Skip to main content

The Art of CTO Technology Tree is an interactive AoE-style progression map that visualises maturity across engineering domains — from ad-hoc practices to elite capability — with actionable steps, effort estimates, and cross-domain dependencies.

Tech Tree · Engineering

Platform Engineering Maturity

Progress your platform engineering capability from manual provisioning to a self-service internal developer platform. Each node represents a concrete infrastructure or developer-experience capability with steps, effort, and cross-track dependencies.

Maturity tiers

  1. Manual

    Everything provisioned by hand. Knowledge lives in individuals' heads. Environments drift.

  2. Scripted

    Repeatable scripts and IaC replace manual steps. Environments are reproducible.

  3. Self-service

    Product teams provision and operate their own infrastructure through a platform API.

  4. Platform

    A full internal developer platform with golden paths, portals, and autonomous feedback loops.

Tracks

  • Compute

    Servers, containers, and orchestration — how workloads run.

  • Networking

    Connectivity, load balancing, service discovery, and security perimeters.

  • Storage

    Databases, object stores, caches, and data persistence patterns.

  • Dev Experience

    Tooling, workflows, and abstractions that help product engineers move fast.

All capabilities (17)

Manual

  • Bare Metal Provisioning

    Servers are provisioned manually by following a runbook. Access is via SSH. Configuration is applied by hand and differs between environments.

    compute · provisioning · foundation

  • Local Dev Setup

    Developers can run the application locally, but setup takes hours and diverges between machines. There is no standard toolchain.

    developer-experience · local-dev · onboarding

  • Manual Database Provisioning

    Databases are spun up by hand. Backups are manual or ad-hoc. Connection strings are distributed via Slack or email.

    database · storage · backups

  • Manual Network Configuration

    VPCs, subnets, security groups, and load balancers are configured by hand via the cloud console. Network topology is undocumented or out of date.

    networking · vpc · security-groups

Scripted

  • CI/CD Pipeline

    Every commit triggers automated build, test, and deploy pipelines. Deploys to staging are fully automatic. Production requires a manual approval gate.

    ci-cd · automation · pipelines

  • Database Migration Pipeline

    Schema changes are managed through a migration tool (Flyway, Liquibase, or similar). Migrations run automatically in CI/CD and are tracked in version control.

    database · migrations · schema

  • Network as Code

    VPCs, subnets, security groups, and DNS are managed in Terraform. Network changes require a code review and produce a plan before apply.

    networking · iac · security

  • Shell Scripts & Automation

    Common operations are scripted and live in version control. Engineers run scripts instead of runbooks. Environments are reproducible within a single region.

    automation · scripting · devops

  • Terraform IaC

    All cloud infrastructure is defined in Terraform. Changes go through pull requests and apply via CI. Drift is detected and corrected automatically.

    terraform · iac · infrastructure-as-code

Self-service

  • Container Orchestration

    Workloads run in containers on Kubernetes or a managed equivalent. Product teams deploy to namespaces they own without involving the platform team.

    kubernetes · containers · orchestration

  • Golden Path Templates

    New services are scaffolded from opinionated templates that include CI/CD, observability, security scanning, and deployment manifests. A new service is production-ready in under a day.

    golden-path · templates · developer-experience

  • Managed Data Platform

    Product teams provision databases, caches, and queues via a self-service API or Terraform module. Platform team maintains the modules; product teams consume them.

    data-platform · self-service · databases

  • Service Mesh & mTLS

    All inter-service traffic is encrypted via mutual TLS. Traffic policies, retries, and circuit breakers are configured through a service mesh rather than in application code.

    service-mesh · mtls · networking · security

Platform

  • Cluster Autoscaling & Cost Optimisation

    Compute scales automatically with demand and contracts to zero overnight. Cost per request trends down each quarter. FinOps is a first-class platform concern.

    autoscaling · cost-optimisation · finops · kubernetes

  • Data Mesh

    Data ownership is distributed to product domains. Each domain publishes data products with SLAs. A central data platform provides the infrastructure without owning the data.

    data-mesh · data-platform · governance

  • Internal Developer Portal

    A single portal (Backstage or equivalent) surfaces service catalogue, docs, runbooks, on-call schedules, golden path templates, and cost dashboards. The platform is treated as a product.

    developer-portal · backstage · developer-experience · platform

  • Zero Trust Networking

    Network perimeter is eliminated. Every request is authenticated and authorised regardless of source. Lateral movement after a breach is contained by policy.

    zero-trust · networking · security · identity

Interactive view

Other tech trees

Frequently Asked Questions

What is a technology tree?

A technology tree (tech tree) is a visual progression map inspired by strategy games like Age of Empires. It shows capabilities organised by domain (columns) and maturity level (rows), with dependency lines showing what must be achieved before advancing. Each node includes effort estimates, actionable steps, and links to relevant tools.

How do I use the tech tree for my organisation?

Select an organisational tree (like Engineering Org Maturity or Security & Compliance), then mark nodes as completed based on your current state. The tree automatically highlights what is available to work on next based on prerequisites. Click any available node to see the concrete steps required to achieve it.