Implementing Infrastructure as Code (IaC) Safely in Multi-Cloud
Designed for Cloud platform architects and DevOps leads responsible for introducing IaC practices across multiple cloud providers in regulated industries to spark real collaboration and high-energy learning.
A 90-minute hybrid workshop (physical and virtual) for cross-functional teams in fintech and healthcare organizations. Attendees struggle with inconsistent policy enforcement, lack of IaC visibility, and fear of misconfiguration-induced outages. They are highly technical, but wary of compliance overhead and skeptical about 'silver bullet' solutions.
Cloud Chaos Map
Kick off by showing a deliberately tangled diagram of real multi-cloud IaC gone wrong—misconfigured permissions, orphaned resources, and security gaps (anonymized from a genuine case study). Ask: 'What’s the first thing that catches your eye?' Each participant writes one word describing their reaction. This sets a playful, investigative mood and sparks curiosity.
Tap to view the full activity.
Why this works
Visual puzzles activate pattern recognition and prime learners to seek underlying causes—perfect for surfacing hidden risks and engaging analytical minds.
IaC MythBusters
Invite participants to vote via poll (or colored sticky notes) on statements like 'IaC is always inherently secure' or 'Multi-cloud means more flexibility, not more risk.' Follow up with short 90-second debunking explanations, referencing actual audit findings and breaches.
Tap to view the full activity.
Why this works
Directly confronting misconceptions lowers resistance and builds trust; fast myth-busting corrects knowledge gaps before deeper dives.
Safe Pipeline Sketchpad
Offer a low-pressure breakout activity: each small group gets a blank template and sketches their ideal 'safe IaC pipeline'—including where secrets and policies live. No tech required! Groups swap sketches and give each other one positive comment.
Tap to view the full activity.
Why this works
Sketching reduces cognitive load and levels the playing field; peer review makes participation feel safe and supportive.
IaC 'Speed Splat' Challenge
Turn up the energy: split into teams and play ‘Speed Splat’—each team lists as many IaC failure modes in multi-cloud as possible in 90 seconds. The facilitator tallies, then leads a rapid-fire discussion of the most unusual ones.
Tap to view the full activity.
Why this works
Competitive, time-bound brainstorming sharpens attention and brings hidden expertise to the surface. It also injects fun and urgency.
The Compliance Quandary
Present a dilemma: 'Your IaC pipeline just failed an audit because a third-party module wasn’t compliant with HIPAA and GDPR. What would you do next?' Offer three options and ask participants to debate, then reveal how two real companies responded (one succeeded, one didn’t).
Tap to view the full activity.
Why this works
Real, sticky dilemmas anchor learning in practical stakes; tough choices deepen engagement and highlight the need for foresight.
Personal IaC Risk Radar
Wrap up with a guided reflection: ask each participant to name one IaC risk they’ve personally witnessed, and write down how they would spot or prevent it next time. Volunteers can share, but all are encouraged to keep their 'Risk Radar' as a personal action card.
Tap to view the full activity.
Why this works
Reflection builds ownership and ties learning to real personal experience, boosting recall and application.
Sign up to unlock 3 more activities
Get the full pack, facilitation flow, and more ready-to-run ideas.