To Engineer Is Human: The Role of Failure in Successful Design
Source: https://www.penguinrandomhouse.com/books/331/to-engineer-is-human-by-henry-petroski/ ↗
Petroski, a civil engineering professor at Duke, wrote the definitive popular account of why things break and why failure is not the opposite of good engineering but its essential companion.
The book moves from the Tacoma Narrows Bridge to the Kansas City Hyatt Regency walkway collapse, showing in each case that disasters arise not from ignorance but from success — specifically, from the overconfidence that success breeds.
The parallel to software is immediate and uncomfortable: systems fail when teams extrapolate from what worked before without understanding why it worked.
Petroski writes with the clarity of a historian and the precision of an engineer, and his argument aligns directly with the Catmull and Edmondson tradition on psychological safety and the productive role of error.
For anyone managing complex products, this book reframes failure from something to prevent into something to learn from — quickly, cheaply, and before it scales.
Central argument
Petroski's central argument is that engineering failures are not caused by ignorance or incompetence but by the overconfidence that success itself generates. When designs work, engineers and institutions tend to treat that success as proof of understanding, and then extrapolate beyond the conditions that made it valid — which is precisely when structures collapse. Using case studies like the Tacoma Narrows Bridge and the Kansas City Hyatt Regency walkway, he argues that failure is not the opposite of good design but its necessary teacher, and that treating it as such is what separates rigorous engineering from mere luck.
Critique
Petroski's argument is built almost entirely on catastrophic, high-visibility failures in physical infrastructure — collapses that killed people and left forensic evidence. This creates a selection bias: he can reconstruct the logic of overconfidence retrospectively, but the framework is harder to apply prescriptively in domains where failures are frequent, small, reversible, and ambiguous in their lessons. A thoughtful reader might also push back on the implied symmetry between learning from failure and preventing it — the book is more convincing as a diagnosis than as a methodology for building organizations that actually institutionalize that learning before disaster forces it.
Why it matters for product
For a product leader, the sharpest implication is about the danger of the successful roadmap: when a discovery process, a growth loop, or a delivery model has worked consistently, teams stop questioning the assumptions underneath it and start treating the pattern as a law. This is exactly the moment Petroski identifies as pre-collapse — not crisis, but unchallenged extrapolation. Concretely, it argues for building structured failure review into the operating rhythm not as a post-mortem ritual after something breaks, but as a standing interrogation of what is currently working and why, before scale amplifies a hidden flaw into a systemic one.