Stop Hunting 10x Engineers: Build a 10x Organization Instead
You don’t need 10x engineers. You need a team that ships safely, learns constantly, and doesn’t rely on heroics. Build systems that make that possible.
Sohan Maheshwar: Authorization Is Key to App Security – Don’t Get It Wrong!
Sohan Maheshwar breaks down why authorization and developer relations are the real game-changers in today’s tech world.
Long before leading developer communities across the globe, Sohan Maheshwar was spending his summers playing Prince of Persia and scribbling HTML into a notebook at his mum’s workplace computer lab.
Fast forward a couple of decades, and he’s now a Lead Developer Advocate based in the Netherlands, with a career that’s taken him through roles at Amazon, InMobi, and his current position at AuthZed.
In this interview, Sohan talks about the rise of Developer Relations, why good authorization matters, and how AI is changing the game (great for debugging, not for writing your novel).
You have more than 10 years of experience in Developer Relations. How important is it for developers today?
Sohan: I started in DevRel in 2014; it was very niche back then. Look at the evolution of tech in the decade since – there’s been a massive increase in the number of technical products, frameworks, SDKs, and APIs. There’s also been an exponential increase in developers (and I use this term as an umbrella for all hands-on technical people) during this time.
This means that companies building technical products need a Developer Relations program. It’s as simple as that. Look at companies that have strong brand recognition within developer communities -Vercel, Twilio, and AWS, to name a few – they all have really strong Developer Relations and community teams that make this possible.
Sohan: Let me explain it with an analogy. Imagine you want to go on a trip to another country. Among the essentials you’ll need are a passport and a visa. Your passport tells the other country who you are and provides the information needed to identify you uniquely – this is authentication. A visa, on the other hand, permits you to enter the country you’re visiting – this is essentially authorization.
To break it down more technically, authentication is the way an entity verifies someone is who they say they are. Once a person’s identity has been verified, authorization allows access to an asset.
Here’s a real-life example we’ve all encountered: when you share a Google Doc, you can select whether the recipient is a Viewer, Commenter, or Editor. This is authorization – that is, allowing a specific level of access to an object.
Sohan: The Open Worldwide Application Security Project (OWASP) is a non-profit industry standards organization that publishes an annual list of the Top 10 Security Risks for Web Applications. Guess what topped their list this past year? Broken authorization.
Our tech stacks and applications are becoming increasingly complex, yet most businesses still write their own authorization code. While this might work for smaller, simpler apps, it becomes challenging to maintain as you scale up.
Just as you’d never build your Authentication, you shouldn’t be writing your Authorization code. The benefit of using an industry standard is that you can get global-scale authorization with correctness and low latency while focusing on building your business use case.
How do you see the integration of AI technology in the development world?
Sohan: What’s surprised me the most is how quickly generative AI tools have been adopted into our daily workflows. In the past, enterprises would take their time to build proofs of concept before adopting new technology, but with generative AI, the entire industry has embraced it at an unprecedented speed. I see this as the first wave of generative AI adoption.
With any new tool or technology, there’s an inflection point where people understand its strengths and limitations. From a personal perspective, I love how generative AI helps me debug code or give feedback on a YAML file – tasks that are well-defined and structured.
At the same time, I’m not a fan of the deluge of AI-generated content we’re seeing right now – Areas that need creativity and human expression. I think (or I hope!) that in the near future, there will be some normalization of where AI is applied and where it doesn’t add value.
What tech trends should developers pay attention to in the future?
Sohan: This first wave of generative AI was largely about augmenting human workflows with AI-code snippets, text generation, information retrieval, and so on. All the tooling and SaaS products were built around this idea. I think the next trend will be autonomous agents powered by AI that can do more complex tasks.
I love thinking in terms of second-order effects, so the question becomes: what are the second-order effects of this agentic future? New infrastructure, innovative methods to authenticate and authorize your RAG stack, and deeper integrations with existing platforms will enable AI agents to carry out their operations. This is a trend I foresee emerging in the near future.
At the same time, if you zoom out of the AI world and look at the tech ecosystem, you can see a growing number of specialized tools for every need. We’re no longer in a world where a one-size-fits-all approach works.
In the quest for faster, better, and cheaper, it’s about picking the right tool for the job, and there are so many specialized tools out there for YOUR job. The trend I see is the fragmentation of tooling, frameworks, and services to suit different use cases.
What are your professional plans for the next period?
Sohan: Professionally, I’m focused on building a world-class Developer Relations program for AuthZed -an exciting space! The rapid industry change means it’s crucial to keep skills up to date.
At the same time, staying agile in thinking and decision-making is key. It’s easy to rely on past methods, but with constantly changing variables, I regularly re-evaluate my frameworks to stay open to new approaches.
