Practical notes from two decades of creating software, leading engineering teams, and figuring things out the hard way. I write about software, cloud infrastructure, security, AI-assisted development, and the leadership decisions that tie it all together. No fluff, just honest accounts of what I'm learning as I go.
The devcontainer CLI doesn't forward ports or open browsers on the host. I built a Rust tool called dbr to fix both, with help from Claude Code agent teams.
Great developer experience and strong compliance aren't opposites. The key is making the compliant path the easy path.
After 23 years shipping software, I've learned that the best leaders are simultaneously impatient and patient. Here's how I think about balancing the two.
A debugging war story. Cross-account S3 access was failing with a cryptic access denied error. The culprit? An archaic ACL default that's easy to miss.
Security breaches in healthcare are all too common and PHI is a hot commodity on the dark web. Here's an overview of SOC 2, HIPAA and what I've learned leading compliance in a MedTech startup.
