Episode 9: Secrets Management

Episode 9: Secrets Management

Secrets management is one of the fastest ways to reduce breach risk in modern DevOps — and it’s still one of the easiest things to get wrong. In this episode, we break down what a “secret” actually is (API keys, tokens, certificates, encryption keys), why secrets leak (Git repos, CI/CD logs, long-lived access keys), and how to build a practical workflow that scales across teams.

Episode 8: Observability

Monitoring tells you something is broken. Observability helps you explain why it’s broken — fast enough to reduce incident impact and avoid wasting money on noisy telemetry. In this episode, Matt and Helen break down monitoring vs observability in practical terms, then go deep on the three pillars (logs, metrics, traces) and how they work together during real incidents. We also cover the part most teams ignore until finance gets involved: log ingestion cost, what to keep, what to drop, and how to keep signal high without the bill exploding.

Episode 7: What is IaC?

Infrastructure as Code (IaC) sounds simple until you hit the real-world issues: state, drift, collaboration, and governance. In this episode, Matt and Helen break down Terraform from first principles — what it’s doing under the hood, where teams get burned, and how to run it safely at scale. You’ll learn: * IaC (Infrastructure as Code): why defining infrastructure as version-controlled code improves repeatability, auditability, and change control * Provisioning vs configuration management: where Terraform fits and when Ansible is the better tool * Declarative workflows: what “desired state” means, and what actually happens during plan/apply * Modules + variables: how to standardise patterns without creating a brittle monolith * Terraform state: why it exists, why it’s sensitive, and why mishandling it causes outages * Drift: how infrastructure diverges from code, how to detect it, and how to reduce it * Remote state (S3) + Terraform Cloud/HCP: collaboration, locking, and governance * IaC scanning/guardrails: practical security/compliance checks before changes land * CDK for Terraform (CDKTF) vs HCL: choosing abstraction without losing control * RUM pricing: what “resources under management” means in practice If you’re adopting Terraform (or cleaning up an existing estate), this is a direct, practical guide to avoiding the common failure modes.

Episode 6: Containers

In this episode we unpack what containers actually are (and why “done properly” they’re small, portable, and predictable), why container images reduce the classic “works on my machine” failure mode, and a question that matters once you’re operating at scale: is Kubernetes really the orchestrator — or is it being orchestrated by everything around it? We cover: * Containers vs VMs (what you’re really shipping) * Images, immutability, and repeatable deployments * How “same artefact everywhere” changes DevOps workflows * The Kubernetes orchestration debate (and what it implies for platform teams)

Episode 5: IDP's and EngOps

In this episode of DevOps Unpacked, Matt sits down with Christina (VP of Strategic Initiatives at Cortex, former founding engineer) to unpack what an Internal Developer Platform (IDP) actually is — and why CIOs/CTOs are using IDPs, service catalogues, and guardrails to improve delivery speed without increasing reliability and compliance risk. You’ll learn how high-performing teams turn platform engineering into an executive lever: * Service catalogues as an ownership and accountability system (not “another tool”) * Golden paths (“paved roads”) to standardise delivery and reduce cognitive load * Guardrails that enable autonomy while controlling operational and security risk * The metrics that matter: DORA, MTTR, and SLOs (and how to use them for decision-making) * What changes when AI starts writing code: hallucinations, policy, and practical AI coding guardrails * CI/CD + observability as the backbone for safe, repeatable delivery and faster recovery If you’re leading a platform/modernisation programme this year, this episode helps you separate signal from hype — and gives you the questions to ask your teams and vendors.