What’s going on with Infrastructure as Code? On this episode, Corey is joined by Firefly CEO and Co-Founder Ido Neeman to discuss the findings of the State of IaC 2025 report. Throughout their chat, Corey and Ido discuss the evolution of IaC adoption in enterprises, the challenges of managing multi-cloud and multi-IaC environments, and the importance of disaster recovery as code. The conversation also touches on the rise of open-source projects like Open Tofu and the significant role of automation in cloud cost optimization. This episode not only reflects on recent trends, but highlights the importance of robust cloud governance and the continuous need for innovation amidst increasing cloud complexity.

Show Highlights

(0:00) Intro

(0:59) Firefly sponsor read

(1:29) Firefly's semi-pivot to AI

(2:54) The findings of the State of IaC 2025 survey

(5:40) How are people working in multi-cloud environments

(8:14) Is there a responsible way to use Helm charts?

(11:21) The currrent state of Pulumi

(12:46) Problems that can be encountered with large enterprises

(18:07) The continuum between innovation and optimization

(21:51) Firefly sponsor read

(22:31) Are companies actually adopting infrastructure as code?

(28:49) The most interesting ways that Ido has seen enterprises use IaC in production

(33:40) What's stopping companies from fully leveraging IaC?

(41:06) Where you can find more from Ido and Firefly

About Ido Neeman

Ido Neeman is CEO and co-founder of Firefly, and the former CEO and co-founder of Nuweba, the fast and secure serverless platform. To the diversity of roles he has held, he brings more than a decade's experience in the elite Israeli intelligence corps, and later led the technology portfolio at a hedge fund. Today, he is focusing on helping organizations tackle cloud chaos through Infrastructure as Code.

Links

• Firefly’s website: https://www.firefly.ai/
• The State of IaC 2025: https://www.firefly.ai/state-of-iac-2025
• Ido on Twitter: https://x.com/idoneeman?lang=en
• Ido on LinkedIn: https://www.linkedin.com/in/ido-neeman/?originalSubdomain=il

Sponsor

Firefly: https://www.firefly.ai/

How does one manage to simplify the complexities of the NAT Gateway? In this episode of "Screaming in the Cloud," Corey Quinn interviews Malith Rajapakse, a DevOps engineer who has recently received acclaim for his blog post discussing the Managed NAT Gateway. Where AWS lacks in its documentation, Malith is a NATural at breaking things down. He’s so great at it that Corey had to invite him on the show! Malith shares the story behind his popular post, his creative process, and his use of interactive diagrams and engaging content. He and Corey also discuss the challenges of documentation and making technical subjects more appealing. Thankfully, Malith has already done that in written form, so enjoy this episode as he speaks it into the world!

Show Highlights

(0:00) Intro

(1:24) The Duckbill Group sponsor read

(1:58) Malith's background before his blog post 

(4:21) Why Malith wrote about the Managed NAT Gateway

(5:38) Corey's problems with Managed NAT Gateway and why Malith's blog post impressed him

(10:05) The interactive elements of Malith's blog post and how they were made

(12:21) Maltih's front-end experience

(14:47) Transitioning from front-end to DevOps through JavaScript

(16:20) The juxtaposition of Malith's blog post vs. AWS's official documentation

(18:05) How AWS's documentation of the managed NAT gateway isn't user-friendly

(22:27) Why Malith went all out for his first blog post

(23:17) Corey's constructive feedback for Malith

(26:05) Where you can find more from Malith

About Malith Rajapakse

Malith is a Devops engineer creating visualisations at https://malithr.com/.

Links

• Malith’s blog: https://malithr.com/
• Interactive AWS NAT Gateway: https://malithr.com/aws/natgateway/
• LinkedIn: https://www.linkedin.com/in/malith-rajapakse/
• Bluesky: https://bsky.app/profile/malithr.com
• Twitter: https://x.com/malithraj
• Reddit: https://www.reddit.com/user/mdilraj/
• Sam Rose’s blog: https://samwho.dev/
• Benjamin Dicken’s blog post on IO devices and latency: https://planetscale.com/blog/io-devices-and-latency
• Josh W Comeau’s blog: https://www.joshwcomeau.com/
• Killed By Google: https://killedbygoogle.com/

Sponsor

The Duckbill Group: duckbillgroup.com 

Microsoft has its fingers in a lot of pots, but just how secure are said pots? On this episode, Corey is joined by Ann Johnson, Corporate Vice President and Deputy CISO of Microsoft's Customer Security Management Office. Ann talks about her 40-year professional journey and how it's culminated in her current role. Corey is known to “punch up” at the big guys in the tech industry, but he and Ann talk about the challenges of corporate leadership and being a public face in such a prominent company. Since it’s 2025, of course, they’re going to talk about AI’s pros and cons (and why it shouldn’t be used to make art).

Show Highlights
(0:00) Intro
(0:51) The Duckbill Group sponsor read
(1:25) What Ann's been up to since she and Corey last spoke 
(2:29) The makeup of Microsoft Security
(4:28) The unique company culture at Microsoft
(8:42) What's going on with Microsoft Azure
(10:31) How Ann handles the immense pressure of working in Microsoft Security
(14:13) The toxic nature of online criticism
(19:57) The Duckbill Group sponsor read
(20:24) The value of telling your leaders the truth
(23:31) Ann's thoughts on the current state of AI
(28:44) Properly defining what AI can and can't do
(30:54) Why Ann helps fund multiple STEM scholarships
(32:16) The need for the humanities alongside tech
(33:38)  Where you can find more from Ann Johnson

About Ann Johnson
Ann Johnson is Corporate Vice President and Deputy CISO at Microsoft. In this role, Ann drives all external engagement for the Microsoft Office of the CISO. She is a long-tenured, recognized thought leader on cybersecurity, published author, and a sought-after global speaker and digital author specializing in cyber resilience, online fraud, cyberattacks, compliance, and security. 

Ann challenges traditional schools of thought and cyber-norms–from the way the tech industry tackles cyber threats to the language it uses to communicate–and encourages the industry to get outside its comfort zones and expand how it addresses the evolving threat landscape with the power of technology and people. As a global cybersecurity leader and strategist, she is looking ahead at how today’s cybersecurity investments will impact tomorrow’s cybersecurity reality.  

Ann currently serves on the Board of Directors of N-Able, Human Security, Datavant, and is Member of the Board of Advisors for Cybersecurity Center of Excellence, WA and the Signal Cyber Museum Society. Ann is also an Executive Sponsor of the Microsoft Women in Cybersecurity Group.

Links

• Ann Johnson’s LinkedIn: https://www.linkedin.com/in/ann-johnsons/
• Microsoft Security: https://www.microsoft.com/en-us/security
• Afternoon Cyber Tea: afternooncybertea.com
  
  

Sponsor

The Duckbill Group: duckbillgroup.com

If you believed, they put a data center on the moon. No, for real, they did, and it’s partially thanks to Lili Rogowsky, partner at Atypical Ventures. Lili joins Corey to discuss her unconventional leap from law to venture capital. Although she made a sharp turn career-wise, Lili remains grounded in the often heartless world of venture capital—highlighting the importance of empathy and technical prowess in founding successful enterprises. Out of all resources, time carries the heftiest price tag, and this half-hour episode is a low-risk, high-yield investment.

Show Highlights

(0:00) Intro

(1:12) The Duckbill Group sponsor read

(1:46) How Corey (kinda) met Lili

(3:38) What attracted Corey to Atypical Ventures

(5:58) How Atypical helped put a data center on the moon

(8:34) VC “done right”

(9:59) What led Lili to run a VC firm

(13:43) Quitting jobs until you find something you like

(16:28) The Duckbill Group sponsor read

(16:54) The value of sharing your time

(21:44) Risk assessment, well-dressed horses, and punching up in comedy

(24:44) The importance of humility in life and business

(29:15) Where you can find more from Lili and Atypical Ventures

About Lili Rogowsky

Lili is a dynamic investor, attorney, advisor, and entrepreneur. She is a partner at Atypical Ventures, an early-stage fund that identifies and invests in “engineers with empathy” working on plausible science fiction. 

A voracious reader driven by her curiosity and love of type 2 fun, Lili’s experience includes (in no particular order) mountaineering, visual arts, marine science, founding a law firm, cave/ shark diving (not necessarily at the same time), data privacy/ security, gardening, recruiting, battling NYC rats that eat her car, and interplanetary internet.

Links

• Atypical Ventures: atypical.com 
• Email Lili: [email protected] 

Sponsor

The Duckbill Group: duckbillgroup.com

Dropping and sharing files should be easy. What a novel idea. On this episode, Corey speaks with Timo Josten, the sole developer behind Dropshare. We bring up the fact that he’s the only guy working on it because the tool is quite impressive! Corey loves it and so does an entire community of folks on Github! Together, they discuss the evolution and functionality of Dropshare. Timo also shares how he balance of enhancing Dropshare, emphasizing user feedback, and customization options, all while offering feature updates and maintaining sustainability. 

Show Highlights

(0:00) Intro

(1:06) The Duckbill Group sponsor read

(1:39) What does Dropshare do? 

(6:10) Dropshare's impressive flexibility and dedicated community

(10:27) How Timo landed on Dropshare's business model

(12:38) What's new in Dropshare 6?

(16:09) The Duckbill Group sponsor read

(16:36) Determining what should be an update or part of the next version of Dropshare

(18:30) Dropshare’s iOS app

(21:04) The perks of being able to configure deletion in Dropshare

(25:45) Dropshare's thriving GitHub community

(29:26) Where you can find more from Timo and Dropshare

About Timo Josten

Timo Josten is the developer of Dropshare, the macOS and iOS app to upload anything anywhere.

Links

• Timo’s LinkedIn profile: https://www.linkedin.com/in/timo-josten-493962185/
• Timo’s personal website: https://josten.io
• Dropshare: https://dropshare.app/
• shitposting.pictures 

Sponsor

The Duckbill Group: duckbillgroup.com 

How you learn is important. Corey Quinn is joined by Aditya Bhargava, a Staff Software Engineer at Etsy and the author of Grokking Algorithms. They talk about the nuances of technical learning and the contrasting philosophies of "just in time" versus "just in case" learning. In this episode, Aditya emphasizes the importance of effective teaching methods and the value of incorporating fun things like drawings into technical explanations. This approach also bleeds into his illustrated Substack, DuckTypes. As Corey and Aditya discuss, a good, informative book doesn’t need to drag on, and this quick, insightful, 30-minute conversation is no different.

Show Highlights

(0:00) Intro

(1:24) The Duckbill Group sponsor read

(1:58) Corey's admiration for Aditya's writing

(5:40) How Aditya clearly explains AWS networking

(8:06) “Just in case” vs. “just in time”

(10:15) Why business books don't need to be hundreds of pages long

(14:19) Reading for pleasure vs. reading for work

(16:57) The Duckbill Group sponsor read

(17:24) Explaining Aditya's book on algorithms

(20:07) The great editor behind Aditya's book

(22:20) DuckTyped and how Aditya got into AWS networking

(25:16) Where networking folks fall in the era of the cloud

(28:12) The importance of staying up-to-date in your field

(31:46) Where you can find more from Aditya

About Aditya Bhargava

Aditya Bhargava is a Software Engineer with a dual background in Computer Science and Fine Arts. He blogs on programming at adit.io.

Links

• Aditya’s blog: https://www.adit.io/
• Grokking Algorithms, Second Edition: https://www.manning.com/books/grokking-algorithms-second-edition
• DuckTyped: https://www.ducktyped.org/
• Last Skeet in AWS: https://lastskeetinaws.com/

Sponsor

The Duckbill Group: duckbillgroup.com 

Sysdig’s 2025 Cloud-Native and Security Usage Report is hot off the presses, and Corey has questions. On this episode, he’s joined by Crystal Morin, a Cybersecurity Strategist at Sysdig, to break down the trends of the past year. They discuss Sysdig’s approach to detecting and responding to security and the success the company has seen with the rollout of Sysdig Sage (an AI product that Corey thinks is actually useful). They also chat about what’s driving a spike in machine identities, practical hygiene in cloud environments, and the crucial importance of automated responses to maintain robust security in the face of increasingly sophisticated cyber threats.

Show Highlights

(0:00) Intro

(0:39) Sysdig sponsor read

(2:22) Explaining Sysdig's 5/5/5 Benchmark

(4:06) What does Sysdig's work entail?

(10:03) Cloud security trends that have changed over the last year

(14:30) Sysdig sponsor read

(15:16) How Sysdig is using AI in its security products

(19:09) How many users are adopting AI tools like Sysdig Sage

(25:51) The reality behind the recent spike of machine identities in security

(29:24) Handling the scaling of machine identities

(35:37) Where you can find Sysdig's 2025 Cloud-Native and Security Usage Report

About Crystal Morin

Crystal Morin is a Cybersecurity Strategist with more than 10 years of experience in threat analysis and research. Crystal started her career as both a Cryptologic Language Analyst and Intelligence Analyst in the United States Air Force and as a contractor for Booz Allen Hamilton, where she helped develop and evolve their cyber threat intelligence community and threat-hunting capabilities. In 2022, Crystal joined Sysdig as a Threat Research Engineer on the Sysdig Threat Research Team, where she worked to discover and analyze cyber threat actors taking advantage of the cloud. Today, Crystal bridges the gap between business and security through cloud-focused content for leaders and practitioners alike. Crystal’s thought leadership has been foundational for pieces such as the “2024 Cloud-Native Security and Usage Report” and “Cloud vs. On-Premises: Unraveling the Mystery of the Dwell Time Disparity,” among others.

Links

• Sysdig’s 2025 Cloud-Native and Security Usage Report: https://sysdig.com/2025-cloud-native-security-and-usage-report/
• Sysdig on LinkedIn: https://www.linkedin.com/company/sysdig/
• Crystal’s LinkedIn: https://www.linkedin.com/in/crystal-morin/

Sponsor

Sysdig: https://sysdig.com/

What’s the difference between marketing and BS? On this episode, Corey Quinn is joined by Jonathan Cowperthwait, Duckbill’s brand-new Head of Marketing. Jonathan's career path is a bit unconventional. After all, not everyone can say their professional journey was influenced by The West Wing. Even though he’s a marketer by trade, Jonathan still has the technical know-how needed to work in the often expensive world of cloud economics. Have you ever wanted to know what The Duckbill Group’s relationship with AWS is really like? How fun is it to sit on domains like “oldmanstartup?” Is there a similarity between clouds and butts? This interview is the inside scoop on The Duckbill Group that you never knew you needed. 

Show Highlights

(0:00) Intro

(1:11) Duckbill Group sponsor read

(1:45) Acquiring the Duckbill Group office post-pandemic

(2:52) Keeping your pants on during a pandemic so you can officiate your nanny's wedding

(6:07) Jonathan's background prior to joining The Duckbill Group

(11:29) What Duckbill was looking for when they hired Jonathan

(14:54) When marketing begins to feel like spam

(15:40) The fun of having disposable domains and email addresses

(18:20) The importance of a good name for a product

(19:38) Duckbill Group sponsor read

(20:07) The Duckbill Group isn't just Corey Quinn

(21:03) The "Cloud to Butt" extension

(24:01) Corey's beef with Google's AI search engine

(24:57) What can people expect from the Duckbill Group's new marketing effort

(30:58) Where you can find more from Jonathan

About Jonathan Cowperthwait

Jonathan Cowperthwait does positioning, messaging, and go-to-market strategy to maximize awareness and revenue for technology brands of all sizes.

He prides himself on being a slow runner, fast talker, and good writer.

Links

• Jonathan on LinkedIn: https://www.linkedin.com/in/cowperthwait/
• Jonathan on Bluesky: https://web-cdn.bsky.app/profile/cowp.co
• Email Jonathan: [email protected]
• Email Corey: [email protected]

Sponsor

The Duckbill Group: duckbillgroup.com 

What were you doing at the age of 12? We’d wager to bet you weren’t getting invited to Google I/O. On this episode, Corey chats with Alex Zenla, the founder and CTO of Edera. Only in her mid-20s, Alex already has more than a decade’s worth of professional experience working in the tech industry. They discuss how Alex found her way into programming at a young age, her experiences with open source projects like the Dart Project and Chromium OS, and getting contacted by Google’s lawyers as a preteen. You’ll also get to learn about Alex’s company, Edera, and their creative approaches to Kubernetes container security using Xen hypervisors. Did we forget to mention that there are multiple sidebars about Minecraft in this one? So grab your pick axe, put on your headphones, and a Google legal will be at your door by the time we wrap up this conversation.

Show Highlights

(0:00) Intro

(0:54) The Duckbill Group sponsor read

(1:28) What is Edera?

(2:18) Who is the target customer for Edera's product

(7:50) Breaking down the overhead makeup of Edera

(10:28) How Edera sidesteps the problems with container isolation

(13:20) Alex's history working with tech

(15:40) The Duckbill Group sponsor read

(16:23) How a phone call with a lawyer helped get Alex to Google I/O at the age of 12

(18:55) Starting Alex's proper tech career thanks to a Dart library

(21:24) The important role of Minecraft in Alex's life and career

(23:40) The value of good networking 

(28:15) What it's been like for Alex to raise a Series A

(29:56) Where you can find more from Alex

About Alex Zenla

Alex Zenla is a technologist that has 10+ years experience in the full-time corporate world who is rebuilding the foundations of infrastructure to be secure-by-design.

Alex grew an interest in computers at the age of 7, learning about hypervisors and hardware technologies. At the age of 11, she was inspired by the concept of Chrome OS to get involved in low level systems, where she contributed to the Chromium and Chromium OS projects. This led to being invited to Google I/O 2012 by the Chrome OS team at just the age of 12. Eventually, the Dart programming language came along, and Alex got deeply involved in the ecosystem, contributing to the language and standard library, and building core open source technologies. At the age of 14, she was hired by an IoT company called DGLogik to build an IoT platform that could scale across complex networks, launching my career in IoT. At DGLogik, Alex became deeply involved in Google's IoT technologies across multiple divisions, ultimately ending up working at Google on their IoT platform for their internal Real Estate. In 2024, she retired from the IoT data sphere and started Edera, a company that is making computing secure-by-design.

Links

• Alex on Bluesky: https://bsky.app/profile/alex.zenla.io

Sponsor

The Duckbill Group: duckbillgroup.com 

Andy Warfield joins Corey in this episode to discuss the evolution of storage technology at Amazon. This includes the evolution of S3 from archival storage to supporting modern AI and analytics. As Vice President and Distinguished Engineer at AWS, Andy is able to explain performance-enhancing innovations like S3 Tables and Common Runtime (CRT). On the other hand, challenges like compaction and namespace structuring are discussed. Reflecting on his journey from working on the Xen hypervisor to AWS, Andy shares insights into scaling S3, including buckets spanning millions of hard disks. 

Show Highlights

(0:00) Intro

(1:09) The Duckbill Group sponsor read

(1:43) Andy’s background

(3:38) How AWS envisioned services being used vs. what customers actually do with them

(6:54) The frustration of legacy applications not keeping up with the times

(10:14) Why S3 is so accurate

(15:29) S3 as a role model for how a service should be run

(18:04) The Duckbill Group sponsor read

(18:46) Why AWS made Iceberg into a native offering

(23:50) Why S3 Tables is slightly more expensive

(28:23) How Andy handled the transition from Zen to Nitro

(32:22) What Andy is currently excited about 

About Andy Warfield

Andrew Warfield is a VP / Distinguished Engineer at Amazon. As a senior technical leader at one of the world's largest technology companies, he plays a crucial role in shaping Amazon's engineering strategies and initiatives. 

Links

• LinkedIn: https://www.linkedin.com/in/andywarfield/ 
• Email: [email protected] 

Sponsor

The Duckbill Group: duckbillgroup.com