peculiar.cloud
Request a scoping call
Services Cloud Security Reality-CheckAWS / Multi-Cloud Landing ZoneZero-Trust TransformationHybrid NetworkingAI Platform Governance Approach Engagements Notes Request a scoping call

Ship the code, not the slide deck

A consulting deliverable should compile. The hard, expensive, risky part of infrastructure work is the implementation — the IAM that's actually least-privilege, the network that actually segments, the guardrail that actually denies. A deck that stops at the recommendation hands that part back to you and bills you for the easy half. We end every engagement in a Terraform repository your team owns and runs, because that is the part that was actually worth paying for.

There is a quiet sleight of hand in a lot of infrastructure consulting. You pay for expertise, and what arrives is a document describing what expertise would do. The recommendation is the deliverable. The building — the part where the expertise is actually tested against reality — is left as an exercise for your team, or for whoever you hire next.

The 80% that the deck skips

Designing a landing zone or a zero-trust model on a whiteboard is the first 20% of the work. The remaining 80% is where every interesting decision lives:

  • The IAM policy that looked least-privilege in the diagram and turns out to break three services in practice.
  • The SCP that denies the right thing without denying break-glass.
  • The network segmentation that has to survive a real route table, a real DNS resolver, and a real on-call engineer at 2am.
  • The dozen small reversibility decisions that determine whether the cutover is safe.

A slide says “implement zero trust.” The code is where you find out what that costs and what it breaks. Stopping at the slide isn’t a smaller version of the engagement — it’s the engagement minus the part that was hard.

”Recommendation to build” is risk transfer

When a deliverable ends at a recommendation, the implementation risk doesn’t disappear. It transfers — to your team, or to a second vendor who now has to reverse-engineer someone else’s intent. The firm that wrote the deck carries none of it. That’s a comfortable position to sell from and an expensive one to buy.

What “the deliverable compiles” forces

Insisting that an engagement end in running code changes the incentives all the way back to the start:

  • Decisions get made, not deferred — you can’t hand over a repo full of “TBD.”
  • Trade-offs get written down as ADRs, because the next engineer (yours) has to live with them.
  • The work is reviewable as it lands — small PRs against your CI — so nothing arrives as a black box.
  • The handover is falsifiable: either your team can apply, destroy, and extend it without us, or it isn’t done.

The test you can apply to any vendor

Ask one question before you sign: what, exactly, is in the repository when you leave? If the honest answer is “a report and a roadmap,” you’re buying the easy 20% and keeping the hard 80%. If it’s “Terraform, the guardrail set, a threat model, ADRs, and runbooks — running in your accounts,” you’re buying the part that was worth it.

That’s the whole of how we operate: we ship the code, not the slide deck.

Request a scoping call