Stories
June 8

Standardization and security, a perfect match

This session talks about the challenges Northwestern Mutual faced with too many tools and too much choice. We talk about the idea of the "Paradox of Choice" and how it applies to platform engineering. Our approach to standardizing involved standardizing the tooling, the CI/CD pipelines, and implementing many guardrails. We also discuss the many cultural and organizational implications of this approach.
Talk abstract

How often have you scrolled through Netflix and had trouble finding something to watch? Or found yourself standing, staring at a kaleidoscope of flavors of ice cream at the grocery store? Choice is a luxury. We all prefer to have more options, not less. This is why ample choices are often considered a symbol of privilege. However, there comes a point when too many choices can start to hinder our decision-making ability. Too many choices can also hinder our security posture.

At Northwestern Mutual, we’ve had multiple tools (choices) - Multiple systems for Source Code, Build, artefact storage, deployment etc. Furthermore, we had various patterns of development and templates, with teams left with the choice to pick “what’s best for them.”

All the evidence indicated that all this choice was causing the teams to feel overwhelmed and hence creating inefficiency and increasing our time to market, leading to a paradox of choice. A Paradox of Choice with an overabundance of options could lead to anxiety, dissatisfaction and many ways to exploit systems.

So we decided to tackle this. There are several technical, cultural, and organizational implications to this. 

Join us as we share the story of how Northwestern Mutual improved our Cloud Security posture through standardization.

Ravi Devineni
Sr. Director of Engineering, Northwestern Mutual
Vinny Carpenter
Vice President - Cloud & DevOps Engineering, Northwestern Mutual

Related talks

Stories
June 8
From platform teams to a platform organization: Connecting the dots
A year ago we changed our existing platform approach. Where we (Central Platform Organisation) weren’t actually helping the developers, we needed to connect the dots. However we firstly needed to identify which dots were worthy. In this talk, we share lessons from our platform journey to improve developer experience from a fragmented approach to an integral approach; the developer journey.
Bas Vegter
Platform Engineer, Dutch Railways
Onno Wierbos
Product Owner, Dutch Railways
sponsored
Stories
June 9
Efficiency and platform engineering
Join us on a journey where we share how we transformed a complex microservices architecture into a scalable platform that manages over 26 thousand microservices and supports over 12 thousand developers, in a highly productive environment. We'll discuss the key insights we've learned including the challenges, the solutions we implemented, and the best practices we adopted.
Juliano Marcos Martins
Sr. Tech Manager, Mercado Libre
sponsored
Stories
June 9
With great self-served platform comes a greater need for multi-tenancy
This talk will be curated with the use cases, challenges, concerns and mitigation strategies experienced by the Lowe's Platform engineering team while creating, maintaining, and scaling a real-time data reporting platform.
Diganta Mukherjee
Lead Software Engineer, Lowe's Services India
sponsored
Stories
June 9
Where we went wrong in building a self-service platform on Kubernetes
In building a self-service platform on Kubernetes, we aimed to give application developers autonomy over their own services. But did we go too far in giving developers control? Join us as we explore how to find the right balance between standardization and flexibility when building a self-service platform.
Reynis Vazquez-Guzman
Sr. Software Engineer, Affirm
sponsored