Capstone: Mock Loop
Run the full loop end-to-end on yourself
The scenario brief
After this you can set up a realistic strategic-account scenario you can work end-to-end across every section that follows.
Everything from here runs on one account. You discover it, demo to it, write its rollout plan, pass its security review and debrief against the bar - all on the same fictional company. That is how the real loop feels: the facts you gather in hour one are the facts you defend on the on-site.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
Five reps on one account - each section feeds the next.
Meet Northwind Financial. It is the account you carry through this whole module. Read the brief like an SA picking up a strategic post-sale account, not a candidate reading a prompt. Your job is to take Northwind from two teams quietly using Cursor to a board-ready expansion recommendation the CTO can defend.
- Size
- ~3,000 engineers across payments, core banking, data platform and mobile
- Current Cursor usage
- Scattered - one payments squad and one internal-tools team, ~40 self-serve seats, bottoms-up, no admin oversight
- Incumbent
- A company-wide GitHub Copilot license, mandated 18 months ago, low measured usage
- Platform team
- Security-conscious, owns the IDE baseline and the model-approval process, currently a blocker
- Economic buyer
- CTO - sponsored the conversation, controls the budget, wants a decision in two quarters
- Champion
- None confirmed yet; the payments lead is a candidate but unproven
“The CTO's words were: figure out if we go all-in on AI-native development inside two quarters. That is the question I'm here to answer with evidence, not a procurement question about seats.”
The CTO's mandate is deliberately vague. Go all-in on AI-native development is a strategy question wearing a tooling-purchase costume. Treat the ambiguity as the work, not as missing information.
The constraints that shape every moveRead these as gates, not footnotes
Regulated financial source code. Legal has already killed one AI tool over data-retention language.
Any plan that does not lead with privacy mode / zero-data-retention and model routing is dead on arrival.
No exceptions for personal logins. Self-serve seats must convert to SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. provisioning.
SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave.-driven deprovisioning is an audit requirement, not a nice-to-have.
Two named principals believe “AI writes bad code” and that the Copilot rollout proved AI tools are hype.
They are technical, respected and will sit in your demo. Win them and the org follows.
Bottoms-up usage with no internal owner. Nobody is currently accountable for the outcome.
Part of your deliverable is naming and arming a champion, not just finding one.
Reusing Northwind across all five sections is the point. A discovery question you skip in section 2 becomes a hole in the security review in section 4. The compounding is the test: real SA work is a single account carried with consistent facts, not five disconnected exercises.
When a real interviewer hands you a scenario this open, restate the decision the buyer actually needs before you do anything. Saying “the deliverable is a go/no-go recommendation on AI-native development, backed by a pilot, not a seat count” signals you scope outcomes, not features.
Takeaway. Northwind is your single account for the whole module: a 3,000-engineer regulated org, privacy and SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. as hard gates, skeptical principals and no champion yet - and the CTO wants a go/no-go on AI-native development in two quarters.
Self-check
QThe CTO frames the ask as “figure out if we go all-in on AI-native development in two quarters.” What is the single best way to scope your engagement in response?
Mock discovery rep
After this you can run and self-grade a multi-stakeholder discovery conversation on Northwind, tagging real need versus your own pitch.
Discovery is the deliverable, not the warm-up. If you mishear Northwind's real bottleneck here, every later artifact aims at the wrong target. You are not gathering ammunition for a pitch. You are reconstructing how this org ships software in their own words.
Treat the rubric as a gap finder, not a score to admire. Mark the weakest proof, turn it into one practice rep and keep the artifact you would show an interviewer.
Three audiences, three different conversations. Developers feel the workflow friction. The platform team owns the gates. Leadership owns the outcome and the money. Ask the same generic questions across all three and you learn nothing precise.
Your discovery question bank12 questions, grouped by stakeholder
- Stakeholder
- Developer (payments squad)
- Question
- Walk me through the last change you shipped - where did it sit waiting?
- What it's really for
- Surface the concrete bottleneck worth money, in their language.
- Stakeholder
- Developer
- Question
- What are you using Cursor for today that Copilot didn't give you?
- What it's really for
- Find the wedge that already works, the thing you scale.
- Stakeholder
- Developer
- Question
- Where do you still not trust AI output and why?
- What it's really for
- Locate the trust line so the demo respects it instead of fighting it.
- Stakeholder
- Principal engineer
- Question
- What did the Copilot rollout actually prove or disprove for you?
- What it's really for
- Hear the real objection before you have to handle it live.
- Stakeholder
- Principal engineer
- Question
- If AI authored 30% of a PR, what would have to be true for you to merge it?
- What it's really for
- Convert “AI writes bad code” into testable, reviewable conditions.
- Stakeholder
- Platform team
- Question
- What is your bar for any tool that sees source code and who signs off?
- What it's really for
- Lock the privacy / ZDRZero Data Retention. A contractual guarantee that the model provider won't store your code or train on it. / model-routing requirements explicitly.
- Stakeholder
- Platform team
- Question
- How does SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. provisioning work for your sanctioned dev tools today?
- What it's really for
- Scope the SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. + SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. migration off self-serve seats.
- Stakeholder
- Platform team
- Question
- What admin controls and audit visibility would you need before approving expansion?
- What it's really for
- Pre-empt the governance review you'll run in section 4.
- Stakeholder
- VP Eng
- Question
- Which metric, if it moved, would make this obviously worth doing?
- What it's really for
- Define the success criteria you'll instrument, not invent.
- Stakeholder
- VP Eng
- Question
- What would make you kill this in quarter two?
- What it's really for
- Surface the disqualifiers early so the pilot can address them.
- Stakeholder
- CTO
- Question
- What does “all-in on AI-native development” look like if it works?
- What it's really for
- Pin the vision to something measurable and board-presentable.
- Stakeholder
- CTO
- Question
- Who, besides you, has to believe this for it to survive a budget cycle?
- What it's really for
- Map the buying committee and find your champion candidate.
| Stakeholder | Question | What it's really for |
|---|---|---|
| Developer (payments squad) | Walk me through the last change you shipped - where did it sit waiting? | Surface the concrete bottleneck worth money, in their language. |
| Developer | What are you using Cursor for today that Copilot didn't give you? | Find the wedge that already works, the thing you scale. |
| Developer | Where do you still not trust AI output and why? | Locate the trust line so the demo respects it instead of fighting it. |
| Principal engineer | What did the Copilot rollout actually prove or disprove for you? | Hear the real objection before you have to handle it live. |
| Principal engineer | If AI authored 30% of a PR, what would have to be true for you to merge it? | Convert “AI writes bad code” into testable, reviewable conditions. |
| Platform team | What is your bar for any tool that sees source code and who signs off? | Lock the privacy / ZDRZero Data Retention. A contractual guarantee that the model provider won't store your code or train on it. / model-routing requirements explicitly. |
| Platform team | How does SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. provisioning work for your sanctioned dev tools today? | Scope the SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. + SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. migration off self-serve seats. |
| Platform team | What admin controls and audit visibility would you need before approving expansion? | Pre-empt the governance review you'll run in section 4. |
| VP Eng | Which metric, if it moved, would make this obviously worth doing? | Define the success criteria you'll instrument, not invent. |
| VP Eng | What would make you kill this in quarter two? | Surface the disqualifiers early so the pilot can address them. |
| CTO | What does “all-in on AI-native development” look like if it works? | Pin the vision to something measurable and board-presentable. |
| CTO | Who, besides you, has to believe this for it to survive a budget cycle? | Map the buying committee and find your champion candidate. |
Twelve questions across four stakeholder types. Tag every answer: fact, hypothesis or unknown.
What to extract from the answers
Payments PR-to-merge cycle time, onboarding ramp for new hires and the review backlog the principals complain about.
Pick one you can baseline and re-measure in a pilot.
Data-retention exposure, shadow self-serve seats outside SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. and the credibility scar from the Copilot rollout.
Name them before the platform team does.
One headline metric the VP Eng named, plus the principals' merge conditions.
Written down and agreed, so the pilot can pass or fail honestly.
The discovery summary you send back
Within a day, you send a short confirmation note. It proves you listened and converts spoken answers into a shared, correctable record. If you got something wrong, this is where they fix it for free.
Subject: Northwind x Cursor - what I heard, please correct The decision: by end of Q2, a go/no-go on standardizing AI-native development, evidenced by a scoped pilot - not a seat purchase. The pain we'll baseline: payments PR-to-merge cycle time (currently ~3.5 days median, per the squad) and new-hire ramp-to-first-merge. Hard gates (platform): zero-data-retention required, SSO/SAML mandatory, SCIM deprovisioning + admin audit before any expansion. The skeptics' bar: principals will merge AI-authored code only if it passes existing review + tests with no drop in defect rate. Success = cycle time down, no governance regression, two principals shift from skeptic to neutral-or-better. Open unknowns: confirmed champion, budget ceiling, security-review lead time. Proposing we close these next session.
The failure mode of this section is pitching disguised as questions. “Don't you think faster reviews would help?” is a pitch. “Where does a change wait longest between idea and prod?” is discovery. If your notes are full of Cursor features instead of their facts, you ran a demo with a question mark on the end.
Objections you should expect - and your live response
- Objection (live)
- “We already pay for Copilot - why add another tool?”
- Your move
- Ask what Copilot usage actually is. Low adoption is the proof, not the counter-argument: the mandate didn't change behavior, so a measured pilot on real pain is the cheap way to learn what would.
- Objection (live)
- “Legal will never approve a tool that sees our code.”
- Your move
- Agree the bar is right, then name it: zero-data-retention, no training on their code, model routing they control. Offer to bring the platform team the exact security posture before any expansion.
- Objection (live)
- “Our principals think AI writes bad code.”
- Your move
- Don't defend AI. Convert it: “what would have to be true for you to merge an AI-authored PR?” Then make the pilot prove exactly that, with their review gates intact.
| Objection (live) | Your move |
|---|---|
| “We already pay for Copilot - why add another tool?” | Ask what Copilot usage actually is. Low adoption is the proof, not the counter-argument: the mandate didn't change behavior, so a measured pilot on real pain is the cheap way to learn what would. |
| “Legal will never approve a tool that sees our code.” | Agree the bar is right, then name it: zero-data-retention, no training on their code, model routing they control. Offer to bring the platform team the exact security posture before any expansion. |
| “Our principals think AI writes bad code.” | Don't defend AI. Convert it: “what would have to be true for you to merge an AI-authored PR?” Then make the pilot prove exactly that, with their review gates intact. |
Takeaway. Discovery is the deliverable: ask stakeholder-specific questions, tag every answer fact/hypothesis/unknown and send a correctable summary that pins the decision, the pain to baseline, the hard gates and the skeptics' merge conditions.
Self-check
QA Northwind principal engineer says “AI writes bad code - Copilot proved it.” You are mid-discovery. What is the strongest move?
Demo & presentation rep
After this you can script and self-grade two tailored Cursor demos for Northwind - one for skeptical principals, one for the exec buyer.
Same product, two completely different rooms. The principals want to see real engineering survive their standards. The CTO wants to see a strategic bet pay off. A single demo that tries to serve both serves neither.
Tailoring is the whole grade here. You earned the right to demo specific things in discovery, so demo those. Northwind's payments cycle time and the principals' merge conditions are your script, not a generic feature tour.
Demo A - for the skeptical principalsProblem → live Agent/Rules workflow → outcome
- 1Open on their pain, not a feature. “You told me PRs sit ~3.5 days and reviews are the bottleneck. Let me show you a change moving through that, with your gates on.”
- 2Set up Rules first, visibly. Show a
.cursor/rulesfile encoding their conventions, test requirements and the things AI keeps getting wrong. This signals control: AI works inside their standards. - 3Run Agent on a real-shaped task. Pick a multi-file change in a payments-like repo. Let Agent plan, edit across files and run the tests. Narrate where you'd intervene.
- 4Reject bad output on purpose. When Agent proposes something sloppy, decline it out loud and steer. The judgment to reject AI output is the credibility move with this room.
- 5Land the outcome. End on the diff passing their review checklist and tests green - the exact merge condition they named in discovery.
Skeptical principals can smell a slideware SA in thirty seconds. Driving Agent, Tab and Rules live - with privacy mode on and a real codebase indexed - is the difference between “vendor” and “engineer who happens to work at Cursor.” Be visibly fluent in the actual product.
Field SAs keep two copies of the same demo scenario. One is behind the curtain: it carries a demo narrative in Markdown - the natural-language beats (here's what we're looking at, here's what we're going to do) plus the exact prompts you plan to run. The other is a cleaned-up repo with the narrative and prompt references stripped out, and that's the one you actually share on screen. You paste the prompts in live so it never reads like you're reciting them from inside the repo. Have the agent build the demo narrative for you as part of your first prompt - it drafts the script while you stage the scenario.
“I'll have one that's behind the curtain. It'll have a demo narrative. It'll have the prompts that I want to run. And then I'll actually share my screen showing a kind of cleaned up version.”
Demo B - for the CTO and VP EngROI and the strategic bet
- 1Frame the decision, not the tool. “You asked whether to go all-in. Here's what the bet looks like and how we'd know it's working by end of Q2.”
- 2Show outcome, not interface. One tight live moment - a real change shipped fast - then straight to the metric: cycle time, onboarding ramp, PR throughput.
- 3Tie to the money. Translate cycle-time gains into engineer-hours and shipping velocity at Northwind's scale. Anchor on their numbers from discovery.
- 4Address the strategic risk head-on. Name the privacy and governance posture before they ask, so the bet looks de-risked, not reckless.
- Dimension
- Opens on
- Principals (Demo A)
- A real engineering task under their gates
- Exec (Demo B)
- The go/no-go decision and the bet
- Dimension
- Proof is
- Principals (Demo A)
- Live Agent/Rules workflow, tests green
- Exec (Demo B)
- A metric moving at their scale
- Dimension
- Their fear
- Principals (Demo A)
- AI degrades code quality
- Exec (Demo B)
- An expensive, risky mandate that flops like Copilot
- Dimension
- You win by
- Principals (Demo A)
- Rejecting bad output and respecting review
- Exec (Demo B)
- De-risking privacy and tying value to dollars
| Dimension | Principals (Demo A) | Exec (Demo B) |
|---|---|---|
| Opens on | A real engineering task under their gates | The go/no-go decision and the bet |
| Proof is | Live Agent/Rules workflow, tests green | A metric moving at their scale |
| Their fear | AI degrades code quality | An expensive, risky mandate that flops like Copilot |
| You win by | Rejecting bad output and respecting review | De-risking privacy and tying value to dollars |
One product, two scripts. The audience decides what counts as proof.
Objection handling - your top three, scripted
“Agreed it can - so we keep your review and tests as the gate. Watch me reject a bad suggestion. The win is a faster path to code that passes your bar, not lower standards.”
“Right call to ask. Privacy mode means zero data retention and no training on your code, with model routing you control. I'll walk the platform team through it line by line.”
“And usage is low - that's the signal. The pilot measures whether Cursor changes behavior on your real pain. Cheap to learn and you keep what works.”
Demos break. The network drops, the model stalls, a test fails for a dumb reason. Your move is rehearsed calm: name it plainly (“that's a flaky test, not the change - here's the passing run I have”), keep narrating the workflow and fall back to a recorded clip or a pre-built branch. Recovering gracefully reads as competence; panicking reads as a script you didn't understand. Never blame the tool you're selling.
When Cursor's loop puts you in a mock demo, say which audience you're playing to before you start and why your choices change for it. Explicitly switching register from principal to CTO mid-exercise shows the cross-audience range the role is built on.
Self-grade: tailoring, command, storytelling
- Tailoring: did each demo use Northwind's actual discovery facts or did it drift into a generic feature tour?
- Command: did you drive Agent/Tab/Rules live and fluently, including rejecting a bad suggestion on purpose?
- Storytelling: did each demo open on the audience's pain and close on their named outcome, with one clean narrative thread?
- Recovery: do you have a concrete fallback ready before anything breaks?
Takeaway. Build two demos from the same product: principals get a live Agent/Rules workflow under their gates with bad output rejected on purpose, execs get outcome-and-ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. framing on the go/no-go bet - and you rehearse a calm failure-recovery move before either starts.
Self-check
Rollout, security & ROI artifact
After this you can produce the written artifacts a real SA delivers - phased rollout, governance review, outcome metrics and a product-feedback brief.
Talk is gone; now you write. This section produces the documents an SA actually hands a strategic account: a phased rollout plan, a security and governance summary, an instrumented ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. narrative and a feedback brief back to Cursor's Product team. These are the artifacts the on-site judges.
1. Phased rollout planPilot → team → org
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
A failed pilot is a real output - the week-6 gate decides go/no-go honestly.
- 1Pilot (weeks 1–6). The payments squad plus two volunteers from a second team. Baseline PR-to-merge cycle time and ramp on day one. Configure privacy mode, model routing,
.cursor/rulesand any MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. context sources before anyone codes. - 2Success gate (week 6). Cycle time down with no governance regression and no defect-rate increase and the two principals shifted to neutral-or-better. Go/no-go is honest: a failed pilot is a real output.
- 3Team expansion (weeks 7–14). Activate the rest of payments and core banking. Convert all self-serve seats to SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave.. Stand up a champion-led enablement cadence and an internal
#cursorhelp channel. - 4Org rollout (Q2). New-team activation playbook, seat-growth model and an admin dashboard the platform team owns. Hand the CTO the board-ready recommendation with the pilot evidence attached.
- Privacy
- Privacy / zero-data-retention mode on, enforced org-wide - no training on Northwind code
- Identity
- SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. for login, SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. for automatic provisioning and deprovisioning
- Models
- Approved-model routing under the platform team's control; no unapproved endpoints
- Standards
.cursor/rulesencoding Northwind conventions, test requirements and known AI failure modes- Context
- Codebase indexing plus MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. connections to internal docs/tools where the security review allows
- Admin
- Org admin console with usage visibility and audit; seats mapped to the buying committee
2. Security & governance summaryThe architecture-review section
This is the document the platform team reads first. Lead with their bar, not Cursor's features. Two principals and a skeptical legal team killed a prior AI tool, so the burden of proof sits with you.
- Control
- Data retention
- Northwind requirement
- No source code stored or trained on
- How Cursor meets it
- Privacy / zero-data-retention mode; code not retained or used for training when enabled
- Control
- Identity
- Northwind requirement
- SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. mandatory, no personal logins
- How Cursor meets it
- SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. enforced; self-serve seats migrated under org control
- Control
- Lifecycle
- Northwind requirement
- Automatic deprovisioning on offboard
- How Cursor meets it
- SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. provisioning and deprovisioning tied to the IdP
- Control
- Access
- Northwind requirement
- Role-appropriate permissions
- How Cursor meets it
- RBACRole-Based Access Control. Granting permissions by role rather than configuring each person individually. and admin controls scoped per team and role
- Control
- Auditability
- Northwind requirement
- Visibility for security review
- How Cursor meets it
- Admin dashboard with usage and audit surfaces
- Control
- Model routing
- Northwind requirement
- Only approved models/endpoints
- How Cursor meets it
- Platform-controlled model selection and routing
| Control | Northwind requirement | How Cursor meets it |
|---|---|---|
| Data retention | No source code stored or trained on | Privacy / zero-data-retention mode; code not retained or used for training when enabled |
| Identity | SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool. mandatory, no personal logins | SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SAMLAn enterprise standard that powers single sign-on. enforced; self-serve seats migrated under org control |
| Lifecycle | Automatic deprovisioning on offboard | SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. provisioning and deprovisioning tied to the IdP |
| Access | Role-appropriate permissions | RBACRole-Based Access Control. Granting permissions by role rather than configuring each person individually. and admin controls scoped per team and role |
| Auditability | Visibility for security review | Admin dashboard with usage and audit surfaces |
| Model routing | Only approved models/endpoints | Platform-controlled model selection and routing |
Architecture-review summary: their requirement first, the control that satisfies it second.
Don't overclaim a Cursor security feature you can't precisely support. If the platform team asks about a specific certification, data-residency region or contract clause, the credible answer is “I'll confirm the exact posture and bring it back with our security team,” not a confident guess. One wrong claim in a regulated review costs you the account.
3. Adoption + outcome metrics and the ROI narrative
- Metric
- PR-to-merge cycle time
- Why it matters
- The pain the CTO will pay to fix
- How you instrument it
- Baseline vs. pilot, from the git/PR system
- Metric
- Ramp-to-first-merge
- Why it matters
- Onboarding speed at 3,000-eng scale
- How you instrument it
- New-hire time-to-first-merged-PR
- Metric
- PR throughput
- Why it matters
- Shipping velocity per team
- How you instrument it
- Merged PRs per engineer per sprint
- Metric
- Seat utilization
- Why it matters
- Adoption depth, not just licenses
- How you instrument it
- Active vs. provisioned seats from admin console
- Metric
- Developer satisfaction
- Why it matters
- Durable adoption signal
- How you instrument it
- Short pulse survey, pre/post pilot
| Metric | Why it matters | How you instrument it |
|---|---|---|
| PR-to-merge cycle time | The pain the CTO will pay to fix | Baseline vs. pilot, from the git/PR system |
| Ramp-to-first-merge | Onboarding speed at 3,000-eng scale | New-hire time-to-first-merged-PR |
| PR throughput | Shipping velocity per team | Merged PRs per engineer per sprint |
| Seat utilization | Adoption depth, not just licenses | Active vs. provisioned seats from admin console |
| Developer satisfaction | Durable adoption signal | Short pulse survey, pre/post pilot |
Instrument adoption and outcome together - high seats with flat outcomes is a warning, not a win.
“If the pilot moves payments' median cycle time from 3.5 days toward 2, that's roughly X engineer-hours a sprint returned across the org - and it's measured, not promised. That's the bet and here's the evidence we built to check it.”
4. Product-feedback brief back to Cursor
The SA charter includes carrying structured field feedback into Product and Engineering. From Northwind, that brief is specific and prioritized, not a wishlist.
Account: Northwind Financial (regulated, 3,000 eng) Top blocker (P0): platform team wants per-model routing visibility in the admin audit log for compliance sign-off. Currently their #1 gate. P1: SCIM group-to-RBAC mapping requested so team roles provision automatically from their IdP groups. P1: principals want a per-repo rules-enforcement report (which rules fired/were violated) to trust AI output in review. Signal: low Copilot usage despite a mandate - strong evidence that bottoms-up adoption + measured pilots beat top-down mandates in regulated orgs. Worth a pattern writeup for the field.
Grade this section against the four-pillar SA charter: adoption & implementation, strategic partnership, customer outcomes and the product-feedback loop. If any pillar has no artifact above, that's your gap - and naming the gap yourself in an interview reads as higher judgment than pretending the work is complete.
Takeaway. Ship four artifacts: a phased pilot→team→org rollout with config locked before day one, a governance summary that leads with the platform team's bar, adoption-plus-outcome metrics with an ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. narrative in their numbers and a prioritized product-feedback brief back to Cursor.
Self-check
QYour pilot dashboard shows seat utilization climbing fast but PR-to-merge cycle time essentially flat. What does this tell you and what do you do?
Values debrief & readiness scorecard
After this you can self-assess your Northwind work against Cursor's values and the full interview loop, then build a targeted prep plan.
Last rep: grade yourself against the actual bar. The Northwind work you just did is the evidence. Map it to Cursor's values, score yourself per loop stage and turn your two lowest scores into a concrete prep plan. Honesty here is the entire point.
Map your scenario work to each Cursor value
- Value
- Extreme ownership
- Your Northwind proof
- Scoped a vague CTO mandate into a go/no-go and a falsifiable pilot
- Honest gap?
- Did you drive without a playbook or wait for a tighter brief?
- Value
- Customer obsession
- Your Northwind proof
- Discovery led with their pain; ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. used their numbers
- Honest gap?
- Was the work about their outcome or about closing a deal?
- Value
- Curiosity
- Your Northwind proof
- Probed why Copilot usage was low instead of just bashing it
- Honest gap?
- Did you investigate the real cause or assume one?
- Value
- Beginner's mindset
- Your Northwind proof
- Treated skeptical principals as people who define the bar
- Honest gap?
- Did you lecture or genuinely learn their merge conditions?
- Value
- Generalist hustle
- Your Northwind proof
- Wrote rollout, security, ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. and feedback artifacts - many hats
- Honest gap?
- Which artifact did you avoid because it's outside your comfort?
| Value | Your Northwind proof | Honest gap? |
|---|---|---|
| Extreme ownership | Scoped a vague CTO mandate into a go/no-go and a falsifiable pilot | Did you drive without a playbook or wait for a tighter brief? |
| Customer obsession | Discovery led with their pain; ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. used their numbers | Was the work about their outcome or about closing a deal? |
| Curiosity | Probed why Copilot usage was low instead of just bashing it | Did you investigate the real cause or assume one? |
| Beginner's mindset | Treated skeptical principals as people who define the bar | Did you lecture or genuinely learn their merge conditions? |
| Generalist hustle | Wrote rollout, security, ROIReturn on Investment. The value gained versus what it cost, the language an economic buyer funds deals in. and feedback artifacts - many hats | Which artifact did you avoid because it's outside your comfort? |
Each value needs a concrete Northwind moment, not a slogan. A blank proof cell is a real gap.
Interactive diagram. Tab through its regions; each focused region shows its detail in the panel below.
What each stage actually tests - score yourself against it below.
Score yourself per loop stage1 = would not pass · 5 = bar-clearing
- Recruiter / HM screen
- Can you say why Cursor, your fit and remote setup crisply? __ / 5
- Technical conversation
- SDLC, CI/CDContinuous Integration / Continuous Delivery. The automated pipeline that builds, tests and ships code so changes reach production safely and often., enterprise infra and customer scenarios - depth? __ / 5
- Live demo / presentation
- Two tailored demos driven live, with recovery ready? __ / 5
- Mock discovery
- Stakeholder-specific questions, real need uncovered? __ / 5
- On-site work-sample
- Could you build/configure for real over ~2 days with the team? __ / 5
- Values / why-Cursor panel
- Ownership, curiosity, beginner's mindset - evidenced, not claimed? __ / 5
Score honestly. Your two lowest numbers are the only thing your prep plan should target.
The hands-on stage is where talkers get exposed. Cursor's ~2-day on-site is real work with the team and AI is banned in the technical screen because it wants a clean read on skill and a teachable beginner's mindset. If you can articulate a perfect rollout but couldn't actually configure privacy mode, write a .cursor/rules file, debug a broken environment or drive Agent unaided - that gap fails you, no matter how good the slideware.
Confirm you can do the hands-on thing
- Could you configure privacy mode, SSOSingle Sign-On. One company login (usually via SAML or OIDC) instead of a separate password per tool./SCIMSystem for Cross-domain Identity Management. A standard for automatically creating and removing user accounts when people join or leave. and model routing in a real admin console, not just describe them?
- Could you write a working
.cursor/rulesfile and wire an MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. context source from scratch? - Could you drive Agent and Tab through a multi-file change, reject bad output and get tests green - with no AI assist on the underlying coding?
- Could you debug a thorny broken environment live while a developer watches?
Build your final prep plan
- 1Pick your two lowest scores. Only these. A scattershot plan that touches all six stages fixes none.
- 2Set one concrete drill per gap. If discovery scored low, run three mock discoveries out loud and record them. If hands-on scored low, build a real
.cursor/rules+ MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. setup on a sample repo this week. - 3Schedule the reps. A date on the calendar, not an intention. Two weeks, two gaps, measurable.
- 4Re-score after. If the number didn't move, the drill was wrong, not the goal.
Pick the one thing you built that proves you genuinely live in this problem space - a real MCPModel Context Protocol. A standard that lets an AI agent pull in context from outside the repo, like Jira tickets or internal docs. integration, a .cursor/rules setup for a project you actually ship, an automation, a workflow you designed. Cursor reads passion from what you've built and experimented with, not from claims. Bring exactly one strong artifact to the on-site and be ready to demo it cold.
In the values panel, volunteer your weakest area before they find it: “discovery is my growth edge - here's the drill I ran this week and what changed.” Naming a real gap with a concrete fix in motion demonstrates the ownership and beginner's mindset Cursor screens for and it disarms the question they were about to ask.
Takeaway. Grade the Northwind work against each Cursor value and each loop stage, prove you can actually build (not just talk), target only your two lowest scores with dated drills and choose one strong proof-of-passion artifact to demo cold on the on-site.