General

Building a Championship Team: Lessons from Sports, the Kitchen, and Software Orgs with Joe Essey, Director of Engineering at Popmenu

Published Dec 19, 2023

Updated Aug 22, 2024

2 min read

This article was written over 18 months ago and may contain information that is out of date. Some content may be relevant but please refer to the relevant official documentation or available resources for the latest information.

In this episode of the Engineering Leadership podcast, Rob Ocel sits down with Joe Essey, the Director of Engineering at Popmenu, to discuss the key elements of creating a high-performing team environment. Drawing from his experience in the restaurant industry and his time at Liberty Mutual Insurance, Salesloft, and Popmenu, Joe provides insights into fostering a successful team dynamic.

One of the fundamental aspects Joe highlights is the importance of peer accountability. He emphasizes that team members should hold each other responsible for their actions and outcomes, creating a culture of ownership and continuous improvement. This not only helps in achieving individual goals but also contributes to the overall success of the team.

Another crucial factor Joe emphasizes is the establishment of shared trust within the team. Trust is the foundation upon which effective collaboration and communication are built. When team members trust each other, they are more likely to openly share ideas, provide constructive feedback, and work towards common objectives.

A clear definition of success is also vital in creating a high-performing team environment. Joe stresses the significance of setting clear goals and expectations, ensuring that everyone is aligned and working towards a common purpose. This clarity helps in avoiding confusion and enables team members to focus their efforts on achieving the desired outcomes.

Joe also highlights the importance of having a good pipeline and the right people in place. A strong talent acquisition process ensures that the team is composed of individuals who possess the necessary skills and mindset to excel in their roles. By carefully selecting team members, organizations can create a cohesive and high-performing team.

Joe Essey's insights shed light on the key elements required to create a high-performing team environment. Peer accountability, shared trust, and a clear definition of success are all crucial factors in fostering a culture of excellence. Additionally, having a strong talent pipeline and the right people in place further contribute to the success of the team. Joe's story of Jake's rapid promotion serves as a motivating example of the potential for growth within such an environment.

This Dot is a consultancy dedicated to guiding companies through their modernization and digital transformation journeys. Specializing in replatforming, modernizing, and launching new initiatives, we stand out by taking true ownership of your engineering projects.

We love helping teams with projects that have missed their deadlines or helping keep your strategic digital initiatives on course. Check out our case studies and our clients that trust us with their engineering.

Are Engineering Leaders Hiding Behind the Data?

Many engineering leaders when they start out find themselves just wanting to please everyone around them. Figuring out how to “own” the role is quite difficult for many. Rob Ocel, Engineering Lead and Tracy Lee, CEO at This Dot explore this topic on this episode. They discuss the idea of hiding behind the data. When decisions are made, it’s easy to ask for data, but then make decisions solely based on that data and not form or “own” an opinion around that decision so you can’t get blamed for an opinion you had. Rob encourages leaders to have opinions and be willing to fight for them. Another topic covered was making people unhappy in a deliberate way. Are you able to succeed doing so, and do you have the ability to “own” that? Rob also emphasizes the need for self-awareness and self-introspection, and to have mentors and accountability partners to help guide decision-making. Listen to the full podcast here: https://engineeringleadership.podbean.com/e/are-engineering-leaders-hiding-behind-the-data-with-robocel-tracy-lee/...

Jan 24, 2024

1 min

Engineering Leadership

Psychologically Safe Workplaces with Krystal Smith-Moore

Krystal Smith-Moore, Engineering Manager at Spotify, shares her journey from a non-traditional background to management, and how it informs her empathetic leadership approach. Krystal emphasizes the significance of self-awareness, seeking support, and aligning personal values with management roles. By ensuring our values align with the company's mission and culture, we can create a more fulfilling leadership experience. Krystal stresses the need for self-care, setting boundaries to prevent burnout, and recognizing when it's time to recharge. By prioritizing self-care, leaders can maintain their energy and enthusiasm, leading to better decision-making and a more positive work environment. She also discusses the importance of empathy, continuous learning, and creating psychologically safe workplaces where employees feel comfortable expressing their ideas and concerns. By aligning personal values with management roles, prioritizing self-care, and fostering a psychologically safe workplace, leaders can create a positive and impactful experience for themselves and their teams. Download this episode here....

Jun 13, 2024

1 min

Engineering Leadership

Vercel BotID: The Invisible Bot Protection You Needed

Nowadays, bots do not act like “bots”. They can execute JavaScript, solve CAPTCHAs, and navigate as real users. Traditional defenses often fail to meet expectations or frustrate genuine users. That’s why Vercel created BotID, an invisible CAPTCHA that has real-time protections against sophisticated bots that help you protect your critical endpoints. In this blog post, we will explore why you should care about this new tool, how to set it up, its use cases, and some key considerations to take into account. We will be using Next.js for our examples, but please note that this tool is not tied to this framework alone; the only requirement is that your app is deployed and running on Vercel. Why Should You Care? Think about these scenarios: - Checkout flows are overwhelmed by scalpers - Signup forms inundated with fake registrations - API endpoints draining resources with malicious requests They all impact you and your users in a negative way. For example, when bots flood your checkout page, real customers are unable to complete their purchases, resulting in your business losing money and damaging customer trust. Fake signups clutter the app, slowing things down and making user data unreliable. When someone deliberately overloads your app’s API, it can crash or become unusable, making users angry and creating a significant issue for you, the owner. BotID automatically detects and filters bots attempting to perform any of the above actions without interfering with real users. How does it work? A lightweight first-party script quickly gathers a high set of browser & environment signals (this takes ~30ms, really fast so no worry about performance issues), packages them into an opaque token, and sends that token with protected requests via the rewritten challenge/proxy path + header; Vercel’s edge scores it, attaches a verdict, and checkBotId() function simply reads that verdict so your code can allow or block. We will see how this is implemented in a second! But first, let’s get started. Getting Started in Minutes 1. Install the SDK: ` 1. Configure redirects Wrap your next.config.ts with BotID’s helper. This sets up the right rewrites so BotID can do its job (and not get blocked by ad blockers, extensions, etc.): ` 2. Integrate the client on public-facing pages (where BotID runs checks): Declare which routes are protected so BotID can attach special headers when a real user triggers those routes. We need to create instrumentation-client.ts (place it in the root of your application or inside a src folder) and initialize BotID once: ` instrumentation-client.ts runs before the app hydrates, so it’s a perfect place for a global setup! If we have an inferior Next.js version than 15.3, then we would need to use a different approach. We need to render the React component inside the pages or layouts you want to protect, specifying the protected routes: ` 3. Verify requests on your server or API: ` - NOTE: checkBotId() will fail if the route wasn’t listed on the client, because the client is what attaches the special headers that let the edge classify the request! You’re all set - your routes are now protected! In development, checkBotId() function will always return isBot = false so you can build without friction. To disable this, you can override the options for development: ` What happens on a failed check? In our example above, if the check failed, we return a 403, but it is mostly up to you what to do in this case; the most common approaches for this scenario are: - Hard block with a 403 for obviously automated traffic (just what we did in the example above) - Soft fail (generic error/“try again”) when you want to be cautious. - Step-up (require login, email verification, or other business logic). Remember, although rare, false positives can occur, so it’s up to you to determine how you want to balance your fail strategy between security, UX, telemetry, and attacker behavior. checkBotId() So far, we have seen how to use the property isBot from checkBotId(), but there are a few more properties that you can leverage from it. There are: isHuman (boolean): true when BotID classifies the request as a real human session (i.e., a clear “pass”). BotID is designed to return an unambiguous yes/no, so you can gate actions easily. isBot (boolean): We already saw this one. It will be true when the request is classified as automated traffic. isVerifiedBot (boolean): Here comes a less obvious property. Vercel maintains and continuously updates a comprehensive directory of known legitimate bots from across the internet. This directory is regularly updated to include new legitimate services as they emerge. This could be helpful for allowlists or custom logic per bot. We will see an example in a sec. verifiedBotName? (string): The name for the specific verified bot (e.g., “claude-user”). verifiedBotCategory? (string): The type of the verified bot (e.g., “webhook”, “advertising”, “ai_assistant”). bypassed (boolean): it is true if the request skipped BotID check due to a configured Firewall bypass (custom or system). You could use this flag to avoid taking bot-based actions when you’ve explicitly bypassed protection. Handling Verified Bots - NOTE: Handling verified bots is available in botid@1.5.0 and above. It might be the case that you don’t want to block some verified bots because they are not causing damage to you or your users, as it can sometimes be the case for AI-related bots that fetch your site to give information to a user. We can use the properties related to verified bots from checkBotId() to handle these scenarios: ` Choosing your BotID mode When leveraging BotID, you can choose between 2 modes: - Basic Mode: Instant session-based protection, available for all Vercel plans. - Deep Analysis Mode: Enhanced Kasada-powered detection, only available for Pro and Enterprise plan users. Using this mode, you will leverage a more advanced detection and will block the hardest to catch bots To specify the mode you want, you must do so in both the client and the server. This is important because if either of the two does not match, the verification will fail! ` Conclusion Stop chasing bots - let BotID handle them for you! Bots are and will get smarter and more sophisticated. BotID gives you a simple way to push back without slowing your customers down. It is simple to install, customize, and use. Stronger protection equals fewer headaches. Add BotID, ship with confidence, and let the bots trample into a wall without knowing what’s going on....

Oct 3, 2025

5 mins

VercelNextJS

The simplicity of deploying an MCP server on Vercel

The current Model Context Protocol (MCP) spec is shifting developers toward lightweight, stateless servers that serve as tool providers for LLM agents. These MCP servers communicate over HTTP, with OAuth handled clientside. Vercel’s infrastructure makes it easy to iterate quickly and ship agentic AI tools without overhead. Example of Lightweight MCP Server Design At This Dot Labs, we built an MCP server that leverages the DocuSign Navigator API. The tools, like `get_agreements`, make a request to the DocuSign API to fetch data and then respond in an LLM-friendly way. ` Before the MCP can request anything, it needs to guide the client on how to kick off OAuth. This involves providing some MCP spec metadata API endpoints that include necessary information about where to obtain authorization tokens and what resources it can access. By understanding these details, the client can seamlessly initiate the OAuth process, ensuring secure and efficient data access. The Oauth flow begins when the user's LLM client makes a request without a valid auth token. In this case they’ll get a 401 response from our server with a WWW-Authenticate header, and then the client will leverage the metadata we exposed to discover the authorization server. Next, the OAuth flow kicks off directly with Docusign as directed by the metadata. Once the client has the token, it passes it in the Authorization header for tool requests to the API. ` This minimal set of API routes enables me to fetch Docusign Navigator data using natural language in my agent chat interface. Deployment Options I deployed this MCP server two different ways: as a Fastify backend and then by Vercel functions. Seeing how simple my Fastify MCP server was, and not really having a plan for deployment yet, I was eager to rewrite it for Vercel. The case for Vercel: * My own familiarity with Next.js API deployment * Fit for architecture * The extremely simple deployment process * Deploy previews (the eternal Vercel customer conversion feature, IMO) Previews of unfamiliar territory Did you know that the MCP spec doesn’t “just work” for use as ChatGPT tooling? Neither did I, and I had to experiment to prove out requirements that I was unfamiliar with. Part of moving fast for me was just deploying Vercel previews right out of the CLI so I could test my API as a Connector in ChatGPT. This was a great workflow for me, and invaluable for the team in code review. Stuff I’m Not Worried About Vercel’s mcp-handler package made setup effortless by abstracting away some of the complexity of implementing the MCP server. It gives you a drop-in way to define tools, setup https-streaming, and handle Oauth. By building on Vercel’s ecosystem, I can focus entirely on shipping my product without worrying about deployment, scaling, or server management. Everything just works. ` A Brief Case for MCP on Next.js Building an API without Next.js on Vercel is straightforward. Though, I’d be happy deploying this as a Next.js app, with the frontend features serving as the documentation, or the tools being a part of your website's agentic capabilities. Overall, this lowers the barrier to building any MCP you want for yourself, and I think that’s cool. Conclusion I'll avoid quoting Vercel documentation in this post. AI tooling is a critical component of this natural language UI, and we just want to ship. I declare Vercel is excellent for stateless MCP servers served over http....

Aug 13, 2025

3 mins

VercelMCP

Let's innovate together!

We're ready to be your trusted technical partners in your digital innovation journey.

Whether it's modernization or custom software solutions, our team of experts can guide you through best practices and how to build scalable, performant software that lasts.

Building a Championship Team: Lessons from Sports, the Kitchen, and Software Orgs with Joe Essey, Director of Engineering at Popmenu

You might also like

Are Engineering Leaders Hiding Behind the Data?

Psychologically Safe Workplaces with Krystal Smith-Moore

Vercel BotID: The Invisible Bot Protection You Needed

The simplicity of deploying an MCP server on Vercel

Let's innovate together!

You might also like

Are Engineering Leaders Hiding Behind the Data?

Psychologically Safe Workplaces with Krystal Smith-Moore

Vercel BotID: The Invisible Bot Protection You Needed

The simplicity of deploying an MCP server on Vercel