[kcdc 2025] Vibe Coding Revolution: How AI Assisted Development Tools are Transforming Velocity

Posted on by
1

Speaker: Tony Galati

For more see the table of contents

Intro

  • A Product Owner (Alex) at NAIC (National Association of Insurance Commissioners) gave the background of their project.
  • Origin: Gave a prompt for the backend/infrastructure and have Cursor generate the draw.io. Included Okta, Docker, etc. Showed the prompt. It’s about 20 lines and pretty detailed
  • Used prompts to make a front end prototype. PO iterated on it.
  • Then Tony spent about 2 days connecting them.
  • After that, they did a two day hackathon because knew could get something up quickly
  • At hackathon 1, learned need to have business problem, implementation plan and business support. Did two business days (9-4 each day)
  • Doing second hackathon next week.
  • Did daily standup at hackathon
  • Made sure had everything needed like Okta in advance of hackathon

Business benefits

  • Can generate use cases
  • If want specific format say it
  • AI rewrote his one sentence prompt to include depth needed
  • Got Next.jS front end prototype.
  • Business can iterate with prototype independently
  • Showed user stories generated
  • Even if don’t download code, will speed up time for business analyst
  • Figma.AI doesn’t let you change with prompts after initial generation. V0 lets iterate.

Back end

  • Switched speaker to Tony – Enterprise Architect
  • Absolutely not production ready, but could show working
  • Can specify to AI tool what coding standards to follow, needs to work on all devices, etc
  • Used Amazon Q first. Then started using Cursor
  • V0 is good for live changes in front of customer.

Before Hackathon

  • Engaged security and legal. AI acts on behalf of user so has user permissions.
  • Went through what the models were trained on: https://trust.cursor.com
  • Elaborated on AI policy. He did a show of hands and about 2/3 of the audience has an AI policy at work
  • Defined intellectual property allowed to be used in Hackathon. Could have called it a POC.
  • No PII data
  • Once commit code to Git, normal software development lifecycle.
  • Security engineer paired with developers to understand what Cursor can do
  • Setup Cursor IDE Project Rules – written in plain English. Had AI write it and human proofread. Can be context specific so can say some rules only apply when you say “commit” or other scenarios
  • Setup memory bank – includes extra info/tasks
  • Setup pipelines and quality gates
  • Wrote team prep instructions. Keep it short
  • Wrote down the tech stack. Team implementing used Angular so agreed to let Cursor translate.

Future

  • Roll out Cursor
  • Second hackathon
  • Smaller consumable guide/instructions
  • Mandatory walkthru sessions including BFF (backend for front end) pattern
  • Three days instead of two. This time using a language they aren’t familiar with instead of Angular.
  • AI first behavior – AI does a lot – ex: write tasks for AI consumption but human readable, our job will change towards steering AI. Have AI do one step at a time
  • No training because changes so fast. Instead pick champions and three day immersion
  • Buy things a year at a time since change so fast

Further future

  • AI code reviews.
  • Have multiple agents fix a defect and primary recommend what best
  • Future problem – new people won’t know codebase. Already have that problem and have to figure it out but won’t be worse. Will be catastrophic failures.

Key takeaways

  • Encourage staff to use AI – even at home. You need to fix the toilet, use AI
  • Start POCs
  • Visuals sell
  • AI is coming. Need to figure out how our jobs will change

My take

The speaker on stage was wearing a suit which made me nervous this wasn’t going to be technical. But he quickly said he was going to give an overview and turn it to Tony. Tony is wearing sneakers and jeans which is in keeping with what the hands on folks wear to conferences like this. The speaker in the suit asked how many people from the business side were in the audience. He made a joke that was that he expected when their were crickets. The information in both halves of the presentation was great. Excellent end oot the day. I’m glad the conference organizers gave them a big room! I also like that it was a realistic description and not “see AI is magic and does everything by itself”

[kcdc 2025] AI Vulnerabilities in 2025 – Some of the darker sides of AI

Posted on by
Reply

Speaker: Andreas Erben

For more see the table of contents

From the news

What drives model behavior?

  • Initial training
  • Fine puning
  • Potential customer fine tuning
  • System prompt – how the model should behave.
  • Data/prompt
  • Filters on data, prompts, output

Other links

My take

After the first example, there was a bunch of content on how LLMs work. I tuned out a little during that section probably because familar. Then it got interesting again.

[kcdc 2025] having daily standups people actually care about

Posted on by
Reply

Speaker: Phil Ledgerwood

For more see the table of contents

Scrum survey

  • Asked who doing Scrum – most of room
  • Had people sit if no sprint goals – a bunch
  • Had people sit whose sprint goal is to complete X stories – a bunch more

Standup pains

  • Ghost man – I won’t make standup today, but here’s my update
  • Arena – two people debate for 45 minutes and everyone else watches
  • Captive Audience – “since we got everyone together, I’d like to talk about something completely different”
  • Hunger Games – every week, less people come
  • Inquisition – does anyone from business/management have questions for the team
  • The Questions Three – did yesterday, today, any blockers – these questions were dropped from the scrum guide

Missing

  • Right people – developers (per Scrum Guide). Developers are people doing the work of delivery.
  • Right purpose – for Scrum, to inspect progress toward sprint goal and adapt the backlog. On track? What adjustments needed? Adjustments can include cancelling spring because goal no longer relevant. For non Scrum teams, purpose is to review state of work in progress/make appropriate decisions for day.
  • Right value proposition – team walks away with plan of action for day that they have come up with themselves

More notes

  • Even if not doing Scrum, probably got ideas from there
  • Ok for anyone to come to standup but don’t get to participate. Some teams limit for safety, etc
  • in Scrum, committing goal not the set of stories (at iteration planning
  • Standup timebox is the investment the organization is making towards the goal
  • Deliverable of standup is the team’s collaborative plan for the day
  • People miss standup because its not valuable to them
  • Helps to have a facilitator at beginning

What’s wrong with the three questions

  • individual plan
  • status report
  • don’t orient towards the goal
  • more value to people not on team
  • reinforces inclination of devs to want to work independently and think about team

Why should devs care?

  • furthering own goals
  • taking charge of work
  • defining “how”
  • build trust, established competence, saves management time
  • less meddling from others (the more you have a working system, the less people want to change it)

Increase Standup Effectiveness

  • Don’t try to spice it up – ex: don’t theme. That doesn’t solve underlying problem
  • Establish clear value proposition and make sure everyone knows it
  • Structure event around value proposition
  • Meeting needs to have a reason for existence beside its existence
  • Stop event once accomplished value proposition
  • Walk the Board – talk to items. Everyone responsible for item on board should be there to talk to it. Ex: go right to left so talking about items closer to finished first
  • Ask are we are on track to meet the sprint goal
  • Ask if everyone knows what doing today. Good at end for new people because need to have accomplished this
  • Make sure devs talking together and not in sequence
  • Think “war room” and not “line for immunizations”

My take

My team hasn’t done the 3 questions in many, many years because it distracted us from the priorities. I still found ideas to take back to our team. Wrote them down for next retro. The Q&A was great. Lots of opinions!