Most teams don't need a "DevOps transformation." They need three things:
I've reviewed Terraform codebases across 4 organisations now. The pattern is always the same: it starts clean, then someone adds "just one more resource," and 6 months later you have a 2,000-line main.tf that nobody wants to touch.
Here's why it happens and how to fix it.
"We can't justify a platform team — our developers can manage their own infrastructure."
I've heard this from three CTOs in the last year. Here's what they didn't realise they were already paying.
Microsoft's Cloud Adoption Framework gives you a beautiful diagram of Azure Landing Zones. Neat boxes, clean lines, management groups in perfect hierarchy. What it doesn't tell you is how much pain lies between that diagram and reality.
Here's what I learned implementing landing zones for enterprise workloads.
"We apply the same engineering practices to our Terraform as we do to our application code."
This sounds responsible. It's also why your infrastructure deployments take 3 weeks to get through code review.
Infrastructure as Code is code, yes. But it's a fundamentally different KIND of code. Treating it identically to application code creates more problems than it solves.
"We'll add RBAC later."
I've heard this sentence on 4 different projects. "Later" usually means "after the security audit finds it" or "after an incident."
RBAC isn't a nice-to-have. In a shared Kubernetes cluster, it's the difference between teams coexisting safely and one team accidentally deleting another's production workloads.
I've helped build or fix CI/CD pipelines at 4 organisations across retail, insurance, and financial services. The technology changes — Jenkins, Azure DevOps, GitHub Actions — but the anti-patterns are always the same.
When leadership says "we need FinOps," what they usually mean is "our cloud bill is too high — make it smaller."
But FinOps isn't about spending less. It's about spending right. Sometimes that means spending MORE — on reserved instances, on better architecture, on tools that prevent waste at scale.
I have 5 cloud certifications. AWS Solutions Architect, Azure Administrator, Terraform Associate, and more. They helped me get interviews. They didn't help me pass them.
Here's the uncomfortable truth I learned after failing a few technical interviews despite having a CV full of cert badges.
Your containers are running. Your app is working. Your security posture? Probably has gaps you don't know about.
After securing containerised workloads across multiple enterprise environments, here are the 5 things I find teams consistently overlooking.