what success looks like and how they’re going to measure it.

When someone does ask for help or guidance, we sometimes do what we call product reviews—which are only required pre-launch, but can happen at any other time, too. A member of the team can use a review to get signal guidance, a gut check, whatever they need. The key is it’s cross-functional; I’m there, but we’ll also bring in someone from data science or marketing or research to share their expertise.


You recently presented at the annual tech summit for the National Network to End Domestic Violence. Tell us more about that.

We participate in events like the summit because that audience is our audience. Whether it’s hacking, doxxing, or deep fakes, identity can be used to hurt people online, and that’s facilitated by both the regulatory environment we’re in and the way we freely share information with technology. So to keep a diverse set of voices online, we need to equip people. We don’t want to scare them into using our products. It’s not about fear. But we do want to be honest about the current climate and the information that’s vulnerable, and explain how they can protect it. We talk about why it’s important to use a password manager, when you need a VPN, when you should turn on private browsing mode. We don’t just want to tell people what to worry about; we want to offer them actual solutions.

And we learn from them, too. During the discussion at the end of our NNEDV presentation, the audience started sharing tips — like using a VPN to operate out of California when you’re in Texas, so your data’s more protected. It’s unfortunate that vulnerable people have to become tech experts, but it’s incredibly rewarding to see them figuring out how to use our products in ways that give them more rights and freedom.


What’s challenging about working in this space, and how do you and your team address it?

What’s challenging is the stakes—we’re building products that deal with serious issues, and this is not a space where you want to mess up. Our team is also immersed in the experiences of victims, and a good product builder is empathetic. Sometimes they experience secondary trauma. Plus as you learn more about these problems, they feel bigger, not smaller. So there’s real risk of feeling helpless, like there’s no way we can solve this. But I genuinely believe that if we don’t, no one will.

Everyone on the team has access to mental health services through Mozilla, as well as protective services, because unfortunately when you work in this space, you can become a target yourself. We also talk about the intensity of this work and we build it into our product development cycle—if it’s going to be a hard week, we give ourselves some grace. Tylea Richard, the product manager who leads Security and Privacy work, has very high EQ and really understands the emotional aspects of building products. If her team is feeling overwhelmed, she can pinpoint that and say, “This problem feels big, but that’s okay. Let’s lean on our practices and make sure we stay healthy.”

I think it’s also important that the team sets their own milestones and pace. We hold each other accountable, but it’s not about shipping something right now. It’s about shipping the right thing.


When you think about the future of your work, what’s most exciting right now?

Our team has been through lots of change this year in terms of both processes and portfolio, bringing on the ecosystem side. I’m excited for us to continue building a cohesive culture, where we’re one team rather than Protections over here and ecosystem support over there. I’m also excited to see the pride people have in the work that we’re doing. I think we’re on a path where the team feels bought-in rather than just fulfilling someone else’s vision.

In terms of products, I’m excited for us to move more toward actively fixing problems for customers. With Monitor, for example, we want to eventually not only tell you your data has been breached, but determine whether it’s been sold by data brokers—and if so, help you remove it. Most people don’t think much about identity or privacy until there’s a problem, and we want to offer a solution for them in that moment.

And at the Mozilla level, I’m excited to see us work more collaboratively across the company. Steve has been very intentional about building the leadership team to break down silos, and we’re thinking now in terms of not only Firefox, but all of Mozilla, which is allowing us to bring more diverse products to market. I think this is a moment where we’re recognizing our shared power, and that’s creating more shared success.

Interested in joining our team? Check out our open roles.