Enhancing Developer Experience

If you’re looking to practice DevSecOps — here are 2 projects you should definitely check out.. (and the key processes you should know) TL;DR : DevSecOps = DevOps + Security, built in from the start. When I started exploring this practice, I realized I was already using parts of it in my day-to-day work. The security layer wasn’t just about adding tools — it was about thinking end-to-end across the whole DevOps workflow. Here are the few key components: → Security Checks & Scans Catch issues early with automated code and app security tests. → Vulnerability Management Scan, prioritize, and patch vulnerabilities regularly. → Threat Modeling Identify possible risks and plan mitigations before release. → Key Management Keep secrets, API keys, and certificates secure. → CI/CD with Security Automate builds and deployments with security gates built in. → Infrastructure as Code (IaC) Define infra in code for consistency and secure provisioning. → Container Security Scan images and protect containers during runtime. → Continuous Monitoring Track logs, activity, and network traffic for anomalies. → QA Integration & Collaboration Embed QA and make security part of team culture. ⸻ 2 Projects to Implement: 1. Netflix Clone with DevSecOps Pipeline • Covers CI/CD, container scans, secrets management, monitoring. • GitHub : https://lnkd.in/dWR4GV7m • Youtube: https://lnkd.in/dkSjBcNM 2. DevSecOps CI/CD Implementation • Implementing a pipeline for a Tic-Tac-Toe game application.. • GitHub : https://lnkd.in/d3WgCuKY • Youtube: https://lnkd.in/dTQcw3Sw Any other projects or topics you'd like to add? Comment below 👇 If you found this useful: • • • I regularly share bite-sized insights on Cloud & DevOps (through my newsletter as well) — if you're finding them helpful, hit follow (Vishakha) and feel free to share it so others can learn too! Image Src : ByteByteGo

A developer lost $500k. The culprit wasn't a phishing scam. It was a code editor extension. It could happen to your team tomorrow. The tool was Cursor, a popular AI-powered fork of VS Code. The problem? It doesn't use Microsoft's official, vetted Extension Marketplace. Instead, it uses an open-source alternative (Open VSX). While a great open-source initiative, it lacks the rigorous security teams and vetting that Microsoft provides. It's the Wild West for extensions. Every time a developer on your team downloads an extension in Cursor, they are inviting unvetted code onto a machine that holds your company's IP. As a tech leader, you can't ignore this. Your team's muscle memory from the secure VS Code world is a liability here. Popularity and high ratings mean little in an unvetted marketplace. If you care about your data, you need to act. → Audit the tools your developers are using. → Create policies and guardrails for non-standard IDEs. → Treat any tool outside your vetted ecosystem as a potential risk. Don't let a productivity boost become your next security breach. #CyberSecurity #DevSecOps #TechLeadership #DeveloperTools #Cursor #VSCode #InfoSec

Let's speed things up! Here's a beginner-friendly guide to optimizing your SQL queries, starting with some tips from my infographic: 1. Be Selective with DISTINCT: Only use DISTINCT when you absolutely need unique results. It can slow down your query if used unnecessarily. 2. Rethink Scalar Functions: Instead of using functions that return a single value for each row in SELECT statements, try using aggregate functions. They're often faster! 3. Cursor Caution: Avoid cursors when possible. They're like going through your data one by one, which can be slow. Set-based operations are usually faster. 4. WHERE vs HAVING: Use WHERE to filter rows before grouping, and HAVING to filter after grouping. This can significantly reduce the amount of data processed. 5. Index for Success: Think of indexes like the table of contents in a book. Create them on columns you frequently search or join on for faster lookups. 6. JOIN Smartly: INNER JOIN is often faster than using WHERE for the same condition. It's like telling the database exactly how to connect your tables. 7. CASE for Clarity: Use CASE WHEN statements instead of multiple OR conditions. It's clearer and can be more efficient. 8. Divide and Conquer: Break down complex queries into simpler parts. It's easier to optimize and understand smaller pieces. But wait, there's more! Here are some extra tips to supercharge your queries: 9. EXISTS vs IN: Use EXISTS instead of IN for subqueries. It's often faster, especially with large datasets. 10. LIKE with Caution: Avoid using wildcards (%) at the beginning of your LIKE patterns. It prevents the use of indexes. 11. Analyze Your Plans: Learn to read query execution plans. They're like a roadmap showing how your database processes your query. 12. Partitioning Power: For huge tables, consider partitioning. It's like organizing your data into smaller, manageable chunks. 13. Table Variables: Sometimes, using table variables instead of temporary tables can boost performance. 14. Subquery Switcheroo: Try converting subqueries to JOINs or CTE. In many cases, this can speed up your query. Remember, optimization is a journey, not a destination. Start with these tips and keep learning! What's your favorite SQL optimization trick? Share in the comments!

I’ve been reflecting on my conversation with Nader Dabit currently building developer communities at Eigen Labs, and formerly with Amazon Web Services (AWS) and The Graph. What struck me most was how many of his insights we have been actively applying while building the developer + founder community at soonami.io GmbH. Here are the top takeaways I’ve been leaning on 👇 1/ Building a developer community is a marathon, not a sprint. Developers want to go where there’s traction, but traction doesn’t happen overnight. It takes time, trust, and a lot of value creation. 2/ Transparency builds trust. Be open about the trade-offs of your platform. No tech is perfect. Developers appreciate honesty over hype. If they know what they’re working with, they can make informed decisions. 3/ Help developers whether they use your product or not. The best DevRel teams provide value beyond their own ecosystem. Answer questions, share knowledge, and be part of the broader developer journey. This goodwill always comes back. 4/ Meet developers where they are. Not every developer is hanging out on Twitter. Find them in Discord, Telegram, GitHub, hackathons, or niche forums. Engage where they feel comfortable, not where it's easiest for you. 5/ Hackathons: Not just about numbers, but long-term impact. Instead of attracting bounty hunters who leave after a quick win, structure your hackathons to support serious builders. Offer milestone-based funding, mentorship, and ecosystem support. 6/ Long-term DevRel isn’t about short-term metrics. It's not just about tracking engagement. It’s about relationship-building over months (or years). DevRel should create a ripple effect—one great project inspires others. 7/ Cross-functional collaboration is key. Building a developer community isn’t just a DevRel task. Marketing, engineering, and leadership must align to provide the best support for developers. 8/ One strong builder > 100 inactive users. It’s not about quantity. Even if just one project from your hackathon or community scales, it can change the entire ecosystem. 9/ Want to break into DevRel? Here’s Nader’s advice: 🔹 Deeply understand the product 🔹 Build relationships with internal teams 🔹 Focus on providing genuine value 10/ Final takeaway: Developer communities thrive on authenticity, support, and long-term thinking. It’s not about pushing a product, it’s about empowering people to build. What’s your biggest takeaway from this? Let’s discuss! 

Bad news.  There are no shortcuts to improving developer experience and productivity. You need to put in the work. Companies that make meaningful improvements to the experience and (as a result) productivity of their developers all take the time to deeply understand friction points. Productivity is the byproduct of this work. Before you buy a new tool Before you build a platform  Before you implement a fancy AI solution Deeply understand the friction points by: 1. Speaking to your developers 2. Survey your developers to scale 1. 3. Analyze metrics associated with feedback Taking this approach makes sure you're fixing the right problems. Once you think you know what to do, make sure you're fixing the right problems, right: 4. Sanity check your solution with devs before implementing I talked about this and more with Conor Bronsdon late last year on Dev Interrupted, check out the recording here: https://lnkd.in/emN6SrAh #DeveloperExperience #DevOps

To be considered good, your code must communicate clearly to other developers. Writing code to meet a story, task or feature requirement is only the beginning. When interviewing developers I include a coding exercise. I don’t even bother running the code to see if it works. I’m not interested in that. Just having working code is the lowest level of skill you can achieve. I’m looking for exceptionally awesome developers, and those developers understand that others will read their code 100x over. They understand that it needs to be easy for their code to be extended in the future. The problem solved and the solution need to be clear. Complexity needs to be handled carefully, and code should be as simple as possible. Acceptance criteria, what your product person and stakeholders want, even what will satisfy your customer is only the beginning. You have a team of developers and software engineering leaders around you. Always be mindful of how others will understand and work with your code in the future. This is one reason why automated tests are a core requirement of the job. Tests are a great way to know what the code is supposed to do, what edge cases are being handled and what contract you’re fulfilling. Tests show your intent for the code. When I work on code I haven’t seen before, I look at the tests first. They give me the context of what was intended and tell me much more about the code than anything else. I once helped a startup in the very early days, we were building a payment system. The best solution I could come up with was an implementation of double entry accounting. This enabled money to move between accounts and provided built in reconciliations and audit trails. The challenge was, no one else in the team knew what double entry accounting was. I had to write code that others would need to understand, when they most likely didn’t know the concepts or foundations it was built on. I really enjoyed writing that code, as the tests, the API, the comments and the code itself all needed to communicate clearly how money was being moved through the system. It was difficult but satisfying to know others extended it beyond my time there. Other developers that interact with your code will judge your level of skill by how easy your code is to work with. Make life easy for them!

Atlassian's latest research on the developer experience revealed a critical issue: the disconnect between developers and leaders. We surveyed over 2,100 developers and managers, and found significant inefficiencies impacting the developer experience. Only 44% of developers feel their leaders are aware of these issues, highlighting a misalignment that can hinder team success. At Atlassian, we're dedicated to enhancing developer joy—an approach that combines operational metrics with satisfaction to boost retention, engagement, and productivity. Over the past 18 months, we've heavily invested in understanding our developers’ needs by placing them at the center. Through surveys, deep dives, and forums, we were able to uncover real challenges, which has guided our focus on what truly matters. We have taken concrete actions, such as setting OKRs, funding dedicated teams, and encouraging a 10% time allocation to address pain points. We are by no means finished, but we have already seen a 25% increase in developer satisfaction and nearly halved issue cycle times in a year. Improving the developer experience is an ongoing process that requires attention and iteration. We're focused on aligning leadership and developer perspectives to drive meaningful change. By prioritizing developer joy, we're not only enhancing productivity but also fostering a culture where our developers thrive. Check out the report ⬇ https://lnkd.in/gvbsAS9N

We rebuilt 100+ CI/CD pipelines for top SaaS companies. Here’s what we clean up first (and why every pipeline gets instantly healthier when we do): 1. Bloated YAMLs full of conditionals nobody understands. Most CI files evolve like a junk drawer. People keep adding edge cases, temporary fixes, and legacy logic… and no one ever removes them. ✅ What we do: Break down massive YAMLs → move logic into clean, reusable scripts → use templating if needed, but keep it boring. The goal isn’t clever. It’s clarity. 2. Useless test jobs nobody tracks anymore. We’ve seen pipelines running 10+ tests that haven’t failed in years (and nobody can explain what they’re testing.) ✅ What we do: Audit every job → kill flaky or unowned tests → tag what remains with an owner + runtime budget. Rule: If it’s unowned, it’s out. 3. Frankenstein toolchains that slow everything down. The worst setups are part GitHub Actions, part Jenkins, part ArgoCD, and 100% chaos. ✅ What we do: Pick one core system. Reduce touchpoints. Replace brittle glue scripts with shared libraries. Monolith pipelines = faster iterations. 4. Deploys without rollback or visibility. You’d be shocked how many teams push to prod without alerts, health checks, or rollback logic. ✅ What we do: Add progressive rollout → real-time alert hooks → automatic revert on failure. Shipping to prod shouldn't feel like gambling. 5. Over-permissioned runners. Still seeing pipelines with long-lived IAM tokens and full cloud access? ✅ What we do: Move to short-lived tokens via GitHub OIDC or AWS STS. Scope access down to the least privilege required. Security should be baked into the pipeline. Not duct-taped later. CI/CD doesn’t break because the tools are bad. It breaks because nobody takes ownership of the pipeline like they would their app code. What’s your first move when fixing a messy pipeline? ♻️ 𝐑𝐄𝐏𝐎𝐒𝐓 𝐒𝐨 𝐎𝐭𝐡𝐞𝐫𝐬 𝐂𝐚𝐧 𝐋𝐞𝐚𝐫𝐧.

One of the most effective ways we've built product ownership and accountability at Human Managed is also the most straightforward: put developers in the room with customers throughout the build lifecycle -- during discovery, POC, and demos. Too often developers get handed requirements, rarely witnessing the impact of what they build. We've been there before. In setups like that, teams optimized for velocity rather than value, decisions got made without real context, and the product was never quite right. When we shifted our engineers to hear the problem firsthand -- to see the friction, feel the moments of customer delight vs. confusion... When they have to answer customers' questions directly... When they experience their demo land (or miss) -- it shifts the mindset from features to outcomes. I shared this in a recent Forbes Technology Council expert panel on developer ownership -- and am glad to see it included among other practical ways to foster a culture of autonomy and accountability. 📸: a snap from a recent customer session -- our dev team, on-site, absorbing user feedback firsthand. 👇 Link to the article in the comments.