Distilled conclusions.
-
Security as a Development Constraint, Not a Review Gate
A compromised npm maintainer account pushed malicious versions of Axios, one of the most widely used JavaScript libraries, to the registry. The attack, which hit last month, bypassed GitHub Actions entirely. The attacker published directly via the npm CLI with stolen credentials. A hidden dependency deployed a remote access trojan. For three hours, every npm install that…
-
Infrastructure as Code Is Not DevOps
Last month, March 2026, Iranian drone strikes hit AWS data centers in the Gulf. The me-south-1 region went offline, and developers scrambled. On Reddit, the stories split into two camps. One developer lost everything. They had Terraform templates. They had infrastructure defined in code. What they did not have was drift detection, cross-region reproducibility, tested…
-
The Measurement Problem: When Your Metrics Reward the Wrong Behavior
Last year, I sat in a quarterly business review where an engineering director presented what he called “the best quarter in the team’s history.” Velocity was up 42%. Pull requests per developer had nearly doubled. Sprint burndowns were textbook smooth. The slides were polished, the trend lines all pointed up, and the room was nodding…
-
Why Your Cloud Migration Succeeded and Your Cloud Operations Didn’t
A few years ago, a financial services company asked us to help them roll back a cloud migration. Not pause it. Not optimize it. Roll it back. This wasn’t a company that was new to the cloud. They had been running cloud-native workloads on AWS for years: new applications, innovation projects, critical business services built…
-
DevOps Theater: When the Culture Never Actually Changed
A couple of years ago, I was brought in to assess the delivery practices of a mid-size financial services company. They had all the artifacts of a modern engineering organization: a CI/CD pipeline, infrastructure as code templates, a dedicated SRE team, Slack channels named after microservices. The CTO proudly told me they had “completed their…
-
The Four Things AI Cannot Replace in the People You Hire
A few months ago, I was interviewing a candidate for a senior engineering role. Strong resume. Solid certifications. Good technical depth. Halfway through the conversation, I asked a question I always ask: “Tell me about a time you had to throw away your own work because the team found a better approach.” The silence lasted…
-
The Conversation This Book Is Really About
Over the past year, I’ve had the same conversation with at least thirty CTOs and VPs of Engineering. The setting changes: a conference hallway, a video call, a dinner after a workshop. The words change. But the conversation is always the same. It starts with a number. “Our developers are 40% more productive.” Or 30%.…
-
I Wrote a Book: Reimagine, Don’t Retrofit
I’ve been building software since I was fourteen, when I sold my first software product. Nearly three decades later, having risen through consulting and architecture roles, co-founded companies, and eventually become a CTO responsible for the delivery strategy of hundreds of cloud projects across Latin America, one pattern has stayed constant. Every major platform shift…
-
Why AI Fails on Your Existing Codebase: The Case for Code Elevation
A few weeks ago, a team I was advising tried something that sounded perfectly reasonable. They had an existing e-commerce platform, about five years old, built as a modular monolith with a few extracted microservices. The business wanted a recommendation engine integrated into the product catalog. The team had been using AI coding assistants for…
-
The Developer’s New Role: What Happens When AI Drives the Conversation
Last month, I was facilitating a Mob Elaboration session with a development team at a company going through its first AI-DLC adoption cycle. The Product Owner had stated the intent: a new feature for their customer onboarding flow. Within minutes, the AI had generated an initial set of user stories, acceptance criteria, and a proposed…
