The technology landscape is continuously changing, so I like to keep a set of cheat sheets which contains my latest blueprint for building great software and great software development teams.
Choose a section below:
Adopt a Microservices Architecture
- Break down applications into small, independently deployable services.
- Allows for independent scaling, reducing the impact of failures.
- Easier maintenance and aligning services with business functions and development teams.
Consider Event-Driven Architecture
- Event-driven architecture is crucial for real-time communication and data processing.
- Popular choices include Apache Kafka and RabbitMQ for message queueing and event streaming.
- Enables real-time event reaction, creating responsive, resilient, and decoupled applications.
Use Containerisation and Orchestration for deployment
- Docker and Kubernetes are essential for maintaining consistent development and production environments.
- Docker is used for containerizing applications, while Kubernetes handles orchestration.
- Streamlines deployment and scaling across various environments.
Embrace Cloud-Native Development
- Cloud-native development enhances scalability and cost-effectiveness.
- AWS and Azure are recommended cloud platforms for automatic scaling.
- Leverage serverless computing through services like Lambda or Azure Functions for simplified infrastructure management.
Consider Serverless Computing
- While not suitable for all situations, serverless computing is gaining widespread adoption.
- Simplifies infrastructure management and reduces the DevOps burden.
- Allows engineers to focus on coding without worrying about server provisioning and scaling.
Network and Infrastructure
- Core Layer: This is the heart of your network. Use high-end switches and routers from providers like Cisco, Juniper, or Arista.
- Distribution Layer: Connects core and access layers, ensuring scalability. Cisco Catalyst or Juniper EX series switches are reliable options.
- Access Layer: Provides connectivity to end-user devices. Cisco Catalyst, Aruba, or Meraki switches are good choices.
Network Security With SASE
- Implement a multi-layered security strategy with firewalls, intrusion detection/prevention systems, and endpoint protection.
- Use VPNs for secure remote access and ensure data encryption.
- Employ strong authentication methods, like multi-factor authentication (MFA).
- Utilize network segmentation to isolate critical assets and reduce the attack surface
- Integrate SASE into your network architecture to provide secure and consistent access to your network and cloud resources.
- SASE providers like Zscaler, Palo Alto Networks Prisma Access, or Cisco Umbrella offer cloud-native security solutions that can be seamlessly integrated into your infrastructure.
- Consider a hybrid or multi-cloud strategy. Providers like AWS, Azure, and Google Cloud offer a range of services for different needs.
- Implement a secure and efficient connection to your chosen cloud provider (e.g., AWS Direct Connect, Azure ExpressRoute).
Data Storage and Backup
- Utilize scalable cloud storage solutions like AWS S3, Google Cloud Storage, or Azure Blob Storage.
- Implement regular automated backups with solutions like Veeam, Rubrik, or Azure Backup.
- Consider a mix of on-premises and cloud-based servers, depending on your needs.
- Providers like Dell, HPE, and Supermicro offer reliable on-premises server hardware.
- For cloud-based infrastructure, AWS EC2, Azure VMs, and Google Compute Engine are popular choices.
Network Monitoring and Management
- Use network monitoring tools like SolarWinds, PRTG, or Nagios.
- Consider SDN solutions like Cisco ACI or VMware NSX for network automation.
- Use collaboration and communication tools like Microsoft Teams, Slack, or Zoom.
- Secure video conferencing with end-to-end encryption.
- Ensure redundant internet connections for business continuity.
- Explore SD-WAN solutions like Cisco Viptela, VMware SD-WAN, or Fortinet Secure SD-WAN.
Disaster Recovery and Business Continuity
- Develop a robust DR plan and utilise services like AWS Disaster Recovery, Azure Site Recovery, or Veeam.
- Regularly test your DR plan to ensure its effectiveness.
Documentation and Change Management
- Maintain comprehensive documentation of your network and infrastructure.
- Implement a change management process to track and control system changes.
Compliance and Security
- Stay compliant with relevant regulations (e.g., GDPR, HIPAA) and conduct regular security audits.
- Invest in SIEM solutions like Splunk, Elastic, or IBM QRadar for real-time security monitoring.
- Establish strong relationships with trusted vendors and consider service-level agreements (SLAs).
- Stay informed about emerging technologies and how they can benefit your organization.
Tech Stack and Platforms
- Choose programming languages based on project requirements.
- .NET with C#, Entity Framework, MVC, Angular, and Node.js is the combination I’ve used most recently.
- Python is also very popular and a great choice for data analysis applications due to readability and extensive libraries.
- Consider security aspects like the default security provisions provided by languages like .NET and Java.
- Database choices should align with project needs and circumstances.
- AzureSQL is the platform I have recent experience with, while PostgreSQL is a popular choice due to its cost-effectiveness.
- For flexible, schema-less data, consider MongoDB.
- Don’t exclude using multiple database platforms, for example a search service within a wider Microservices architecture may perform better with a schema-less DB.
- Azure DevOps is a solid choice if you are in the Microsoft ecosystem, offering Single Sign-On integration and Git support.
- Jenkins is a cost-effective option for CI/CD, and GitLab CI/CD is suitable for automated testing and deployment.
- Configuration management can be automated with tools like Ansible.
- Code scanning for vulnerabilities is now an essential part of the build process.
- Tools like Snyk and Sonarcloud/Sonarcube are good options.
- Identify Data Types: Categorize your data into different types, such as sensitive, confidential, public, or regulated data.
- Access Controls: Implement strict access controls based on data classification, ensuring that only authorized personnel can access sensitive information.
- In-Transit Encryption: Use SSL/TLS for data transmitted over networks and VPNs for secure remote access.
- At-Rest Encryption: Encrypt data stored in databases, file systems, and backups using encryption technologies like AES-256.
- Role-Based Access Control (RBAC): Implement RBAC to grant permissions based on job roles, limiting access to the minimum required for each user.
- Authentication: Use strong authentication methods, such as multi-factor authentication (MFA), for all users.
- Firewalls: Employ both network and host-based firewalls to protect data from unauthorized access and cyberattacks.
- Intrusion Detection and Prevention Systems (IDPS): Utilize IDPS to detect and respond to network security threats.
- VLAN Segmentation: Use VLANs to segregate network traffic and limit lateral movement of threats.
Data Loss Prevention (DLP)
- DLP Solutions: Implement DLP tools to monitor, control, and prevent data leaks or unauthorized transfers.
- Content Inspection: Scan outbound and inbound data for sensitive information and enforce policies to prevent data loss.
- Implement automated and encrypted data backups, both on-site and off-site.
- Test backup and recovery processes regularly to ensure data can be restored in case of data loss.
Security Awareness Training
- Conduct regular training for employees to raise awareness about data security, social engineering, and safe computing practices.
- Encourage a culture of security awareness within the organization.
- Regularly update and patch software, operating systems, and applications to mitigate vulnerabilities that could be exploited.
- Employ a vulnerability management program to identify and prioritize patching.
Incident Response Plan
- Develop a detailed incident response plan that outlines procedures for identifying, mitigating, and reporting security incidents.
- Test the plan through tabletop exercises and simulations.
- Install endpoint security solutions, such as antivirus software, endpoint detection and response (EDR) tools, and mobile device management (MDM) solutions.
Data Privacy Compliance
- Comply with data protection regulations such as GDPR, HIPAA, CCPA, or other relevant industry-specific laws.
- Appoint a Data Protection Officer (DPO) if required.
Security Audits and Monitoring
- Conduct regular security audits and penetration testing to identify vulnerabilities.
- Implement continuous security monitoring and threat detection systems.
- Assess the security practices of third-party vendors and service providers who have access to your data.
- Ensure vendors comply with your data security policies.
- Implement a secure data disposal policy for end-of-life hardware and data storage devices.
- Use secure data erasure methods.
Data Security Policies
- Develop and enforce clear data security policies that outline acceptable use, data handling, and reporting procedures.
- Ensure employees understand and adhere to these policies.
Data Breach Response
- Establish a protocol for responding to data breaches, including notifying affected parties and regulatory authorities as required by law.
Employee Exit Procedures
- When employees leave the organization, ensure their access to data and systems is promptly revoked.
Building an Engineering Team
- Hiring and RETAINING talented engineers is challenging due to the fast pace of technology and competitive salaries.
- Consider the long-term value of experienced engineers and the cost of losing them.
- Technical tests are important, but cultural fit is crucial. (See the Team Culture Blueprint)
- Inclusive and diverse hiring practices lead to a dynamic and innovative team.
Implement (Your Own) Agile Methodologies
- Facilitate close collaboration among cross-functional teams, including developers, testers, and product owners.
- Agile methodologies should encourage adaptability and the ability to respond swiftly to changing project requirements and feedback from team members and stakeholders.
- Aim to gather user feedback as early as possible and accelerate the time-to-market.
- Emphasise customer satisfaction, teamwork, and delivering value to stakeholders to align the engineering team’s efforts with the organisation’s goals.
- Instill the Agile mindset, valuing individuals and interactions, working solutions, and adaptability, over rigid processes and tools.
- Remember Agile is a methodology and you should use the principles in a way which suits you.
- Invest in your team’s growth by offering access to online courses, conferences, and in-house training. PluralSight and Udemy are both good cost effective solutions for this.
- Encourage developers to learn at least one new thing every performance cycle, and commit to supporting them in doing that.
- Promote cross-functional teams with a DevOps culture.
- The entire team should be responsible for code quality, deployment, and operation of services, increasing ownership of the software lifecycle.
Create Team Culture
Promote Collective Responsibility
- Foster a sense of ownership among team members by helping them understand their roles in achieving the larger mission. Using the Spotify squad model can help in aligning teams to business outcomes.
- Set clear goals and Key Performance Indicators (KPIs) for each team member to instill a sense of responsibility for the product’s success.
- Encourage individuals to take collective responsibility for the overall performance and outcome of the team.
- Make sure retrospectives are targeted and deliver value. Celebrate your wins and learn from your losses.
- Use this continuous improvement loop to adapt to changing requirements and evolving market demands.
- Cultivate a culture of learning and adaptation within the team.
- Commit to the improvement actions and hold the owners to account.
- Emphasise open communication and collaboration as essential elements of team culture.
- All ideas should be listened to and given equal weight.
- Schedule regular knowledge-sharing and problem-solving sessions to encourage collaboration and knowledge transfer within the team.
- Promote a no-blame culture and collaborative atmosphere where team members feel comfortable sharing ideas and insights to solve challenges collectively.
- Regularly review compensation packages to ensure they align with industry standards and remain competitive.
- Consider offering performance-based bonuses or stock options as additional incentives to retain top talent.
- Remember that retaining employees is often considerably more cost-effective than dealing with turnover.
- Promoting a healthy work-life balance is paramount.
- Offer flexible working hours, remote work options, and emphasis the importance of taking time off when needed.
- This approach not only helps prevent burnout but also makes people feel recognised
- Doing really good work does not always mean doing lots and lots of hours of work. Quality is the key.
- Encourage professional growth by providing clear career advancement paths within the company.
- Pair junior developers with mentors to facilitate skill development and knowledge transfer.
- Sponsor certifications and advanced training to invest in the growth of team members.
Recognition and Rewards
- When evaluating performance don’t create KPI’s and objectives for the sake of it. Make sure you define role responsibilities and behaviours and reward people for doing their jobs well. Not all success is measured by targets and growth. Once you are very good at something this should still be recognised.
- Develop a robust recognition and rewards program that acknowledges outstanding performance.
- Recognise achievements with public praise, monetary bonuses, and opportunities for career advancement, fostering a positive work environment that celebrates success.