blog post cover

Overview: Building a Secure and Scalable Developer Experience

Table of contents

During the last Webinar on February 16, John and Serhat talked about building a secure and scalable developer community. The Development Relations (“DevRel”) practice is unusual, yet it draws significance every day, so John walked us through its basics with Serhat's guidance. 

Here's a snapshot of what is discussed!


With 15 years of experience gained in GitHub, Twitch, Slack, and Atlassian, John Agan leads Webflow's developer relations team. Based on his invaluable experience, he provided us with the principles and approaches he takes to build a well-structured developer environment. 

Summary of the key points from the discussion

  • DevRel as a term

DevRel refers to a wide variety of roles depending on the company's structure. Like a big bucket of ingredients, it is shaped based on the company's goals. After all, the most important thing is developing the best APIs for developers with the best developer flow, which is what John spends most of his time on. 

  • Best approaches to consider 

John explained his mental framing, which includes two main approaches:

  1. Put developers in the first place: It is important to ground all the decisions on developer empathy and take their needs into account; you need to walk through their path and wear their shoes to see what it takes. 
  2. Have a leadership perspective: As the developer's voice is important internally, the platform's voice is important externally. At this stage, it is very important to have a feedback loop.
  •  Core principles of DevRel

The three C’s represents a bucket for developer success. These 3 are code, community, and content. In order to reach developers, the first thing you need is code. A decent piece of content is necessary to follow the code. As the content has to be real and useful, it is crucial to have the technical knowledge to do marketing. It is important to review and provide feedback at this point, and the person who writes the documentation needs a decent understanding of the product since developers are more likely to be interested in real talk and technical explanations. A third component of this triplet is the importance of communities in moving rapidly. You have to move fast to keep pace with the big companies, for example, when launching a new feature. This stance emphasizes the importance of communities. 

  • Fostering engagement within the community

It is important to enhance community engagement to build a successful API. In order to build trust with developers, communication and having strong bonds are crucial. Developers appreciate honesty, tell them if something is not ready, and be open to any inquiries coming from the community. 

  • Interacting with a  broad audience

Companies have ecosystem partners such as AWS, Hubspot, and so on. To make the most out of these relationships, companies may need someone to take care of their partners and manage their interactions. At this point, partner engineers come into play and act as a bridge between the company and the partners.  

  • Documentation - how to stay tuned

As developers usually aren’t the ones that do the documentation directly, documentation may become a challenge. Indeed, reference materials may be more helpful than expected. Writing down the terms and the descriptions and keeping these swaggers updated is important. Following this, it becomes tech-savvy, into-writing personas' duty to document the process.  

  • Metrics to measure the developer's success

It differentiates what a company wants to achieve, but John has adopted a general approach. The first phase of this approach is awareness, like how many views the blog post gets. The other phase is the building phase, such as a successful adoption. You have created a token, but it hasn’t been used in days, or your APIs are constantly getting too many aircalls. Especially for the building phase, it is important to monitor to scale how you are doing with the building phase. Daily monitoring of the metrics will tell you so much and keep you alerted if something is wrong.  

  • How is DevRel involved in security?

If something is working, then no one will know it exists until it is broken and everything falls apart. Therefore, John considers security to be the core of developer operations, as any vulnerability will remain a threat until someone realizes it and fixes it, and if you are lucky, you will notice it before malicious actors get into it. In this context, John handles the security issues in two categories: the rabbit holes and reactive type things. When building a secure environment, the standards are essential since they give you a fundamental way of security. 

Each company should build a security structure, monitor things, educate their employees, and implement a system where they can keep track of activities and stay informed if any vulnerabilities arise. It is important to remember that if something is everyone’s job, it is no one’s job. Make sure that your security structure is in place today and that everyone sticks to it. We know it is harder to sustain than build; start your free trial today and let Resmo do it for you!

Join us on our next Webinar and learn from the experts!

Continue Reading

next article

17 Best SIEM Tools to Try in 2024

Sign up for our Newsletter