The Challenge
In August 2014, Aetna had recently acquired iTriage, a mobile health app that let users check symptoms, find nearby providers, and view emergency room wait times. CEO Mark Bertolini wanted iTriage to continue operating like a startup—complete with the culture and agility that made it successful.
The acquisition came right after the Affordable Care Act was signed into law. Health insurers were preparing to launch consumer business platforms, and iTriage was part of Aetna's strategic positioning. I was brought in to revamp their entire DevOps and cloud strategy.
The existing infrastructure was a manual Ansible mess. Deployments were painful, security was an afterthought, and the team was struggling to move at startup speed within an enterprise context.
Part 1: Building Utopia
We built a container-centric platform called "Utopia" using technologies that were cutting-edge at the time. The goal was simple: enable developers to deploy their own code safely, with security guardrails built into the platform itself.
Platform Technology Stack
Mesosphere
Container orchestration before Kubernetes was mainstream
SaltStack
Configuration management and EC2 provisioning
Twistlock
Container security scanning before it was standard
Checkmarx
Static Application Security Testing (SAST)
Bamboo
Service discovery and load balancing
Blue-Green Deployments
Zero-downtime releases with instant rollback
The adoption strategy was deliberate. We started with a data analytics team as the first adopter, using sprint demos to showcase the platform's velocity. Teams saw what was possible and wanted in.
Part 2: The Security Story
The results spoke for themselves. During a whiteboard presentation to Aetna's architecture team, I walked through the platform: how Mesosphere worked, container security with Twistlock, read-only AWS console access for developers, SaltStack provisioning, and Checkmarx integration.
The Number That Changed Everything
100x improvement in security defect density
This result was so compelling that CISO Jim Routh made Docker and containers a corporate mandate. Twistlock featured Aetna's logo on their website for years. We had proven that developer velocity and security weren't in conflict—with the right platform, you could have both.
Part 3: The Consumer Platform
Aetna wanted to build a new Consumer platform to serve individual health insurance customers. They took one of the best iTriage teams and repurposed them for this initiative. The platform was heavily dependent on Aetna's legacy backend for services like ID Cards and Claims.
The Backend Challenge
- Aetna's core business APIs were unreliable
- API contracts kept changing unexpectedly
- Both dev and production endpoints were unstable
- 40-person war rooms for every incident
We built a Grafana dashboard to track API performance in real-time—response codes, contract changes, response times, and uptime. This transformed 40-person war rooms into a simple monitoring system. When something broke, we could point to the dashboard instead of playing blame games.
Key Lessons
Security as Enabler
Security and velocity aren't opposites. Build security into the platform and developers get both speed and safety.
Show, Don't Tell
Sprint demos converted skeptics into advocates. Let the platform's velocity speak for itself.
Observability Over War Rooms
A good dashboard replaces 40-person incident calls. Make the system state visible and blame disappears.