General

Innovation is NOT Just Creating Something New: Dylani Herath, FinTech Leader

Published Jan 10, 2024

Updated Aug 22, 2024

3 min read

Dylani Herath, a well known FinTech leader who has worked at organizations such as Greenwood, JP Morgan, and FIS sat down with Rob Ocel, Engineering Lead at This Dot Labs and shared some insight on how digital leaders can improve culture and lead successful transformations by balancing business objectives and engineering needs.

Dylani began her career with a scholarship that allowed her to work for an engineering company while studying. This experience laid the foundation for her future endeavors in consulting, where she focused on process improvement, quality assurance, automation, and optimization. Eventually, she found herself in the fintech industry, working with large organizations to transform and optimize their engineering processes.

Ways to be a Successful Transformative Leader

Creating a roadmap with measurable objectives

One key aspect of effective leadership is aligning the team's technological capabilities with the organization's transformation initiatives. This alignment ensures that the team is equipped to drive change and achieve the desired outcomes. She emphasizes the importance of tying transformation initiatives to measurable objectives, as this provides a clear roadmap for success.

Creating a relationship with your team

Another crucial factor in driving transformation is having the right people on board. Dylani highlights the significance of leaders building strong relationships with their staff to foster a collaborative and supportive environment. This enables the team to work together towards common goals and drive change effectively.

Building platforms to allow ideas and innovation

Creating forums for brainstorming and innovation is another strategy Dylani suggests for engineering leaders. These platforms allow team members to share ideas, think outside the box, and come up with innovative solutions to challenges. By encouraging creativity and collaboration, leaders can harness the full potential of their team.

Clear and transparent communication

Communication is also a vital aspect of effective leadership. Dylani advises leaders to clearly communicate the reasons behind unpopular decisions, ensuring that they align with the organization's long-term goals. This transparency helps build trust and understanding among team members, even in the face of difficult choices.

Incremental transformation, incremental wins

Taking innovative solutions such as new AI tools and harnessing the power of those tools, but implementing them incrementally as there are opportunities for transformation within an organization is the best approach versus investing in large initiatives that take a long time to see results. Done incrementally, organizations can gain valuable insights from their data and make informed decisions that drive transformation and optimize processes.

Dylani's insights on engineering leadership and championing change provide valuable guidance for leaders looking to drive transformation within their organizations. You can follow her on LinkedIn at https://www.linkedin.com/in/dylaniherath/.

You can listen to the podcast here: https://engineeringleadership.podbean.com/e/innovation-is-not-just-creating-something-new-dylani-herath-fintech-leader/

This Dot is a consultancy dedicated to guiding companies through their modernization and digital transformation journeys. Specializing in replatforming, modernizing, and launching new initiatives, we stand out by taking true ownership of your engineering projects.

We love helping teams with projects that have missed their deadlines or helping keep your strategic digital initiatives on course. Check out our case studies and our clients that trust us with their engineering.

Are Engineering Leaders Hiding Behind the Data?

Many engineering leaders when they start out find themselves just wanting to please everyone around them. Figuring out how to “own” the role is quite difficult for many. Rob Ocel, Engineering Lead and Tracy Lee, CEO at This Dot explore this topic on this episode. They discuss the idea of hiding behind the data. When decisions are made, it’s easy to ask for data, but then make decisions solely based on that data and not form or “own” an opinion around that decision so you can’t get blamed for an opinion you had. Rob encourages leaders to have opinions and be willing to fight for them. Another topic covered was making people unhappy in a deliberate way. Are you able to succeed doing so, and do you have the ability to “own” that? Rob also emphasizes the need for self-awareness and self-introspection, and to have mentors and accountability partners to help guide decision-making. Listen to the full podcast here: https://engineeringleadership.podbean.com/e/are-engineering-leaders-hiding-behind-the-data-with-robocel-tracy-lee/...

Jan 24, 2024

1 min

Engineering Leadership

How to be an Effective Technology Leader in an Agile Startup Environment with Daniel Chopson

Daniel Chopson, CTO and co-founder of Cove Tool, discusses key aspects of engineering leadership, team management, and software development in the fast paced startup environment. Cove.Tool, initially a sustainability-focused software company, has evolved to offer AI-driven solutions for architects and engineers. Daniel shared valuable insights on the importance of productive retrospectives, agile planning, and strategic team structuring. Daniel emphasized the significance of conducting productive retrospectives to foster team improvement and effective communication. By celebrating wins and establishing clear action items, teams can identify areas for growth and implement necessary changes. These retrospectives provide a platform for open and honest discussions, enabling teams to learn from their successes and failures. Encouraging a culture of continuous improvement allows engineering leaders to drive innovation and enhance team collaboration. In a startup environment, balancing planning and agility is crucial for success. Cove.Tool prioritizes shorter-term sprint planning to allow for real-time feedback and adaptability. By aligning work towards business objectives while maintaining flexibility in planning, the team can respond quickly to changing market demands. This approach enables Cove.Tool to stay ahead of the curve and deliver high-quality solutions to their clients. The key lies in finding the right balance between long-term strategic planning and the ability to pivot when necessary. Team structuring plays a vital role in engineering leadership. Daniel highlighted the importance of specialized roles like engineering managers and tech leads for effective people development and technical guidance. Engineering managers focus on nurturing the growth and well-being of team members, while tech leads provide technical expertise and mentorship. This division of responsibilities ensures that both the personal and technical aspects of team development are adequately addressed, leading to a more productive and motivated workforce. The conversation underscored the significance of adaptability, feedback-driven decision-making, and strategic team structuring in successful software development endeavors. By embracing change and continuously seeking feedback, engineering leaders can make informed decisions and drive innovation. Strategic team structuring, with specialized roles and clear responsibilities, ensures that the right people are in the right positions to maximize productivity and foster growth. Effective engineering leadership is essential for adapting to changing market demands and building teams equipped to tackle future challenges. Download this episode here....

May 24, 2024

2 mins

Engineering Leadership

“ChatGPT knows me pretty well… but it drew me as a white man with a man bun.” – Angie Jones on AI Bias, DevRel, and Block’s new open source AI agent “goose”

Angie Jones is a veteran innovator, educator, and inventor with over twenty years of industry experience and twenty-seven digital technology patents both domestically and internationally. As the VP of Developer Relations at Block, she facilitates developer training and enablement, delivering tools for developer users and open source contributors. However, her educational work doesn’t end with her day job. She is also a contributor to multiple books examining the intersection of technology and career, including *DevOps: Implementing Cultural Change*, and *97 Things Every Java Programmer Should Know*, and is an active speaker in the global developer conference circuit. With the release of Block’s new open source AI agent “goose”, Angie drives conversations around AI’s role in developer productivity, ethical practices, and the application of intelligent tooling. We had the chance to talk with her about the evolution of DevRel, what makes a great leader, emergent data governance practices, women who are crushing it right now in the industry, and more: Developer Advocacy is Mainstream A decade ago, Developer Relations (DevRel) wasn’t the established field it is today. It was often called Developer Evangelism, and fewer companies saw the value in having engineers speak directly to other engineers. > “Developer Relations was more of a niche space. It’s become much more mainstream these days with pretty much every developer-focused company realizing that the best way to reach developers is with their peers.” That shift has opened up more opportunities for engineers who enjoy teaching, community-building, and breaking down complex technical concepts. But because DevRel straddles multiple functions, its place within an organization remains up for debate—should it sit within Engineering, Product, Marketing, or even its own department? There’s no single answer, but its cross-functional nature makes it a crucial bridge between technical teams and the developers they serve. Leadership Is Not an Extension of Engineering Excellence Most engineers assume that excelling as an IC is enough to prepare them for leadership, but Angie warns that this is a common misconception. She’s seen firsthand how technical skills don’t always equate to strong leadership abilities—we’ve all worked under leaders who made us wonder *how they got there*. When she was promoted into leadership, Angie was determined not to become one of those leaders: > “This required humility. Acknowledging that while I was an expert in one area, I was a novice in another.” Instead of assuming leadership would come naturally, she took a deliberate approach to learning—taking courses, reading books, and working with executive coaches to build leadership skills the right way. Goose: An Open Source AI Assistant That Works for You At Block, Angie is working on a tool called goose, an open-source AI agent that runs locally on your machine. Unlike many AI assistants that are locked into specific platforms, goose is designed to be fully customizable: > “You can use your LLM of choice and integrate it with any API through the Model Context Protocol (MCP).” That flexibility means goose can be tailored to fit developers’ workflows. Angie gives an example of what this looks like in action: > “Goose, take this Figma file and build out all of the components for it. Check them into a new GitHub repo called @org/design-components and send a message to the #design channel in Slack informing them of the changes.” And just like that, it’s done— no manual intervention required. The Future of Data Governance As AI adoption accelerates, data governance has become a top priority for companies. Strong governance requires clear policies, security measures, and accountability. Angie points out that organizations are already making moves in this space: > “Cisco recently launched a product called AI Defense to help organizations enhance their data governance frameworks and ensure that AI deployments align with established data policies and compliance requirements.” According to Angie, in the next five years, we can expect more structured frameworks around AI data usage, especially as businesses navigate privacy concerns and regulatory compliance. Bias in AI Career Tools: Helping or Hurting? AI-powered resume screeners and promotion predictors are becoming more common in hiring, but are they helping or hurting underrepresented groups? Angie’s own experience with AI bias was eye-opening: > “I use ChatGPT every day. It knows me pretty well. I asked it to draw a picture of what it thinks my current life looks like, and it drew me as a white male (with a man bun).” When she called it out, the AI responded: > “No, I don’t picture you that way at all, but it sounds like the illustration might’ve leaned into the tech stereotype aesthetic a little too much.” This illustrates a bigger problem— AI often reflects human biases at scale. However, there are emerging solutions, such as identity masking, which removes names, race, and gender markers so that only skills are evaluated. > “In scenarios like this, minorities are given a fairer shot.” It’s a step toward a more equitable hiring process, but it also surfaces the need for constant vigilance in AI development to prevent harmful biases. Women at the Forefront of AI Innovation While AI is reshaping nearly every industry, women are playing a leading role in its development. Angie highlights several technologists: > “I’m so proud to see women are already at the forefront of AI innovation. I see amazing women leading AI research, training, and development such as Mira Murati, Timnit Gebru, Joelle Pineau, Meredith Whittaker, and even Block’s own VP of Data & AI, Jackie Brosamer.” These women are influencing not just the technical advancements in AI but also the ethical considerations that come with it. Connect with Angie Angie Jones is an undeniable pillar of the online JavaScript community, and it isn’t hard to connect with her! You can find Angie on X (Twitter), Linkedin, or on her personal site (where you can also access her free Linkedin Courses). Learn more about goose by Block....

Mar 13, 2025

4 mins

DevRelEngineering LeadershipAI

Lessons from the DOGE Website Hack: How to Secure Your Next.js Website

Lessons from the DOGE Website Hack: How to Secure Your Next.js Website The Department of Government Efficiency (DOGE) launched a new website, doge.gov. Within days, it was defaced with messages from hackers. The culprit? A misconfigured database was left open, letting anyone edit content. Reports suggest the site was built on Cloudflare Pages, possibly with a Next.js frontend pulling data dynamically. While we don’t have the tech stack confirmed, we are confident that Next.js was used from early reporting around the website. Let’s dive into what went wrong—and how you can secure your own Next.js projects. What Happened to DOGE.gov? The hack was a classic case of security 101 gone wrong. The database—likely hosted in the cloud—was accessible without authentication. No passwords, no API keys, no nothing. Hackers simply connected to it and started scribbling their graffiti. Hosted on Cloudflare Pages (not government servers), the site might have been rushed, skipping critical security checks. For a .gov domain, this is surprising—but it’s a reminder that even big names can miss best practices. It’s easy to imagine how this happened: an unsecured server action is being used on the client side, a serverless function or API route fetching data from an unsecured database, no middleware enforcing access control, and a deployment that didn’t double-check cloud configs. Let’s break down how to avoid this in your own Next.js app. Securing Your Next.js Website: 5 Key Steps Next.js is a powerhouse for building fast, scalable websites, but its flexibility means you’re responsible for locking the doors. Here’s how to keep your site safe. 1. Double-check your Server Actions If Next.js 13 or later was used, Server Actions might’ve been part of the mix—think form submissions or dynamic updates straight from the frontend. These are slick for handling server-side logic without a separate API, but they’re a security risk if not handled right. An unsecured Server Action could’ve been how hackers slipped into the database. Why? Next.js generates a public endpoint for each Server Action. If these Server Actions lack proper authentication and authorization measures, they become vulnerable to unauthorized data access. Example: * Restrict Access: Always validate the user’s session or token before executing sensitive operations. * Limit Scope: Only allow Server Actions to perform specific, safe tasks—don’t let them run wild with full database access. * Don’t use server action on the client side without authorization and authentication checks 2. Lock Down Your Database Access Another incident happened in 2020. A hacker used an automated script to scan for misconfigured MongoDB databases, wiping the content of 23 thousand databases that have been left wide open, and leaving a ransom note behind asking for money. So whether you’re using MongoDB, PostgreSQL, or Cloudflare’s D1, never leave it publicly accessible. Here’s what to do: * Set Authentication: Always require credentials (username/password or API keys) to connect. Store these in environment variables (e.g., .env.local for Next.js) and access them via process.env. * Whitelist IPs: If your database is cloud-hosted, restrict access to your Next.js app’s server or Vercel deployment IP range. * Use VPCs: For extra security, put your database in a Virtual Private Cloud (VPC) so it’s not even exposed to the public internet. If you are using Vercel, you can create private connections between Vercel Functions and your backend cloud, like databases or other private infrastructure, using Vercel Secure Compute Example: In a Next.js API route (/app/api/data.js): ` > Tip: Don’t hardcode MONGO_URI—keep it in .env and add .env to .gitignore. 3. Secure Your API Routes Next.js API routes are awesome for server-side logic, but they’re a potential entry point if left unchecked. The site might’ve had an API endpoint feeding its database updates without protection. * Add Authentication: Use a library like next-auth or JSON Web Tokens (JWT) to secure routes. * Rate Limit: Prevent abuse with something like rate-limiter-flexible. Example: ` 4. Double-Check Your Cloud Config A misconfigured cloud setup may have exposed the database. If you’re deploying on Vercel, Netlify, or Cloudflare: * Environment Variables: Store secrets in your hosting platform’s dashboard, not in code. * Serverless Functions: Ensure they’re not leaking sensitive data in responses. Log errors, not secrets. * Access Controls: Verify your database firewall rules only allow connections from your app. 5. Sanitize and Validate Inputs Hackers love injecting junk into forms or APIs. If your app lets users submit data (e.g., feedback forms), unvalidated inputs could’ve been a vector. In Next.js: * Sanitize: Use libraries like sanitize-html for user inputs. * Validate: Check data types and lengths before hitting your database. Example: ` Summary The DOGE website hack serves as a reminder of the ever-present need for robust security measures in web development. By following the outlined steps–double-checking Server Actions, locking down database access, securing API routes, verifying cloud configurations, and sanitizing/validating inputs–you can enhance the security posture of your Next.js applications and protect them from potential threats. Remember, a proactive approach to security is always the best defense....

Mar 7, 2025

4 mins

NextJS

Let's innovate together!

We're ready to be your trusted technical partners in your digital innovation journey.

Whether it's modernization or custom software solutions, our team of experts can guide you through best practices and how to build scalable, performant software that lasts.