I have worked a lot of time with bare-metal, on-premises infrastructure. It became obvious that cloud services have a huge amount of benefits, but requires a lot of experience to make sure to avoid the drawbacks like cost traps or vendor lock-in.

I am a big proponent of Infrastructure-as-Code (IaC) and immutable infrastructure, as far as it can be sensibily achieved. Having your whole infrastructure in a git repository and being able to recreate, clone, scale or change all assets with a single command is, for me, the most important benefit of a cloud-native infrastructure.

The most difficult aspect of a cloud migration is to keep the drawbacks in check while still leveraging the benefits. Keeping an eye on costs and potential vendor lock-in is paramount.

I really like to have detailed, comprehensive monitoring for everything in a system. This goes through the whole stack, from the infrastructure parts to the application.

Same goes for logging. With an effective combination of metrics and events nearly every problem can be traced back to its root cause.

I did 24/7 on-call duty rotations, so I have some on-hands experience with alerting and know what to improve and optimize.

In the past, I have worked with many different kind of applications. From big monoliths to small, stateless microservices. There are a lot of different approaches to architecture and infrastructure, and none is strictly better than the other.

Instead of focussing on a single appraoch (e.g. microservices), I prefer to adapt the solution to the requirements. Over time, I came to recognize the following values in good architecture:

• Composability
• Clear separation of concerns
• Explicit and confined state
• API-driven infrastructure

"DevOps" is one of the most misunderstood concepts that currently exists in the IT industry. Nevertheless, I am convinced that actual DevOps is the most effective way to build software. By having a tight coupling between application code and infrastructure, a whole family of potential problems are eliminted before they even appear.

Because I have experience both with the infrastructure and the application side I am able to build full-stack application that adhere to this DevOps mentality and enable architectures that would not even be possible in a traditional approach.

To me, information security is one of the most critical aspects in today's IT landscape. Many recent changes and technologies made traditional security approaches obsolete, or even dangerous to apply.

I am really fond of of Google's BeyondCorp zero-trust security concept, leveraging protocols like OAuth and OpenID Connect. In the end, security is not all-or-nothing, it is a spectrum and has many different aspects, from code to humans.

Also, security is not something you can just tack on existing applications after the fact. Security engineering has to be an integrated part of your application development, processes and, effectively, the whole company. You are never really "done" with security.

Everything done manually will be done wrong eventually. But computers are very good at doing the exact same tasks over and over and over again, so let's delegate as much as possible to them!

Using orchestration tooling like Ansible enables us to track all tasks in version control, review them, and execute them automatically. Combined with CI tools like Drone or automation suites like Rundeck makes it possible to have all changes and regular tasks done automatically.

My philosophy is to never do a tasks twice manually. Before you do it a second time, automate it away.