This handbook gives CTOs and engineering leaders a practical way to think about DevOps when delivery pressure is real: releases are piling up, incidents are distracting the team, and every tooling decision feels urgent. The goal is to clarify what DevOps actually improves, where it does not help, and how to apply it without turning the work into a tool-buying exercise.
- Understand DevOps in plain engineering terms: shared ownership, fast feedback, repeatable automation, and safer change instead of slogans, maturity models, or vendor checklists
- Identify where DevOps can realistically move the needle: shorter lead times, safer deployments, more reliable services, faster incident recovery, and a smoother daily workflow for developers
- Use clear decision rules for team ownership, platform capabilities, automation depth, observability coverage, and release readiness: what to standardize, what to leave flexible, and when to slow down for safety
I’ve also included a bonus section for leaders who want to translate these principles into a concrete operating model with clearer ownership, platform boundaries, and delivery expectations.
Think of it as a reference setup rather than a prescription: adapt it to your constraints, then pressure-test it against your own security, reliability, compliance, and delivery requirements before standardizing it.
Who should read this
You might be a founder trying to set up DevOps practices before the engineering team grows and delivery habits become harder to change.
You might be a CTO of a 1,000 employees company who wishes to get simple principles.
Or, maybe you’re a Software Engineer, and you want to understand if your company’s DevOps approach is good.
If you’re looking for a simple DevOps playbook, this is it.
Understand the desired result
Two things your company needs to be able to do
- Serve its product to customers
- Build and improve the product
Abilities you need to build, improve, and serve software
- Run experiments and test changes
DevOps has a simple meaning
Developers and Operators have shared responsibility for building and improving the system.
In practice:
- Developers are responsible to “Operate”
- DevOps Engineers are responsible to enable to “Operate” AND do some of it themselves
Operate = provision, monitor, secure, configure, deploy, scale.
Choose a balance: Enabler, Doer, or Automator
The DevOps role will end up as a balance between:
- Enabler: Provides the tools and knowledge to fulfill the DevOps goals
- Doer: Does the tasks that fulfill the DevOps goals
- Automator: Automates any repeating operation
Know what things you should enable, do, or automate
- Provision infrastructure
- Secure the system
- Deploy workloads
- Monitor the system
- Recover from issues
- Scale up or down
- Track & test changes
- Automate processes
Choose the right tools
- Has state management = Saves time automating state-aware processes (e.g., Terraform)
- Has a big community & good docs = Saves time dealing with common issues (e.g., Kubernetes)
- Has multiple interface types: API, CLI, UI = Saves time integrating with the existing system (e.g., Vault)
Set useful goals
There are DevOps goals that adopting them will focus you on the right direction:
- One-Click Environments: makes e2e tests easy and quick
- Atomic Commits: provides confidence that a tested change will work in production
- Separate the Shared & Env-Specific Parts: enables e2e tests as the company scales up
If you want help mapping these DevOps goals to your own teams, systems, and delivery constraints, you can book a free consultation.
Enablers: Choose the Tools-to-Knowledge Balance
Developers can either have the knowledge or the tools to do something.
- More knowledge-reliance: if you want the developers to contribute to the DevOps efforts
- More tools-reliance: if you want to abstract the operations from the developers
If the balance between the two is not intentional, it’s accidental.
Doers: Have a good reason to do it
- Is it a one-time task?
- Does it teach you how the developers work?
- Are you directly accountable for the results of the task?
If you answered “no” to the above questions, enable or automate it instead.
Doing more = Learning the system's use-cases
Doing too much = Not scalable, too-much knowledge-reliance
Automators: Have a good reason to automate it
- Did it happen before?
- Is it likely to happen again?
- Will automating it take less time than doing it?
- Will automating it teach you an important company process?
If you answered “yes” to 2 out of the 4 questions - automate it!
More automation means less dependence on tribal knowledge when operating the system.
Too much automations = No system awareness.
P.S. - you can also enable developers to automate it.
Create available DevOps Capacity
The DevOps needs of a company have spikes.
One month you may need two DevOps engineers; the next month, one may be enough.
Switchovers between big efforts and small tasks are common.
This is true, especially for new companies.
Break the assumption: “DevOps tasks must be done by a DevOps Engineer”.
There are 3 types of DevOps capacity
- Non-Flexible: A full-time DevOps Engineer on the team
- Semi-Flexible: Key developers that can contribute to the DevOps goals
- Fully-Flexible: A flexible DevOps Services company or freelancer
You can read more about calculating the DevOps capacity your company needs here.
When to focus on what: Common Dilemmas
When: You work alone, and the system is simple
Focus: On simplifying the development - Dockerize your apps, Create a post-commit pipeline that runs tests
When: You need to be able to create new environments quickly (for development, or for clients)
Focus: On implementing “One-Click Environments”: Using IaC (e.g., Terraform) + Deployment tool (Depends on the platform).
When: You want to e2e test every code modification, but there are many code modifications
Focus: On splitting the “One-Click Env” into a “base” with shared resources, and “env” with env-specific resources
When: You want to unify & standardize how you deploy, monitor, scale, configure, and secure your workloads
Focus: On implementing an orchestrator such as Kubernetes
When: You want you have many moving parts and wish to be certain a tested change will work
Focus: On implementing GitOps and consider a Monorepo (the sooner the better)
When: You want the DevOps efforts to be done by the dev team
Focus: On using “actual” IaC tools (Pulumi Typescript/Python), Full “how to operate” (see above) documentation
Never: - Invest lots of time in new tech without a strong reason
Always:
- Have your code in Git
- Monitor the basic stuff: CPU, Memory, Disk, Network, App Logs, Cloud Costs
- Architect for high-availability
- Test before you deploy
BONUS: An example setup for a CTO approaching Production

2 AWS Accounts
- One for development and staging
- Another for production
Monorepo in Github
- Docker-Compose for local development
2 Infrastructure-as-Code projects: 'base' & 'apps'
- base = shared resources (e.g., VPC, RDS, ECS Cluster, EKS Cluster)
- apps = env-specific resources (e.g., Lambda Functions, ECS Services, Kubernetes Namespaces)
- config file per environment
Github Actions Workflow: Development workflow
- Checkout branch and locally develop + test changes
- Create a Pull Request: Deploys a Pull-Request ‘apps’ environment on the ‘development’ environment ‘base’
- On merge to main: Deploys from the ‘main’ branch an ‘apps’ environment onto the ‘development’ environment ‘base’
- Manual: Deploy from the ‘main’ branch onto the ‘staging’ / ‘production’ environment ‘base’
Notes:
- Avoid mentioning an environmnent's name in the code for conditional resources deployment
- Use each environment’s config file to declare if a resource should be created
- Could be implemented using Terraform, Terragrunt, Pulumi, CDK, and other IaC tools
- Production should have 2-instances of every workload for high-availability
If you’d like to see this setup in your startup, click here to book a call 👈🏼
P.S. - I'll be updating this page occasionally, so you might want to visit again
Another Bonus: DevOps Dictionary for Human Beings
| Term | Definition | Tools |
| Environment | A working instance of the entire system | |
| CI (Continuous Integration) | Enable developers to collaborate by agreeing on a single source-of-truth (master/main) | Jenkins, Github Actions, GitlabCI |
| CD (Continuous Delivery) | Create an artifact that’s ready for production (tested, tagged) | JFrog Artifactory, Nexus, AWS ECR |
| CD (Continuous Deployment) | Every available deliverable (artifact) gets deployed automatically | ArgoCD, Jenkins, AWS CodeDeploy |
| Monitoring / Observability | Collect metrics/traces/logs from apps and infrastructure, analyze them, and display them, and setup alerts | Prometheus, Jaeger, Elasticsearch, Fluentd, OpenTelemetry |
| Infrastructure | The resources on which the workloads run, in which the data is stored, and through which the network flows | Servers, Databases, Network Routers & Switches |
| Cloud Infrastructure | Same as the above, but specifically in the cloud | AWS EC2, AWS RDS, GCP Compute Engine, Azure Virtual Machines |
| Cloud | Computing & Data services served from remote locations for you to build your system | AWS, Azure, GCP |
| Containerization & Virtualization | Technologies utilizing Kernel & OS features to create virtual machines, or isolate process (AKA run containers) | Docker, vSphere, KVM |
| Secrets Management | Storing and retrieving sensitive configurations (e.g., tokens, passwords) | Hashicorp Vault, AWS Secrets Manager, SealedSecrets |
| Configuration Management | Usually refers to preparing servers for workloads (e.g., creating directories & files, starting processes) | Ansible, Chef, Puppet |
| Version Control | Saving the code in a versioned way (Git) | Github, Gitlab |
| GitOps | Making the system is the same as it’s described in Git | Flux, ArgoCD, Jenkins |
| Monorepo | All of the company’s code is in one Git Repository | NX, Turborepo |
| Polyrepo | Multiple Git repositories for different components | |
| IaC (Infrastructure-as-Code) | Creating Cloud infrastructure with idempotent code and state management | Terraform, Pulumi, CDK, Crossplane |
| Deployment | Execute, serve, or install the artifacts | ArgoCD, Jenkins, AWS CodeDeploy, Scripts (Bash, Python, etc.) |
| Orchestrator | Dynamically allocating workloads to a pool of nodes | Kubernetes, Nomad, AWS ECS |
| Authentication & Authorization | Making sure each person, workload, or resource, has access only to what’s necassary (other workloads and resources) | AWS IAM, OpenID, OpenVPN, Twingate, Istio |
| Service Discovery | Exposing available workloads using DNS | Consul, CoreDNS |




