Pradeep A. Dalvi
Leadership Distributed Systems Resilience · May 2026

“In a boxing ring,
the punch that hurts you the most is the one
that you don’t see coming.”
I didn’t stop there.

Mike Tyson said it plainly. Steve Jobs lived it. And every on-call engineer grinding late in the night knows it — the failure that hits hardest is the one you never saw coming. I’ve experienced it myself as a perpetual on-call for many years. Here’s a leadership paradigm for building systems, teams, and minds that absorb the blow and come back fighting.

PD
Pradeep A. Dalvi
Computer Engineer · Distributed Systems & Payments
12 min read
70% of outages stem from undetected gradual degradation, not hard failures
3x longer MTTR when the failure mode was not previously modeled
40% of incidents are caused by changes, not by "steady-state" bugs
2 AM the modal hour for high-severity pages — when cognitive bandwidth is lowest
01

The Punch You Don’t See Coming

"Everyone has a plan until they get punched in the mouth." — Mike Tyson
Boxing Arena

In the boxing ring, the punch that ends the fight is rarely the hardest one. It’s the one that arrives from the blind spot — the hook you didn’t track, the counter you didn’t expect, the moment your defence was committed elsewhere. The force matters far less than the timing and your state of readiness.

Distributed systems fail the same way. The planned risks — the ones you rehearsed, load-tested, and run-booked — rarely kill you. It’s the cascading timeout nobody modeled, the upstream dependency that silently degraded at 11 PM on a Friday, the config change deployed by an adjacent team that nobody told yours about. The unseen punch.



Steve Jobs articulated the human parallel in his Stanford commencement address:

"Sometimes life is gonna hit you with a brick in the head. Don’t lose faith."

And then he named the deepest gift of an unexpected blow — it strips away the heaviness of certainty and returns you to the lightness of a beginner. In system terms: your assumptions were wrong, your model was incomplete, and that’s exactly the condition that produces the most learning.

This article is a leadership paradigm. It connects three domains — Resilient Architecture, Observability, and Business Continuity — through the single insight that the most dangerous failures are the ones you didn’t model, and that the job of a systems leader is to shrink that invisible surface as fast as possible.

02

Why Surprise Is the Real System Killer

Before we build solutions, we need to understand the mechanics of why the unseen blow hurts so much more than the telegraphed one. This is not intuition — it is reproducible physics, in the ring and in your stack.

Surprise - Impact is amplified

A strike that arrives without preparation bypasses defenses entirely. In cognitive terms, surprise interrupts existing routines, saturates working memory, and slows decision-making by 40–60%. In system terms, an unexpected failure mode skips your prepared mitigations and hits an unprepared fallback path — often a path that’s never been exercised under load.

Moderate force + Perfect timing > Maximum force + Warning

A moderately powerful punch timed when the target is unprepared outperforms a harder strike that’s telegraphed and guarded. The same principle governs market disruptions, organizational pivots, and incident cascades. A slow memory leak that compounds quietly for six hours is more dangerous than a hard crash that pages the team in thirty seconds.

Small, unnoticed problems compound

Repeated light hits accumulate. A 5% error rate no one watches, a latency percentile creeping week over week, a queue depth that’s almost always fine — these are the jabs before the knockout. The system doesn’t collapse at the first anomaly. It collapses when three anomalies coincide, each individually beneath the alert threshold, together catastrophic.

03

Pillar I — Resilient Architecture: Build Routines, Not Brittle Plans

"The heaviness of being successful was replaced by the lightness of being a beginner again."

— Steve Jobs, Stanford Commencement Address, 2005

The first leadership error is confusing a plan with resilience. Plans are rigid narratives about how the future will unfold. Resilient architectures are adaptive systems that survive the future even when it ignores the plan entirely.

In a distributed system, brittleness looks like: a service that’s been load-tested but only along the happy path; a retry strategy that assumes the downstream will eventually recover; a monolithic deployment with no circuit breakers because "we’ve never had that kind of failure." Each assumption is a telegraphed punch — you know it’s coming, so you prepared for it. The unkind punch comes from somewhere else.

Design for graceful degradation, not heroic availability

Resilient systems do not stay up — they degrade usefully. A checkout flow that returns stale pricing data is better than one that 503s entirely. A recommendation service that returns trending defaults is better than one that times out and takes the product page with it. The leadership question is not "what do we do when this works?" but "what does the user experience when each dependency fails independently?"

Chaos engineering as sparring

Mike Tyson didn’t avoid punches in training — he practised getting hit. Controlled chaos — Chaos Monkey, synthetic traffic, game days, red team exercises — exposes your system to surprises in a low-stakes context. The goal is not to find bugs. It’s to build the organizational muscle memory to respond. A team that has practiced a database failover three times this quarter will not freeze when it happens at 2 AM. A team that has only read the runbook will.

Adaptive skills over rigid scripts

Your runbook is a plan. It is useful when reality matches the runbook. When reality diverges — and it will — you need engineers with situational awareness, fast hypothesis formation, and comfort with partial information. The leadership investment is in those humans, not in the length of the runbook.

Resilience design checklist
  • Every dependency has an explicit failure mode and a tested fallback
  • Circuit breakers are deployed and configured with real production thresholds, not defaults
  • Timeouts are set intentionally on every network call — no implicit infinity
  • Bulkhead patterns isolate critical paths from noisy neighbors
  • Game days occur on a cadence, not only after incidents
  • Degraded-mode UX is designed alongside the happy path — not as an afterthought
  • Blast radius of any single deployment is bounded by feature flags or canary routing
04

Pillar II — Observability: Invest in Peripheral Vision

The unseen punch is only unseen until you build the right field of view. Observability is the organizational practice of making the invisible visible — before it lands.

There is a critical distinction between monitoring and observability that leaders often collapse. Monitoring tells you when a known thing has broken. Observability allows you to ask novel questions about unknown failure states. In boxing terms: monitoring is knowing your guard is down. Observability is noticing the micro-shift in your opponent’s shoulder that predicts the left hook that hasn’t left yet.

Three pillars of observability (and their leadership translations)

Signal
What it answers
Boxing analogy
Leadership action
Metrics
Is the system healthy right now?
Your trainer watching your stance, pace, sweat rate
Define SLIs that reflect user experience, not infra health
Logs
What exactly happened and when?
Reviewing the fight tape frame by frame
Structure logs for query, not for humans reading a stream
Traces
Where did this specific request go wrong?
Tracking the punch across every body segment from shoulder to fist
Instrument at service boundaries; enforce trace propagation as a non-negotiable

Early warning systems over reactive alerting

Most organisations alert on outcomes: error rate exceeds 1%, latency exceeds 500 ms, disk fills. These are the punch landing. An observable system alerts on leading indicators: error rate trend over fifteen minutes, queue saturation rate, connection pool saturation approaching threshold. These are the shoulder moving before the punch leaves.

SLO-based alerting — burning down your error budget faster than expected — is the most powerful form of early warning. It tells you the system is trending toward the user impact before the user has felt it yet. That is the difference between a close call and an incident.

Honest advisors as human observability

Technical signals are incomplete without human signal. The engineer who noticed something odd three days ago but didn’t raise it. The support ticket that was individually unremarkable but part of a pattern. The on-call who privately admits the runbook didn’t match what they saw. Creating psychological safety for these signals to surface is observability at the organizational layer — and it requires the same deliberate investment as your tracing infrastructure.

Observability leadership questions
  • Can an engineer ask a new question about a failure without a code deployment?
  • Are your SLIs defined from the user journey, or from the infrastructure boundary?
  • Is your alerting catching leading indicators or only outcomes?
  • Does every on-call rotation end with a "what almost happened but didn’t" review?
  • Are near-misses treated as high-signal events, not as non-events?
05

Pillar III — Business Continuity: Train Recovery, Not Just Prevention

Prevention is not a strategy. Prevention is a hope. The complete leadership posture assumes failure will occur, plans for recovery as rigorously as it plans for prevention, and measures both.

Business continuity in distributed systems is not a disaster recovery document in a wiki that hasn’t been tested since it was written. It is a practice — as regular and disciplined as the sparring sessions that build a fighter’s recovery reflex. The goal is not to avoid the knock-down. The goal is to get up faster than your opponent expects.

RTO and RPO as organizational commitments, not technical parameters

Recovery Time Objective (RTO) — how long until the system is restored — and Recovery Point Objective (RPO) — how much data loss is tolerable — are fundamentally business commitments, not engineering metrics. A leader who treats them as engineering details has handed the hardest decision to the wrong person. These numbers must be set with the business, socialised with customers where relevant, and then validated through regular technical rehearsal.

Recovery tier
RTO target
RPO target
Required investment
Active-active multi-region
Seconds
Near-zero
Highest — synchronous replication, global load balancing
Active-passive warm standby
Minutes
Seconds–minutes
Moderate — async replication, manual or semi-auto failover
Backup and restore
Hours
Hours–day
Lower — periodic snapshots, fully manual recovery

Rehearsal as the unit of readiness

The question is not "do we have a DR plan?" It is "when did we last execute the DR plan under realistic conditions?" A plan that has never been run is a hypothesis. Untested hypotheses are exactly the unseen punches — the plan that fails at the worst moment because you assumed it would work.

Effective continuity rehearsal includes: actual failover to standby infrastructure (not simulation), data recovery validation (not just backup confirmation), and communication pathway drills — who calls whom, with what escalation, at what severity threshold. The human paths fail as often as the technical ones.

Near-miss culture as compound learning

Every near-miss is a gift. It is the punch that didn’t land, and it carries complete information about where your defence was weak. Leaders who treat near-misses as non-events waste their highest-quality free data. Leaders who build a ritual around them — structured post-mortems, blameless near-miss reviews, explicit tracking of "close calls" — create compounding learning that systematically shrinks the blind spot surface over time.

Business continuity maturity indicators
  • RTO and RPO are documented per service and have been validated through actual rehearsal in the last 6 months
  • Runbooks specify the decision tree, not just the command sequence
  • On-call rotations include explicit training on failure modes, not just alerts
  • Post-mortems include near-misses, not only customer-impacting events
  • Communication escalation paths are tested independently of the technical path
  • Recovery time is measured and trended — not estimated
06

The Leadership Posture: Stewarding Systems Through the Unseen

Technical systems reflect the leadership culture that builds them. A team that is psychologically unsafe will not surface near-misses. A team that is blamed for incidents will hide failures until they become crises. A team that has never practiced failure will freeze when it arrives.

The leadership posture that produces resilient, observable, recoverable systems has five properties:

Situational humility

Constantly assuming your model of the system is incomplete. The dangerous leader is the one who is certain they know all the failure modes.

Signal discipline

Knowing which signals matter and creating the conditions for weak signals to surface before they become loud ones. Silence is not safety.

Recovery orientation

Treating speed of recovery as a first-class metric alongside uptime. A system that fails fast and recovers in 90 seconds is superior to one that degrades slowly over six hours.

Blameless forensics

Post-mortems that produce system improvements, not individual accountability. Systems fail. People react to the systems they are given. The question is always: what in the system made this failure easy to cause and hard to catch?

Deliberate exposure

Exposing teams and systems to controlled adversity — chaos engineering, game days, tabletop exercises — builds the tolerance and muscle memory to handle real adversity without collapse.

07

The Unified Playbook

Across the three pillars and the leadership posture, a unified pattern emerges. It is the same pattern whether you are building a fighter, a distributed system, or an organisation:

The five moves of the unseen-punch playbook
  • Shrink the blind spot. Invest in observability, human signal, and post-mortem learning until the surface of the unknown is systematically smaller than last quarter.
  • Degrade gracefully, not catastrophically. Design every system and every team to produce something useful under stress, not to binary-fail into silence.
  • Train recovery, not just prevention. Measure and trend MTTR with the same intensity as MTBF. Rehearse recovery until it is reflexive.
  • Manage exposure deliberately. Reduce avoidable surprises through clear communication and expectation-setting. Increase controlled surprises through game days and chaos engineering to build tolerance.
  • Mine near-misses obsessively. The punch that almost landed is your highest-signal, lowest-cost learning event. Treat it accordingly.

The goal is not a system that never fails. That system doesn’t exist. The goal is a system — and a team, and a leadership posture — where unexpected blows cause inconvenience instead of collapse. Where the knockout is always just a little further out of reach than your opponent planned.

"Life is what happens when you are busy making other plans."

— Allen Saunders, popularized by John Lennon in Beautiful Boy (1980).
The principle applies equally to distributed systems.

If you lead engineering teams, design distributed systems at scale, or find yourself thinking about failure the way this piece does — I’d love to connect. The conversation is always more interesting than the metrics.

linkedin.com/in/pradeep  ·  Pune, India