Road to Compliance: Will Your Internal Users Hate Your Platform Team?

Interview:

What is your session about, and why is it important for senior software developers? Why should attendees prioritize your session?

This session is about how platform teams can enforce compliance, governance, and cost controls without becoming the most hated team in the company. (We’ve been there — it wasn’t nice.)

Internal compliance is a mix of technical tooling (think AWS Security Hub, Config, SCPs, tagging policies) and human strategy, and the hardest challenge is usually cultural and organizational, not technical. You don’t want to become the cloud police, but without a strong mandate, how can you achieve your goals without nagging everyone?

This talk shares our real-world experience of rolling out rules and guardrails in a way that helped developers rather than blocking them.

What are the common challenges developers and architects face in this area?

Developers and architects often struggle with unclear or constantly changing compliance requirements, a lack of visibility into why certain rules exist, and tools or processes that feel more like blockers than enablers.

There’s also the tension between speed and control: teams want to move fast, but without good guardrails, they risk introducing security gaps or uncontrolled costs. Platform teams often have to bridge the gap between platform mandates and product goals, which can lead to friction if the platform team is seen as “the cloud police” rather than a partner.

What's one thing you hope attendees will implement immediately after your talk?

I hope attendees leave with the mindset that compliance and governance are team problems to be solved collaboratively. Sharing our experience is meant to help others avoid the same mistakes, prompt self-reflection, and increase empathy for both the platform team and the engineering teams. Specifically, I hope people will look at how their own rules, tools, or policies impact developer experience, and start small steps toward making compliance feel like a shared responsibility, not a top-down burden.

What makes InfoQ Dev Summit stand out as a conference for senior software professionals?

In my opinion InfoQ Dev Summit stands out because it focuses on the real-world challenges senior professionals face, from architecture and leadership to culture and scaling. It brings together people who have deep technical expertise and the scars of navigating organizational complexity, creating an environment where honest, experience-based insights matter more than buzzwords (or, worse, product pitches disguised as tech talks).

What does being part of InfoQ Dev Summit mean to you?

Being part of InfoQ Dev Summit is an exciting opportunity for me to share ideas and lessons learned with a broader, diverse audience. I’ve been actively involved in the AWS community for years, but what makes this conference special is that it brings together senior professionals across technologies, platforms, and disciplines — it’s not limited to just one cloud provider or ecosystem. It’s a chance to contribute to conversations that cross boundaries, exchange ideas with peers from different backgrounds, and hopefully offer insights that resonate well beyond the AWS world.