The Evolution of Platform Engineering with Massdriver CEO Cory O’Daniel

In this episode of The Secure Developer, Danny Allan interviews Cory O’Daniel, CEO and co-founder of Massdriver. Cory shares his rich and varied journey in the field of Infrastructure as Code (IaC) and offers valuable advice for developers aspiring to become CEOs of startups. He emphasizes the importance of getting out and talking to people early and often, listening more than developing, and validating ideas before implementing them. Cory points out that invalidating feedback is often more valuable than validating feedback to refine ideas and products. Cory O’Daniel began his career in health information systems before venturing into the startup world in California in the early 2000s. He quickly became involved in the emerging movement of cloud computing with Amazon EC2, leading him to adopt a pioneering role in what would become the field of DevOps. He worked on various IaC tools like Ansible, Chef, and Terraform, and founded Massdriver four years ago. The evolution of DevOps and platform engineering is a central topic of the discussion. Cory notes that the term DevOps has always been poorly defined, leading to fragmentation and a diversity of interpretations. He advocates for an approach where operations teams produce APIs and tools to facilitate developers' access to necessary resources without having to become infrastructure experts. He highlights that cloud computing has evolved rapidly, moving from mainframes to servers, then to VMs, containers, and now to OpenAI calls, making it difficult for developers to stay up-to-date. Cory sees platform engineering as an evolution of the traditional IT role, combining development and operations skills to create abstractions that facilitate developers' access to cloud resources. He emphasizes the importance of creating prescriptive IaC modules that integrate best practices for security and compliance, rather than leaving developers to configure these critical aspects themselves. The discussion also touches on the potential role of AI in automating operations and security. Cory is skeptical about the current ability of AI to replace operations experts, noting that AI requires high-quality data and organizational context to be effective. He believes that large companies with significant budgets could benefit from AI for operations, but small and medium-sized enterprises might struggle to leverage this technology. Cory is optimistic about the future of platform engineering and IaC. He sees a growing trend towards adopting software principles in operations, which could lead to better security and compliance by default. He encourages operations teams to produce software rather than configurations and to integrate best security practices directly into their IaC modules. In conclusion, Cory O’Daniel offers a unique and in-depth perspective on the evolution of DevOps and platform engineering, emphasizing the importance of creating prescriptive and secure abstractions to facilitate developers' work. His expertise and insights are valuable for anyone interested in IaC and application security.