Señors at Scale - Software Engineering & Tech Leadership

Dan Neciu

A software engineering podcast for senior developers, staff engineers, and tech leads who build and scale systems in production. Hosted by Neciu Dan, Señors @ Scale features deep, technical conversations with engineering leaders from companies like Google, AWS, Microsoft, Cloudflare, Datadog, and Snyk. Every week, we sit down with Staff Engineers, Principal Engineers, and technical leaders to unpack the real challenges of frontend architecture, micro frontends, React and Vue at scale, design systems, security, reliability, and technical leadership. No fluff, no surface-level takes. Just hard-

  1. 3D AGO

    Scaling Engineering Organizations with Lucian Popovici (From 0 to 700 at Deloitte Digital)

    How do you build an engineering organization from zero to 700 professionals? What happens when your biggest leadership lesson comes from a broken leg and a Border Collie? In this episode of Senors @ Scale, I sit down with Lucian Popovici, a force multiplier in tech leadership with 20+ years of experience scaling engineering organizations at Ericsson, Deutsche Bank, and Deloitte Digital. Lucian is the founder of Bridging Innovation, an enterprise strategy advisory and AI consultancy, and Bridging Gaps, a pro bono mentoring community of 80+ senior tech leaders that has delivered over 3,000 hours of free mentoring to 400+ professionals in Romania. Lucian shares the raw, unfiltered story of his transition from Java developer to engineering director, including the panic attacks he didn't acknowledge, the "control freak" feedback that changed everything, and why he believes informal leadership matters more than titles. We go deep on how AI is reshaping team structures (from 10-person teams to 5), why junior developer roles are disappearing, why Romania's IT industry needs to shift from body leasing to product thinking, and his bold take that project managers should "die" as a role. Whether you're scaling your first team or building your hundredth, this conversation is packed with hard-won wisdom. 🔸 KEY TOPICS DISCUSSED - Scaling engineering organizations from scratch at Deutsche Bank, Deloitte Digital, and beyond - The brutal transition from developer to leader and why most people aren't prepared - Manager vs. leader: why less ego and more empathy changes everything - Why flat organizations beat pyramid schemes of managers - How AI is cutting team sizes in half and eliminating junior roles - The Romanian IT industry's transformation from outsourcing to product and consultancy - Why 85% more time is now spent on code reviews than writing code - Fractional CIO/CTO roles and why SMBs desperately need them - Building a pro bono mentoring community of 80+ senior leaders - AI readiness: why most companies fail at AI implementation before they even start - The startup ecosystem in Romania and why this is the best time for non-technical founders - Why project managers should disappear (but product managers never will) - The engineering mindset vs. role segregation in modern teams - Adaptability and curiosity as the core leadership skills for 2030 ⏱️ CHAPTERS 00:00 Introduction to Lucian Popovici 02:22 From Developer to Leader: The Brutal Transition 06:27 Manager vs. Leader: Ego, Empathy, and Flat Orgs 09:28 Scaling Organizations (Without a Playbook) 11:23 How AI Is Reshaping Team Structures 16:02 Is Romania's IT Industry Scaling Down? 24:40 The "Control Freak" Feedback That Changed Everything 29:37 How Bridging Gaps Started (The Border Collie Story) 36:30 From Corporate to Entrepreneur: Bridging Innovation 45:59 The Future of Engineering Roles and Leadership 🔗 FOLLOW LUCIAN 💼 LinkedIn: https://www.linkedin.com/in/lucianpopovici/ 🌐 Bridging Innovation: https://bridging-innovation.com 🤝 Bridging Gaps: https://bridging-gaps.ro/ 📝 Blog: https://lucianpopovici.com 🎙️ FOLLOW & SUBSCRIBE 📸 Instagram: https://www.instagram.com/senorsatscale/ 📸 Instagram: https://www.instagram.com/neciudev 🎙 Podcast URL: https://neciudan.dev/senors-at-scale 📬 Newsletter: https://neciudan.dev/subscribe 💼 LinkedIn: https://www.linkedin.com/in/neciudan 💼 LinkedIn: https://www.linkedin.com/company/señors-scale/ 📚 ADDITIONAL RESOURCES - HowToWeb Conference: https://www.howtoweb.co - Ascendis Training: https://www.ascendis.ro #EngineeringLeadership #ScalingTeams #TechLeadership #AI #SoftwareEngineering #StartupRomania #EngineeringManagement #ProBonoMentoring #FractionalCTO #AgileLeadership #DevOps #TeamScaling #SenorsAtScale 💬 Have you made the jump from developer to leader? What was your biggest challenge? Share in the comments!

    54 min
  2. FEB 7

    Technical Leadership at Scale with Anemari Fiser (O’Reilly Author and Engineering Coach)

    What makes a great tech lead? It's not just technical chops—it's the soft skills that scale your impact beyond your own keyboard. In this episode, I sit down with Anemari Fiser, an engineering leader, O'Reilly author, and coach who's spent over a decade helping engineers make the leap from individual contributor to technical leader. Anemari has led teams at ThoughtWorks through massive transformations (think monolith-to-microservices, datacenter-to-AWS migrations), coached 500+ engineers, and trained 300+ tech leads worldwide. Her new book, "Leveling Up as a Tech Lead," distills years of hands-on experience into practical frameworks for the hardest role in tech. We explore why so many senior engineers struggle with the transition, how to measure success when you're no longer shipping code, and the collaboration techniques that actually work in real-world teams. This conversation goes deep on the unglamorous but essential work of technical leadership—from running effective 1-on-1s to delegation that empowers rather than bottlenecks, from defining what success means for you to navigating the brutal tech lead job market. 🔸 KEY TOPICS DISCUSSED - The journey from software engineer to product director—and what she learned along the way - Why soft skills, not just technical expertise, determine your impact at scale - The critical difference between senior engineers and tech leads - How to transition from "doing the work" to "enabling the work" - Why your success as a tech lead depends entirely on your team's success - The accountability framework that drives consistent growth in others - How to get people out of their comfort zones without breaking trust - The power of intentional growth vs. accidental learning - Measuring impact when you're not writing code anymore - Why 1-on-1s are your secret weapon (and how to run them effectively) - The delegation playbook that removes pressure while empowering your team - Networking strategies that actually work in today's tech job market - How to interview for tech lead roles—and spot the red flags - The collaboration techniques that scale teams beyond individual heroics ⏱️ CHAPTERS 00:00 Introduction to Anemari Fiser 00:58 Early Career: From University to First Tech Job 04:09 Balancing Work and University in Romania 09:00 First Job Experiences and Learning to Code 12:02 The Importance of Accountability in Leadership 16:07 Strategies for Encouraging Growth in Others 20:03 Intentional Growth and Getting Out of Your Comfort Zone 20:56 Scaling Soft Skills in Tech 23:57 Senior Engineer vs. Tech Lead: What's the Difference? 26:55 Making the Transition from Senior Engineer to Tech Lead 29:40 Expanding Your Team's Impact Beyond Your Own Work 31:01 The Tech Lead Role Across Different Companies 32:32 Balancing Hands-On Technical Work with Leadership 34:29 Defining Success as a Tech Lead 38:10 Measuring Impact and Setting Personal OKRs 42:07 Guiding Junior Engineers: Teaching vs. Enabling 43:51 Job Hunting Strategies in the Current Tech Market 46:10 Why Networking is Your Best Job Search Tool 50:52 Interviewing for Tech Lead Roles: Green Flags and Red Flags 53:28 Key Takeaways from "Leveling Up as a Tech Lead" 📚 RESOURCES MENTIONED - Anemari's Book: "Leveling Up as a Tech Lead" (O'Reilly) - https://www.amazon.com/[BOOK-LINK] - Crucial Conversations by Kerry Patterson - The Culture Map by Erin Meyer - The Manager's Path by Camille Fournier - Continuous Deployment by Valentina Servile - The Silent Patient by Alex Michaelides 🔗 FOLLOW ANEMARI - LinkedIn: https://www.linkedin.com/in/anemari-fiser - Website: https://anemarifiser.com 🎙️ FOLLOW & SUBSCRIBE 📸 Instagram: https://www.instagram.com/senorsatscale/ 📸 Instagram: https://www.instagram.com/neciudev 🎙 Podcast URL: https://neciudan.dev/senors-at-scale 📬 Newsletter: https://neciudan.dev/subscribe 💼 LinkedIn: https://www.linkedin.com/in/neciudan 💼 LinkedIn: https://www.linkedin.com/company/se%C3%B1ors-scale/

    52 min
  3. JAN 25

    MicroFrontends at Scale with Florian Rappl (author of "The Art of Micro Frontends" & Piral creator)

    MicroFrontends at Scale with Florian Rappl | The Art of Modular Architecture What if you could build web applications where teams could deploy independently without breaking each other's code? In this episode, we sit down with Florian Rappl—author of "The Art of Micro Frontends," creator of the Piral framework, and Microsoft MVP—to explore how micro frontends are transforming how we build scalable web applications. Florian shares hard-won lessons from over a decade of building distributed systems, from smart home platforms to enterprise portals for some of Germany's largest companies. We dive deep into the philosophy behind Piral, why modular architecture isn't just about using multiple frameworks, and how micro frontends might be the key to unlocking AI-powered development workflows. 🔸 Key Topics Discussed: - The evolution from monolithic frontends to true modular architecture - Why loose coupling is more important than multi-framework support - How Piral solves the orchestration problem that Module Federation doesn't - The "inverse dependency" pattern that makes micro frontends resilient - Building enterprise portals that scale across hundreds of teams - Server-side rendering and SEO challenges in micro frontend architectures - Why Cloudflare Workers and edge computing are game-changers for MFEs - The future of AI-assisted development in modular codebases - Lessons learned from smart home systems, customer portals, and production deployments Whether you're an architect evaluating micro frontends for your organization or a developer curious about modular patterns that actually work in production, this conversation offers battle-tested insights you won't find in the documentation. ⏱️ Chapters: 00:00 - Introduction & Welcome 01:31 - The Origin Story of Piral 04:30 - The Micro Frontend Landscape in 2019 08:05 - Piral vs Module Federation: Understanding the Difference 12:15 - The Inverse Dependency Pattern 18:20 - Building Enterprise Portals at Scale 25:40 - Server-Side Rendering & SEO Challenges 35:10 - Cloudflare Workers & Edge Computing for Micro Frontends 45:25 - Cross-Framework Components & the Converter API 52:30 - Discovery Services & Dynamic Module Loading 58:15 - AI-Assisted Development & Modular Architecture 1:04:01 - Book Recommendations 📚 Resources Mentioned: - Piral Framework: https://piral.io - The Art of Micro Frontends (2nd Edition) by Florian Rappl - Building Micro-Frontends (2nd Edition) by Luca Mezzalira - Physics of the Future by Michio Kaku - Release It! by Michael T. Nygard - Continuous Delivery by Jez Humble & David Farley 🔗 Follow Florian: - LinkedIn: [Add Florian's LinkedIn] - Twitter/X: [Add Florian's Twitter] - GitHub: [Add Florian's GitHub] 🎙️ Follow & Subscribe: 📸 Instagram: https://www.instagram.com/senorsatscale/ 📸 Instagram: https://www.instagram.com/neciudev 🎙 Podcast: https://neciudan.dev/senors-at-scale 📬 Newsletter: https://neciudan.dev/subscribe 💼 LinkedIn: https://www.linkedin.com/in/neciudan 💼 LinkedIn: https://www.linkedin.com/company/señors-scale/ #MicroFrontends #WebDevelopment #SoftwareArchitecture #Piral #ModuleFederation #ScalingSoftware #EnterpriseArchitecture #JavaScript #React #DevOps 💬 What's your experience with micro frontends? Have you tried Piral or other frameworks? Let us know in the comments! --- Señors @ Scale is a podcast exploring the technical decisions, architectural patterns, and scaling strategies that power modern software systems. Each episode features deep conversations with engineers, architects, and technical leaders building software that serves millions.

    1h 9m
  4. JAN 18

    Nuxt at Scale with Daniel Roe

    In this episode of Señors @ Scale, Dan sits down with Daniel Roe, leader of the Nuxt Core team at Vercel, for an in-depth conversation about building and scaling with Nuxt, Vue's most powerful meta-framework. Daniel shares his journey from the Laravel world into Vue and Nuxt, revealing how he went from being a user to becoming the lead maintainer of one of the most important frameworks in the JavaScript ecosystem. We explore the evolution of Nuxt, the philosophy behind its developer experience, and how understanding user pain points shapes every feature decision. The conversation dives deep into the technical aspects that matter when building at scale: rendering strategies and when to choose static over server-side rendering, the revolutionary Nitro server engine and how it transforms backend flexibility, data fetching patterns and best practices for performance, and the module ecosystem that empowers developers to extend Nuxt in powerful ways. Daniel explains why "always go for static rendering if you can" isn't just advice — it's a performance philosophy. He breaks down how Nuxt makes it easier to be your own target audience as a framework developer, and why contributing to open source is ultimately about joy and giving back to the community. Whether you're building with Nuxt, considering it for your next project, or just curious about how modern frameworks are designed with developer experience at their core, this episode offers invaluable insights from someone shaping the future of Vue development. Chapters 00:00 Introduction and Daniel's Background 03:45 From Laravel to Vue and Nuxt 08:20 Becoming a Nuxt Core Team Member 12:30 The Evolution of Nuxt and Developer Experience 18:15 Understanding User Pain Points 24:00 Rendering Strategies: Static vs Server-Side 29:45 The Nitro Server Engine Revolution 35:20 Data Fetching Best Practices 41:10 The Power of Nuxt Modules 46:30 Contributing to Open Source 51:00 The Future of Nuxt 53:52 Outro Follow & Subscribe: 📸 Instagram: https://www.instagram.com/senorsatscale/ 📸 Instagram: https://www.instagram.com/neciudev 🎙 Podcast URL: https://neciudan.dev/senors-at-scale 📬 Newsletter: https://neciudan.dev/subscribe 💼 LinkedIn: https://www.linkedin.com/in/neciudan 💼 LinkedIn: https://www.linkedin.com/company/señors-scale/ Additional Resources 🌐 Nuxt: https://nuxt.com 💬 Daniel Roe on GitHub: https://github.com/danielroe 🚀 Vercel: https://vercel.com #nuxt #vue #javascript #webdevelopment #frontend #serverless #nitro #vercel #opensource #developerexperience #señorsatscale Don't forget to like, comment, and subscribe for more engineering stories from the front lines. How is your team using Nuxt or Vue to scale? Share below 👇

    54 min
  5. 12/14/2025

    State Management at Scale with Daishi Kato (Author of Zustand)

    In this episode of Seniors at Scale, host Dan Neciu dives deep into the world of state management with Daishi Kato, the prolific open-source author and maintainer behind three of the most widely used libraries in modern React: Zustand, Jotai, and Valtio. Daishi also shares insights into his new project, Waku, a framework built around React Server Components. Daishi has spent nearly a decade building modern open-source tools that expertly balance simplicity with scalability. He shares how the announcement of React Hooks got him excited and led him to pick global state as his field to explore, as it was "more like logic" and "off look and feel". We break down the core philosophies and technical trade-offs between his state management trifecta: Zustand (Zastan): Described as a single global store or global variable. It is minimal, and its philosophical difference from Redux is that it doesn't use reducers. Jotai (Jyotai): Defined as a set of atom definitions, structured more like functions than a single global store. Daishi explains how the concept evolved from a need to avoid JavaScript proxies and selectors for better rendering optimization. Valtio (Valtio): This library is fundamentally based on just using JavaScript objects. It re-introduces proxy-based reactivity because Daishi realized that proxies were now "recognized" and acceptable in the community. We discuss its hook-based API, which differentiates it from MobX's observer pattern. The conversation then moves to the future of React development with Waku, which Daishi started as an experiment to learn how state management interacts with React Server Components. He explains Waku is suited for small-to-medium-sized web applications and static sites and discusses his vision for it to coexist with, rather than beat, Next.js. What makes Zustand, Jotai, and Valtio different: Global Store vs. Atom Definitions vs. JavaScript Objects. The philosophical difference between Zustand and Redux: Redux is reducers, Zustand is not. How Jotai's atom concept evolved and its goal of render optimization without selectors. Why Valtio embraced proxies and how its hook-based API differs from MobX. The origin story of Waku as an experiment with React Server Components. How React 18's useSyncExternalStore made Zustand even smaller. The challenge of maintaining four popular open-source libraries, with Waku being the current focus. Daishi’s strategy for rejecting feature requests for minimal libraries like Zustand: "We reject everything". Why Daishi prefers a competitive community over a built-in React state manager. Which of his libraries (Jotai) is best suited for use within Waku, as it is an abstraction of state that works on both client and server. If you're managing global state in React, interested in the internals of popular open-source tools, or curious about the future with React Server Components, this episode is a must-listen. Follow & Subscribe:📸 Instagram: https://www.instagram.com/senorsatscale/📸 Instagram: https://www.instagram.com/neciudev🎙 Podcast URL: https://neciudan.dev/senors-at-scale📬 Newsletter: https://neciudan.dev/subscribe💼 LinkedIn: https://www.linkedin.com/in/neciudan💼 LinkedIn: https://www.linkedin.com/company/se%C3%B1ors-scale/Additional Resources 🌐 Daishi's Libraries: https://github.com/pmndrs🌐 Waku: https://github.com/dai-shi/waku🌐 SICP Book: Structure and Interpretation of Computer Programs #react #zustand #jotai #valtio #waku #statemanagement #javascript #opensource #softwareengineering #frontend #webdevelopment #señorsatscale Don’t forget to like, comment, and subscribe for more engineering stories from the front lines.

    35 min
  6. 12/13/2025

    Domain Driven Design at Scale with Vlad Khononov (O'Reilly and Pearson Author)

    In this episode of Señors @ Scale, Dan sits down with Vlad Kononov, software architect, keynote speaker, and author of Learning Domain-Driven Design and Balancing Coupling in Software Design. Vlad has spent more than twenty years helping teams untangle legacy systems, rebuild failing architectures, and bring clarity to messy business domains. His work spans greenfield systems, enterprise refactors, and the ambiguous environments where most real software actually lives. This conversation cuts through the hype around DDD and microservices, focusing on the mechanics of bounded contexts, coupling, business alignment, and architectural evolution. We talk about why ubiquitous language reduces project failure, how bounded contexts emerge from social structures rather than diagrams, why most teams misuse aggregates, and how to spot “pain signatures” inside a system and trace them back to unclear domain boundaries. Vlad explains how subdomains evolve over time, how good designs quietly become counterproductive, and how accidental complexity appears at every layer of a system. We also dig into the real model behind coupling—strength, distance, and volatility—and how teams can use it to design systems that stay adaptable under pressure. Vlad breaks down why many microservice rewrites fail, when DDD actually makes sense, and why refactoring should start with understanding the business rather than carving out services at random. The episode ends with a discussion about AI and architecture, and how LLMs make domain-driven design more important rather than less. Vlad explains why clear domain vocabulary and modular boundaries help both engineers and AI reason about a system without being overwhelmed by complexity. If you’re building complex systems, leading platform or architecture teams, or struggling with a legacy codebase that keeps pushing back, this episode offers a practical, experience-driven guide to designing systems that scale with the business. Chapters 00:00 Intro and Vlad’s Background01:42 Why DDD Was Written and Who It Was For04:02 When Aggregates Finally Made Sense05:42 Ubiquitous Language as the Core of DDD07:31 Why Software Projects Fail08:52 The Biggest Misconception About DDD10:13 Common Anti-Patterns in Domain Design12:12 Greenfield vs Brownfield DDD14:03 How to Begin Refactoring a Monolith15:25 Mapping Subdomains: Core, Supporting, Generic19:25 When Companies Do DDD Without Knowing20:39 When DDD Fails and Lessons Learned22:41 Why Defining Boundaries Is Hard25:56 Accidental Complexity in Large Systems27:32 Microservices, Myths, and Pain30:29 What Coupling Really Means33:17 Strength, Distance, and Volatility39:07 How Vlad Documents Architecture41:37 Event Storming as the Source of Truth44:01 How AI Changes System Design48:28 How to Enforce Ubiquitous Language51:00 Book Recommendations53:33 Closing Thoughts Follow and Subscribe:Instagram: https://www.instagram.com/senorsatscale/Instagram: https://www.instagram.com/neciudevPodcast: https://neciudan.dev/senors-at-scaleNewsletter: https://neciudan.dev/subscribeLinkedIn: https://www.linkedin.com/in/neciudanLinkedIn: https://www.linkedin.com/company/se%C3%B1ors-scale/

    57 min
  7. 11/23/2025

    Modern CSS at Scale with Bramus (Chrome Developer Relations Engineer ,CSS and Web UI, at Google)

    In this episode of Señors @ Scale, Dan sits down with Bramus Van Damme, Chrome Developer Relations Engineer at Google, and one of the driving forces behind View Transitions, Scroll-Driven Animations, Anchor Positioning, and CSS Custom Functions.Bramus brings a rare perspective from inside the browser engine itself. From helping shape CSS specs at the standards level to building the demos and tooling that developers rely on every day, he has a front-row seat to how modern UI engineering is evolving.We go deep into how the new CSS works in practice — beyond the marketing, straight into the mechanics of performance, rendering, and real-world API design.We break down how these capabilities actually work:How View Transitions calculate DOM deltas and morph shared elements across pages,How Scroll-Driven Animations run on the compositor instead of the main thread,How Anchor Positioning finally fixes popovers, tooltips, and dropdowns without JavaScript,and how CSS Custom Functions and Mixins push the language closer to a full programming environment.Bramus also explains the browser-internals most teams never see — interop, working with the CSS Working Group, and the engineering cost behind features that take 5 to 10 years to land across engines.The conversation goes beyond features into the realities of framework timing, React’s virtual DOM, when animations fall back to the main thread, and why modern CSS is becoming the foundation for UI systems at scale.If you’re building modern frontends, maintaining a design system, or leading platform engineering for UI, this episode is a masterclass in what the next generation of the web actually looks like.Chapters00:00 The Journey into Web Development01:02 Best Practices for View Transitions07:46 What Chrome DevRel Actually Does10:33 How Browser Features Get Prioritized13:38 Why Styling Forms Has Been Broken for Years17:18 Inside View Transitions and Cross-Document Animations22:11 Motion, Accessibility, and Reducing Overuse23:44 Integrating Browser Features with React, Vue, and Frameworks27:46 The Popover API and Pattern-Driven Standards30:48 How React and Chrome Collaborated on View Transitions31:46 The State of Scroll-Driven Animations34:25 Triggered Animations and What’s Coming Next35:50 Why JS Scroll Handlers Cause Jank37:17 GPU-Accelerated vs Main-Thread Animations40:10 The Coolest Demo: Scroll-Driven View Transitions44:24 Anchor Positioning and De-JSifying UI Patterns48:23 Developer Feedback, Interop, and Spec Evolution51:19 Custom Functions and the Future of CSS as a Language54:58 Mixins, Preprocessors, and Platform Evolution56:43 Books, Blogs, and Where Bramus Learns58:11 Closing Thoughts and Call for FeedbackFollow & Subscribe:📸 Instagram: https://www.instagram.com/senorsatscale/📸 Instagram: https://www.instagram.com/neciudev🎙 Podcast URL: https://neciudan.dev/senors-at-scale📬 Newsletter: https://neciudan.dev/subscribe💼 LinkedIn: https://www.linkedin.com/in/neciudan💼 LinkedIn: https://www.linkedin.com/company/se%C3%B1ors-scale/Additional Resources🌐 Bramus’ Blog: https://www.bram.us🌐 View Transitions Demos: https://view-transitions.chrome.dev🌐 Scroll-Driven Animations Course: https://scroll-driven-animations.style/🌐 Anchor-Tool by Una: https://anchor-tool.com#css #webdevelopment #frontend #javascript #chrome #softwareengineering #uiux #devtools #animations #react #performance #softwarearchitecture #señorsatscaleDon’t forget to like, comment, and subscribe for more engineering stories from the front lines.

    54 min
  8. 11/16/2025

    Security at Scale with Liran Tal - Director of Developer Advocacy at Snyk

    In this episode of Señors @ Scale, Dan sits down with Liran Tal, Director of Developer Advocacy at Snyk, GitHub Star, and one of the most influential voices in modern application security. Liran has spent decades at the intersection of open-source ecosystems, Node.js, supply chain security, and now AI agent security, helping developers ship fast without exposing themselves to silent, catastrophic risks. He breaks down the real stories behind today’s security landscape — from NPM malware and maintainer compromises to MCP attacks, toxic flows, and the hidden vulnerabilities emerging from AI-driven development. We dig into what “security at scale” actually means: how attackers compromise maintainers and publish worm-style malware, how invisible Unicode payloads bypass human review, why AI-generated code is statistically insecure, and how developers can build guardrails directly into their workflows with tools like Snyk, NPQ, and MCP scanning. Liran also reveals the problems teams consistently underestimate — developer ergonomics, dependency trust, package governance, CI risk, and why blindly upgrading dependencies is one of the most dangerous patterns in modern engineering. The conversation goes far beyond theory — into secure coding, package hygiene, NPM ecosystem fragility, MCP prompt injection, SQL and command injection patterns, and what real-world breaches teach us about resilience. If you build software, install dependencies, or use AI coding agents, this episode is a masterclass in defensive engineering, supply chain awareness, and the new security realities shaping our industry. Chapters00:00 Security at Scale – Why It Matters Now02:14 How Liran Got Into Security05:12 The Shift Toward Developer-Led Security08:33 How Snyk Changed the Developer Security Workflow11:07 The Story Behind NPQ and Safer Dependency Installation14:02 The Rise of NPM Malware and Maintainer Compromise16:48 Why Blind Upgrade Everything Pipelines Are Dangerous19:15 Is Node the Problem or Is It NPM21:10 The Hidden Risk of MCPs and AI Agent Vulnerabilities24:18 Toxic Flows, Shadowed Tools, and Prompt Injection27:22 AI Browsers, Extensions, and Real Prompt Injection Attacks30:04 Why Prompt Injection Has No True Fix33:01 AI-Generated Code Is Statistically Insecure35:12 How Snyk Plus MCP Creates a Secure Coding Loop37:40 The Most Common MCP Vulnerabilities40:55 How AI Agents Turn Mild Bugs Into Critical RCE43:11 The Glassworm Invisible Unicode Attack Vector44:51 EventStream, XZ Utils, and Supply Chain Horror Stories48:03 Liran’s Personal Security Incidents51:10 UX vs Security and Real World Tension53:04 Liran’s Book Recommendations55:37 Final Thoughts and Protecting Yourself as AI Evolves Sound Bites"Security at scale is a complex challenge.""AI-generated code is not always secure.""Security and UX must work together." Follow & Subscribe:Instagram: https://www.instagram.com/senorsatscale/Instagram: https://www.instagram.com/neciudevPodcast URL: https://neciudan.dev/senors-at-scaleNewsletter: https://neciudan.dev/subscribeLinkedIn: https://www.linkedin.com/in/neciudanLinkedIn: https://www.linkedin.com/company/señors-scale/ Additional ResourcesSnyk – developer-first security toolsServerless Security (O’Reilly) – co-authored by LiranLiran’s GitHub: https://github.com/lirantalNPQ package checker: https://github.com/lirantal/npqMCP Scan (Snyk) – securing MCP servers #security #softwaresecurity #supplychainsecurity #npm Don’t forget to like, comment, and subscribe for more engineering stories from the front lines. How are you protecting your stack from supply chain attacks? Share below 👇

    58 min

About

A software engineering podcast for senior developers, staff engineers, and tech leads who build and scale systems in production. Hosted by Neciu Dan, Señors @ Scale features deep, technical conversations with engineering leaders from companies like Google, AWS, Microsoft, Cloudflare, Datadog, and Snyk. Every week, we sit down with Staff Engineers, Principal Engineers, and technical leaders to unpack the real challenges of frontend architecture, micro frontends, React and Vue at scale, design systems, security, reliability, and technical leadership. No fluff, no surface-level takes. Just hard-