Playbooks

A quarterly, owner-driven review that keeps AI usage compliant, surfaces incidents and near-misses, tracks tool adoption, and updates policy before it goes stale.

A two-tier AI training program — a baseline for everyone and a deeper engineering track — delivered in short, small-group sessions so the whole org shares a common AI foundation.

A play for delivering business intelligence that drives decisions: pinning down what a metric is for, sourcing the data, choosing the right chart, and controlling access before anyone builds a dashboard.

A repeatable method for empirically testing an AI tool's real capability: build a baseline, ask for everything, then ladder the scope down and compare across tools.

A practical execution play for HIPAA Business Associate compliance: when it applies, the BAA timelines that beat statutory defaults, the controls and evidence to produce, and how to stay audit-ready.

A practical interview play for hiring engineers, built around a screening bar, a pairing-based technical exercise, and questions that surface ambition and how someone actually learns.

A play for spotting third-party infrastructure outages and communicating impact to clients proactively and accurately: a dependency list, monitoring, triage questions, communication triggers, and a response SLA.

How I approach performance and load testing — distinguishing load, stress, and scalability testing, the metrics to capture, a repeatable procedure, and the traps that quietly ruin results.

How to staff a delivery team: identify the tech lead before anyone else, then balance stack experience, eagerness to stretch, and the full set of roles the engagement needs covered.

A reusable structure for the recurring demo to a sponsor or client: what you de-risked, what you shipped, what's next, an honest roadmap, and then the live software.

A play for going from a written problem hypothesis to working software that finds real users, with paid discovery before any build and a hard stop that prevents accidental staff-augmentation.

A play for modernizing an aging, revenue-critical system without a big-bang cutover, starting with a time-boxed audit and defaulting hard to incremental approaches over rewrites.

The default modernization sub-play: route traffic through a thin layer, migrate features one at a time behind it, and delete the old system once it is empty.

A modernization sub-play for moving a working system onto new infrastructure, runtime, or deployment surface while leaving the business logic untouched.

A modernization sub-play for swapping a subsystem within the same codebase by introducing an abstraction, building the replacement behind it, and switching with a feature flag.

A modernization sub-play of last resort: build a parallel system, run it alongside the old one comparing outputs, and cut over only after confidence is earned.

A play for a product with real, evidenced usage where the question has shifted from does it work to does it work at scale, on a larger team, while shipping faster.

A play for establishing the metrics floor before launch, with a north-star metric, a six-category baseline stack, an event-naming standard, and experiment guardrails.

A roughly 100-minute facilitated sticky-note workshop that traces personas to processes to pain points and produces a prioritized backlog of opportunities.

A short preparation sprint that produces the shared artifacts, working environments, and team agreements needed for Sprint 1 to begin cleanly, not to start delivering features.

A standardized reference document capturing business context, people, personas, features, manual tasks, and tooling so a project's knowledge survives personnel turnover.

A play for structuring an on-call rotation with clear roles, real compensation, and clean weekly handoffs so reliability never comes at the cost of the people who keep things running.

An end-to-end incident response play covering severity classification, response steps, communication discipline, and the runbook and status-page templates that make it repeatable under pressure.

A play for postmortems that improve reliability by focusing on systems and decisions instead of people, with a template and the action-item discipline that keeps them from becoming theater.

A structured play for responding to a security breach, covering evidence preservation, breach verification, impact assessment across the CIA triad, notification clocks, and the drills that keep you ready.

A phased blue/green play for major-version database upgrades that turns downtime into a brief hiccup by verifying an upgraded green environment before cutting traffic over from blue.

A staged program for an engineering organization to adopt AI on purpose — establishing principles, securing tools, training people, and launching client-facing services while protecting quality and trust.

A standard intake play for assessing a new AI tool across security, privacy, integration, impact, cost, and legal dimensions, producing an approved tool list and per-tool usage settings.

A set of modular instruction prompts that capture one team's engineering standards — TDD, code quality, architecture, security, workflow, and more — so AI coding assistants produce work that matches them.

An operational play for sharing data with AI tools safely — what actually gets transmitted, data-risk tiers, a sanitization checklist, gateway controls, and what to do if sensitive data leaks.

A structured method for finding where AI actually creates value, prioritizing opportunities with four hard questions, and de-risking the chosen use case with a pilot before committing.

A play for using a take-home code kata to evaluate an engineer's problem-solving and clean, test-driven coding — with a rubric, candidate guidelines, and good library-only exercises to assign.