Home

Understanding Service Mesh and Istio

As a software developer, I sometimes find infrastructure networking quite confusing. In this article, I will delve deeper to understand service mesh and Istio. A service mesh is a dedicated infrastructure layer responsible for handling service-to-service communication. It ensures the reliable delivery of requests through the complex topology of services that comprise a modern, cloud-native application.

In practice, a service mesh is usually implemented as an array of lightweight network proxies deployed alongside the application code, without requiring the application to be aware of them. Contrary to its name, a service mesh is not actually a mesh of services but rather a mesh of proxies that abstract away the network layer. The service mesh primarily fulfills three functions: flow control, security, and observability.

The control plane manages the flow of configuration data from a central unit to the proxies that make up the mesh. The data plane, on the other hand, manages the flow of application data between microservices in the mesh, facilitated by the sidecar proxy.

One commonly used service mesh is Istio. Born out of a partnership between Google, IBM, and Lyft (Envoy proxy), Istio is an open-source project that provides a transparent infrastructure layer for managing inter-service communication on Kubernetes. It hijacks network traffic bound for a pod and proxies it through an intelligent Layer 7 proxy (Envoy), mounted as a sidecar to the main container. Istio applies advanced routing and policy rules, enhances security and resiliency, and uses mutual TLS for communication between peers.

Istio offers immediate advantages in the core functions of a service mesh: flow control, security, and observability. However, it does introduce complexities, such as operational overhead and a slight latency at the link level. It also requires platform adaptation and consumes extra resources like memory and CPU.

The Istio control plane, known as istiod, performs various functions: service discovery, proxy configuration, certificate management, and more. In older versions of Istio, these functions were divided among separate deployments but have since been consolidated into istiod.

Istio's data plane consists of Envoy proxy instances that communicate with the Istio control plane. Once configured and synchronized, these proxies manage all inbound and outbound network traffic to pods, applying advanced Layer 7 routing and policy rules. The configuration is achieved through the control plane's Rules-Based API, which then compiles it into Envoy-specific settings.

To be entirely transparent to application developers, Istio reroutes all traffic to Envoy by manipulating the IP tables of all pods in the service mesh. Traffic hijacking is accomplished through either an init container (istio-init) or Istio's Container Networking Interface (CNI) plugin.

Istio's flow control capabilities can be divided into three categories: request routing, resilience, and debugging. It exposes a Rule-Based API that allows users to configure traffic management within the mesh. Traffic policies applied to a host service are based on various matching conditions, such as load balancing strategies, connection pool settings, and outlier detection.

Istio also offers a Security API to configure policies at varying levels of granularity. It supports three modes of TLS communication: DISABLE, PERMISSIVE, and STRICT. By looking at Istio request metrics, you can determine whether a request was proxied over mTLS.

In summary, this article serves as a brief deep dive into service mesh and Istio. There's still much more to explore. Thank you for reading this article, and let's continue learning!

Understanding Service Mesh and Istio

Hello, and welcome to Continuous Improvement, the podcast where we dive deep into various topics related to software development and infrastructure. I'm your host, Victor, and in today's episode, we are going to explore the fascinating world of service mesh and specifically focus on Istio. So, whether you're a software developer or just curious about how networks in the cloud work, this episode is for you!

As a software developer, I sometimes find infrastructure networking quite confusing. But fear not, because today we'll be unraveling the mysteries of service mesh and shedding light on Istio.

So, what exactly is a service mesh? Well, to put it simply, a service mesh is a dedicated infrastructure layer responsible for handling service-to-service communication. It ensures reliable delivery of requests through the complex topology of services in a cloud-native application.

In practice, a service mesh is usually implemented as a collection of lightweight network proxies deployed alongside the application code. The beauty of it is that the application doesn't even need to be aware of these proxies. Contrary to its name, a service mesh is not a mesh of services, but rather a mesh of proxies that abstract away the network layer.

Now, a service mesh fulfills three primary functions: flow control, security, and observability. The control plane manages the flow of configuration data from a central unit to the proxies that make up the mesh. Meanwhile, the data plane handles the flow of application data between microservices, facilitated by the sidecar proxy.

One popular service mesh that you may have heard of is Istio. Istio is an open-source project born out of a collaboration between Google, IBM, and Lyft's Envoy proxy. It provides a transparent infrastructure layer for managing inter-service communication on Kubernetes.

So how does Istio work? It intercepts network traffic bound for a pod and proxies it through an intelligent Layer 7 proxy called Envoy, which is mounted as a sidecar to the main container. Istio then applies advanced routing and policy rules to enhance security, resiliency, and observability. It even uses mutual TLS for communication between peers.

Using Istio offers immediate advantages in the three core functions of a service mesh. However, it's important to note that there are complexities involved, such as operational overhead and a slight latency at the link level. Istio also requires platform adaptation and consumes additional resources like memory and CPU.

Let's take a closer look at the components of Istio. The control plane, known as istiod, handles functions like service discovery, proxy configuration, certificate management, and more. In older versions of Istio, these functions were spread out among separate deployments, but they have since been consolidated into istiod.

The data plane of Istio consists of Envoy proxy instances that communicate with the Istio control plane. Once configured and synchronized, these proxies manage all inbound and outbound network traffic to pods by applying advanced Layer 7 routing and policy rules. The configuration is achieved through the control plane's Rules-Based API, which then compiles it into Envoy-specific settings.

To be entirely transparent to application developers, Istio reroutes all traffic to Envoy by manipulating the IP tables of all pods in the service mesh. Traffic hijacking is achieved through either an init container called istio-init or Istio's Container Networking Interface (CNI) plugin.

In addition to its core functionalities, Istio also offers a Security API that allows you to configure policies at different levels of granularity. It supports various modes of TLS communication, such as DISABLE, PERMISSIVE, and STRICT. By examining Istio request metrics, you can determine whether a request was proxied over mTLS.

In conclusion, service mesh and Istio are fascinating technologies that provide a dedicated infrastructure layer to manage inter-service communication. Although they bring immediate advantages in terms of flow control, security, and observability, they also introduce complexities and require platform adaptation.

I hope this episode helped shed some light on service mesh and Istio. Remember, learning is a continuous process, and there's always more to explore. Thank you for tuning in to Continuous Improvement. I'm Victor, and until next time, keep improving!

理解服務網格和 Istio

作為一名軟體開發人員，我有時會覺得基礎設施網路相當混淆。在這篇文章中，我將更深入地理解服務網格和 Istio。服務網格是一個專門負責處理服務與服務通信的基礎設施層。它確保請求通過組成現代雲原生應用程序的複雜服務拓撲的可靠傳遞。

實踐中，服務網格通常以輕量級網路代理的陣列形式實現，並與應用程序代碼一起部署，而無需應用程序知道它們。與其名稱相反，服務網格並非實際上的服務網格，而是抽象出網路層的代理網格。服務網格主要執行三個功能：流量控制，安全性和可觀察性。

控制平面將配置數據的流動從中央單位管理到組成網格的代理。而資料平面則管理由 sidecar 代理輔助的網格中微服務的應用數據流動。

一個常用的服務網格就是 Istio。Istio 是由 Google、IBM 和 Lyft（Envoy 代理）合作開發的開源項目，提供一個為在 Kubernetes 上管理服務間通信的透明基礎設施層。它攔截網路流量並將其代理到掛載為 main 容器的側車的智能 Layer 7 代理。 Istio 應用高級路由和策略規則，增強安全性和彈性，並在對等體間通信時使用互相認證的 TLS。

Istio 在服務網格的核心功能上提供了即時優勢：流量控制，安全性和可觀察性。然而，它確實引入了一些複雜性，例如運營開銷和鏈路級別的輕微延遲。它還需要平台適應性並消耗額外的資源，如內存和 CPU。

Istio 的控制平面，稱為 istiod，執行多種功能：服務發現，代理配置，證書管理等等。在 Istio 的舊版本中，這些功能被劃分為獨立的部署，但現已統一在 istiod 中。

Istio 的資料平面由與 Istio 控制平面通信的 Envoy 代理實例組成。一旦配置和同步，這些代理就能管理所有進出網格的網路流量，並應用高級 Layer 7 的路由和策略規則。其配置是通過控制平面的基於規則的 API 實現的，然後再編譯成 Envoy 專用的設定。

為使應用程序開發人員完全不知道 Istio 的存在，Istio 通過操縱 IP 表操縱全網格中所有 pod 的流量的傳輸到 Envoy。流量劫持通過 init 容器 (istio-init) 或 Istio 的 Container Networking Interface (CNI) 插件來實現。

Istio 的流量控制功能可以劃分為三類：請求路由、韌性和偵錯。它提供了一個基於規則的 API，允許用戶配置網格內的流量管理。應用于主機服務的流量策略基於各種匹配條件，例如負載均衡策略、連接池設置以及異常檢測。

Istio 還提供了一種 Security API，以在各種細粒度級別配置策略。它支援三種模式的 TLS 通訊：DISABLE，PERMISSIVE和 STRICT。通過查看 Istio 請求指標，可以瞭解是否通過 mTLS 代理進行請求。

總結，這篇文章是對服務網格和 Istio 的簡短深入瞭解。還有更多需要探索的。感謝您閱讀此篇文章，讓我們繼續學習！

My Career Story

I've been interested in technology since university, where I took an elective in Java programming. I fell in love with the subject and knew I wanted to make it my career. After earning a bachelor's degree in Chemistry, I worked as a marketing manager in the tourism industry. There, I met many marketers with business acumen but lacking technical skills, particularly in SEO and website building. This inspired me to switch careers and become a software engineer at an Australian consulting firm, where I gained advanced front-end development skills. Outside of work, I pursued a part-time degree in computer science, which proved to be incredibly rewarding.

One significant challenge during my software consulting role at Accenture was adhering to tight timelines. I managed a large customer-based mobile app for an airline. Given the numerous feature requirements, I adopted an agile approach to continually deliver value. Occasionally, I had to negotiate with the product owner to overcome project blockers. Ultimately, we launched the mobile app successfully, meeting business requirements and earning customer satisfaction. This experience taught me that technology alone can't solve all business problems. Hence, I enrolled in a part-time MBA program to better understand the intersection of business and technology.

While consulting for EY in the banking sector, we faced a setback involving the choice of a cloud platform. We initially developed a banking wallet product using Amazon Web Services (AWS), assuming it met all requirements. However, just before going live, we realized that the AWS data center in Hong Kong was delayed. Due to regulatory requirements, we had to migrate to Microsoft Azure. I advised and executed the new technical architecture to ensure compliance.

At Dynatrace, I was part of the post-sales team, focusing on software monitoring products. One memorable project involved a new client at Huawei who wanted to integrate our product into their cloud platform. Working onsite in Shenzhen, I faced a demanding work culture and a 9 am to 9 pm, six-day work week. Despite this, the project launched successfully, thanks in part to my proactive responses to client queries.

As a technical lead at HSBC, I oversaw the development of an online payment solution for merchants in Malaysia. I noticed that the team was fragmented, with individuals focusing on either the back end or the front end, but no one looking at the overall user experience. Compounding the issue were office politics, which hindered our progress. To overcome these challenges, I engaged with customers to understand their needs and consulted Splunk logs for error data. Taking ownership of the results, I delegated tasks effectively, which led to a rise in transaction success rates from 40% to 70%.

Currently, as a client engineering manager at Thought Machine, I recently assisted a colleague in pre-sales who had to present to one of Taiwan's largest banks. With only a week to prepare and my colleague not being fluent in Mandarin, I translated and presented the slides. It was a challenging task, but the presentation was well-received.

In my present role, I also conduct training sessions for new team members, clients, and partners in Vietnam. Although English is our second language, I make sure to speak clearly and use various phrases to get my points across.

Outside of work, I have a passion for continuous learning. I am certified in various cloud platforms and have Scrum certifications for project management. I also enjoy honing my communication and public speaking skills through Toastmasters clubs.

In summary, I thrive on exploring new technologies and finding solutions at the intersection of business and tech. I love collaborating with customers, partners, and teams to create robust architectures and demonstrations based on customer needs. Feel free to connect with me: https://www.linkedin.com/in/victorleungtw.

My Career Story

Welcome back to another episode of Continuous Improvement! I'm your host, Victor, and today we're diving into the fascinating world of technology and professional growth. I've always been captivated by the ever-evolving landscape of tech, and today I want to share my journey with you. From switching careers to navigating challenges, and embracing continuous learning, we'll explore how I've grown into the role of a software engineer. So grab your favorite beverage, sit back, and join me on this exciting ride!

It all started back in university when I stumbled upon a Java programming course. Little did I know, that course would spark an intense passion for technology within me. After completing my bachelor's degree in Chemistry, I initially pursued a career as a marketing manager in the tourism industry. But I couldn't ignore the fact that many marketers lacked technical skills. This realization inspired me to make a career switch and become a software engineer at an Australian consulting firm.

My time at Accenture was both challenging and rewarding. I was fortunate to work on a large customer-based mobile app for an airline. Tight timelines and numerous feature requirements pushed me to adopt an agile approach. But it wasn't all smooth sailing. Negotiating with the product owner to overcome project blockers taught me an invaluable lesson about the importance of collaboration. In the end, we successfully launched the mobile app, meeting business requirements and ensuring customer satisfaction.

While consulting for EY in the banking sector, I encountered a setback involving the choice of a cloud platform. Our initial choice, Amazon Web Services (AWS), was unable to meet regulatory requirements due to a delay in their data center in Hong Kong. So we had to shift gears and migrate to Microsoft Azure. It was a challenging experience, but one that highlighted the need for adaptability and the ability to make quick, strategic decisions.

Dynatrace brought a whole new set of challenges to the table. I was part of the post-sales team, working on software monitoring products. One particular project stood out – integrating our product into Huawei's cloud platform. Working in Shenzhen, I faced a demanding work culture and a grueling schedule. But through proactive communication and dedication, we successfully launched the project and delivered exceptional results.

My journey continued at HSBC, where I served as a technical lead. Developing an online payment solution for merchants in Malaysia, I identified a fragmented team and office politics that hindered our progress. To overcome these challenges, I dove deep into understanding customer needs, consulted error logs, and fostered effective delegation of tasks. Gradually, we saw a remarkable rise in transaction success rates. This experience taught me the importance of taking ownership and cultivating a harmonious team environment.

Today, I find myself at Thought Machine as a client engineering manager. It's a role that allows me to explore new technologies and collaborate with customers, partners, and teams. Recently, I had the opportunity to assist a colleague in pre-sales, presenting to one of Taiwan's largest banks. Despite the language barrier, I embraced the challenge, translating and presenting the slides with confidence. It was a rewarding experience to see our efforts recognized and appreciated.

Outside of my professional pursuits, I'm an avid advocate for continuous learning. I've obtained certifications in various cloud platforms and project management methodologies like Scrum. But I don't stop there. I actively engage with Toastmasters clubs to improve my communication and public speaking skills. After all, growth knows no limits!

And that brings us to the end of yet another episode of Continuous Improvement. I hope my journey has inspired you to embrace the ever-changing world of technology, to strive for collaboration and continuous learning, and to never shy away from taking on new challenges. Remember, you have the power to shape your own path to success. Until next time, this is Victor signing off!

我的職業生涯故事

我對科技的興趣始於大學時期，當時我選修了Java編程的選修課。我愛上了這門課程，並知道我想把它變成我的職業生涯。在獲得化學學士學位後，我在旅遊業擔任行銷經理。在那裡，我遇到許多具有商業頭腦但技術技能不足的行銷人員，尤其是在SEO和網站建設方面。這激勵我轉行，成為一家澳洲顧問公司的軟體工程師，在這裡我獲得了高級前端開發技能。在工作以外，我進行了兼職的電腦科學學位，這證明是非常有價值的。

在Accenture擔任軟體顧問角色時，一個重大的挑戰是遵守緊湊的時間線。我管理了一個針對航空公司的大型客戶移動應用程式。鑑於眾多的功能需求，我採用了敏捷的方法來持續提供價值。偶爾，我必須與產品所有者協商以克服專案的阻礙。最終，我們成功地推出了移動應用程式，滿足了業務要求並贏得了客戶的滿意度。這次經驗教會了我，僅靠科技並不能解決所有的商業問題。因此，我報名參加了兼職MBA課程，以更好地了解商業與科技的交叉點。

在EY為銀行業界提供咨詢服務時，我們遇到了一個挑戰，那就是雲平台的選擇。我們最初使用Amazon Web Services（AWS）開發了一個銀行錢包產品，認為它符合所有的要求。然而，在即將上線前，我們意識到香港的AWS數據中心有所延遲。由於監管要求，我們必須遷移到Microsoft Azure。我提供並執行了新的技術架構，以確保符合規定。

在Dynatrace，我是售後團隊的一員，專注於軟體監視產品。一個令人難忘的專案涉及到想要將我們的產品整合到他們的雲平台的新客戶華為。在深圳駐點工作時，我面對了要求苛刻的工作文化和每週六天的9 am至9 pm的工作時間。儘管如此，這個專案還是成功地推出了，這部分要歸功於我對客戶問題的主動回應。

作為HSBC的技術領導，我監督了一個針對馬來西亞商戶的在線支付解決方案的開發。我注意到團隊的人分裂，有的人專注於後端，有的人專注於前端，卻沒有人關注整體的用戶體驗。加劇此問題的是辦公室政治，這阻礙了我們的進程。要克服這些挑戰，我與客戶接觸，了解他們的需求，並查詢Splunk日誌以獲取錯誤數據。我對結果負責，有效地分配了任務，從而使交易成功率從40％提升到70％。

現在，作為Thought Machine的客戶工程經理，我最近協助一位需要向台灣最大的銀行之一發表演說的業務預售同事。只有一星期的準備時間，我的同事不擅長講國語，我翻譯並演示了投影片。這是一個具有挑戰性的任務，但演講被很好地接受了。

在我現在的角色中，我還主持新的團隊成員、客戶和越南合作夥伴的培訓課程。雖然英語是我們的第二語言，但我確保說話清晰，並使用各種短語來表達我的觀點。

在工作之外，我對持續學習有著熱忱。我在各種雲平台上都取得了認證，並且擁有Scrum項目管理的認證。我也喜歡通過Toastmasters clubs來提高我的溝通能力和公共演講技巧。

總的來說，我熱衷於探索新技術，並在商業與科技的交叉點找到解決方案。我喜歡與客戶、合作夥伴和團隊合作，根據客戶需求創建強大的架構和演示。歡迎隨時與我聯繫：https://www.linkedin.com/in/victorleungtw。

On Digital Transformation

Over the last 5 years, I have assumed leadership roles in multiple digital transformation projects.

In 2017, I worked as a senior consultant at Accenture, helping Cathay Pacific Airways transform their mobile app from a legacy platform to new native mobile technology. I led the sprint process and actively communicated priorities to remote team members. I gained hands-on experience coding for Node.js and Java Spring Boot servers, while simultaneously addressing client business challenges at the intersection of organizational structure and technology.

In 2018, I served as a consultant at EY, leading a project for HSBC's Payme business mobile app. The rise of e-commerce and AliPay's aggressive expansion into new products posed a threat to traditional banks. If these banks failed to adapt to the emerging QR payment trend, they risked becoming obsolete. My role was to help the bank navigate this transition successfully. I presented technical architecture and agile delivery methodologies, gained hands-on experience coding in Kotlin on Android, and advised on the migration from AWS to Azure for compliance reasons.

In 2019, I led the HSBC merchant online payment project as a technical lead. The pandemic accelerated the shift toward e-commerce sales, and the existing legacy platform struggled to keep pace, resulting in numerous failed transactions. I was responsible for building a new website with a more robust technology stack to replace the old platform. I led teams in delivering solutions from kick-off to launch, using Angular in TypeScript on Adobe Experience Manager (AEM), and fostered relationships across engineering, design, and stakeholder teams.

In 2021, I worked on a newly licensed, digital-only bank in Singapore. Unlike traditional banks burdened by legacy systems, this digital-only bank had the competitive advantage of utilizing cloud-native technology. Traditional banks may have more customers, financial resources, and market data, but new banks have the agility to innovate, enabling more efficient and cost-effective operations.

In 2022, I am currently involved in a Vietnamese Digital Bank project. As a key technical member of the Client Service team, I help build financial products on the platform. My tasks include working on bank deposit and lending products and implementing Python smart contract code. I analyze and translate business requirements into technical specifications, ensuring timely and successful delivery while collaborating with customers, partners, and other teams.

The most significant aspect of digital transformation projects over the past 5 years has been changing mindsets and introducing new ways of working. I have a decade of experience in software development, application architecture, and cloud solution deployment for enterprise customers. With master's degrees in both Computer Science and Business Administration (MBA) in Finance, I have a unique blend of technical and business acumen. I hold certifications in Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Kubernetes, and Scrum, and have experience building banking products from scratch.

My career goal is to lead digital transformations, which are complex endeavors requiring innovative approaches to strategy. Launching large-scale projects without sufficient information can lead to resistance at various organizational levels. I aim to overcome these common barriers by winning early supporters through smaller successful projects and demonstrating clear financial impact.

My strength lies in my ability to learn and apply knowledge quickly. In a volatile business environment, it's crucial to adapt swiftly and test assumptions at a low cost. My test-and-learn mentality serves as a source of continuous improvement, enabling me to provide valuable feedback and help teams succeed.

However, my weakness could be my tendency to focus solely on technology. Digital transformation is not just about technological change; it's about meeting customer needs more effectively. As an engineering manager, I realize that technology alone cannot transform an industry without a business model that connects it to an emerging market.

Innovation requires a diverse skill set. A team that includes both business and technical individuals, working alongside domain experts, ensures projects address organizational priorities rather than isolated departmental issues. When I, as a software developer, involve end-users in the design of applications, the likelihood of successful adoption increases significantly.

On Digital Transformation

Welcome to Continuous Improvement, the podcast where we explore the world of digital transformation and discuss strategies for success. I'm your host, Victor, and in today's episode, we'll dive into the career journey of a digital transformation leader.

But before we begin, a quick reminder to subscribe to our podcast and leave us a review if you enjoy the content. Your feedback is greatly appreciated.

Now, let's get started.

Over the past 5 years, our guest today has assumed leadership roles in multiple digital transformation projects, working with renowned companies like Cathay Pacific Airways, HSBC, and EY. With a unique blend of technical and business acumen, our guest has tackled complex challenges and obtained hands-on experience in various technologies.

In 2017, as a senior consultant at Accenture, our guest led the transformation of Cathay Pacific Airways' mobile app, moving it from a legacy platform to a new native mobile technology. Through effective communication and the utilization of his coding skills, our guest successfully addressed both the organizational and technological challenges.

Following this, in 2018, our guest worked as a consultant at EY on a project for HSBC's Payme business mobile app. The rise of e-commerce and the disruption caused by AliPay posed a threat to traditional banks. Our guest was entrusted with guiding HSBC through this transition, advising on technical architecture, agile delivery methodologies, and even driving the migration from AWS to Azure.

In 2019, our guest took on the role of technical lead for the HSBC merchant online payment project. With the sudden surge in e-commerce due to the pandemic, our guest played a crucial role in building a new website to handle the increased demand. Leveraging Angular, TypeScript, and Adobe Experience Manager (AEM), our guest ensured a smooth launch while collaborating with various teams.

Continuously pushing boundaries, our guest then joined a digital-only bank project in Singapore in 2021. Unlike traditional banks burdened by legacy systems, this digital bank had the advantage of utilizing cloud-native technology. Our guest witnessed firsthand how agility and innovation can lead to more efficient and cost-effective operations.

Now, in 2022, our guest is contributing to a Vietnamese Digital Bank project, working on building financial products on the platform. With a diverse skill set and the ability to analyze business requirements and translate them into technical specifications, our guest is helping drive innovation and success in the banking sector.

Throughout these experiences, our guest emphasizes the importance of changing mindsets and introducing new ways of working. Digital transformation is not just about technology—it's about meeting customer needs effectively. Our guest's journey highlights the need for a diverse team, involving both business and technical individuals, and working closely with end-users to ensure successful adoption.

While focused on technology, our guest acknowledges the importance of developing a strong business model that connects technology to an emerging market. With a test-and-learn mentality and a commitment to continuous improvement, our guest aims to lead successful digital transformations.

And that's a wrap for today's episode of Continuous Improvement. I hope you found our guest's journey inspiring and learned valuable insights about digital transformation.

Don't forget to tune in next week for another exciting episode. Until then, keep exploring and striving for continuous improvement.

Thank you for listening to Continuous Improvement. If you enjoyed this episode, be sure to subscribe and leave us a review. We appreciate your support.

關於數位轉型

在過去的5年裡，我在多個數位轉型項目中擔任領導角色。

2017年，我在埃森哲擔任高級顧問，幫助國泰航空將其手機應用程序從傳統平台轉換為新的本地移動技術。我領導了迭代過程，並積極與遠程團隊成員溝通優先事項。我獲得了在Node.js和Java Spring Boot服務器上編碼的實戰經驗，同時解決客戶在組織結構和技術交叉點上的商業挑戰。

2018年，我在安永擔任顧問，領導滙豐銀行的Payme業務移動應用項目。電子商務的興起和支付寶對新產品的積極擴展對傳統銀行構成威脅。如果這些銀行未能適應新興的二維碼支付趨勢，可能會變得過時。我的角色是幫助銀行成功地進行這項轉變。我展示了技術架構和敏捷交付方法論，在Android上使用Kotlin進行編碼的實戰經驗，並就由於合規原因從AWS遷移到Azure的問題提供建議。

2019年，我作為技術負責人領導了滙豐銀行的商家在線支付項目。大流行病加速了向電子商務銷售的轉變，現有的傳統平台無法跟上，導致許多交易失敗。我負責建立一個使用更穩健技術堆棧的新網站，以取代舊平台。我帶領團隊從啟動到上市提供解決方案，使用TypeScript on Adobe Experience Manager (AEM)的Angular，並在工程師，設計師和利益相關者團隊之間建立了良好的關係。

2021年，我參與了在新加坡新獲許可的數位銀行的工作。與受傳統系統限制的傳統銀行不同，這家數位銀行有利用雲原生技術的競爭優勢。傳統銀行可能擁有更多的客戶，財務資源和市場數據，但新銀行有進行創新的機敏性，使得運營更高效，成本更低。

2022年，我目前參與越南數字銀行項目。作為客戶服務團隊的關鍵技術成員，我幫助在平台上建立金融產品。我的任務包括在銀行存款和貸款產品上工作，並實現Python智能合約代碼。我分析並將業務要求轉化為技術規範，確保及時和成功的交付，同時與客戶，合作夥伴和其他團隊合作。

在過去5年的數位轉型項目中，最重要的一部分是改變思維模式並引入新的工作方式。我在軟體開發，應用架構設計，和企業用戶雲解決方案部署方面有十年的經驗。擁有計算機科學和金融商學碩士(MBA)學位的我，具有獨特的技術和商業智識結合。我擁有Amazon Web Services (AWS)，Google Cloud Platform (GCP)，Microsoft Azure，Kubernetes和Scrum的認證，並有從頭開始建立銀行產品的經驗。

我的職業目標是領導數位轉型，這需要創新戰略來應對複雜的挑戰。在沒有足夠信息的情況下啟動大規模項目可能會導致組織各級的抵制。我希望通過更小的成功項目早期贏得支持者，並展示明確的財務影響來克服這些常見障礙。

我的優勢在於我學習並快速應用知識的能力。在多變的商業環境中，迅速適應並以低成本測試假設至關重要。我的測試和學習的心態是持續改進的源泉，使我能夠提供有價值的反饋，幫助團隊成功。

然而，我的弱點可能是我過於關注技術。數字轉型不僅僅關於技術變革;它是關於更有效地滿足客戶需求。作為一個工程經理，我明白單憑技術無法改變一個行業，除非有一種商業模式將其與新興市場連接起來。

創新需要多種多樣的技能。包括商業和技術人員的團隊，與領域專家共同工作，可以確保項目解決組織的優先問題，而不是孤立的部門問題。當我作為軟體開發人員將最終用戶納入應用程序的設計中時，成功採用的可能性大大增加。

Think and Grow Rich - Book Review

The book I'm going to review is "Think and Grow Rich," written by Napoleon Hill. Reading this book in public might be a bit awkward, not because it's poorly written, but because its title could come off as superficial. Given that people often judge a book by its cover, I worry they may judge me based on what I'm reading.

Let's start with a quotation from Henry Ford that is featured in the book: "Whether you think you can, or you think you can't, you're right." This quote encapsulates the essence of the book. Initially, I was skeptical about reading it. Was it a scam? A Ponzi scheme? Or perhaps an attempt to persuade me to invest in Bitcoin and NFTs? The author claims to reveal "the biggest secret of all time," even though he has faced accusations of fraud and business failure.

However, before passing judgment, it's important to understand the book's historical context. It was published in 1937, during the Great Depression. Today, we find ourselves in a similar situation, with the stock market having dropped by 20%. Despite this, the book remains a bestseller, has sold more than 20 million copies, and belongs to the self-improvement genre. I've read many self-improvement books, and if they were as effective as they claim, I'd already be wealthy and retired on a yacht, enjoying my life.

The book emphasizes mindset, distilled down to a simple formula: desire, faith, and then action. Despite its title, the book clarifies that you can't simply think your way to riches; action is required. If you possess enough desire, have faith in yourself, and conquer your fears, you'll be compelled to act.

The book features numerous motivational stories and case studies of successful individuals, like American industrialist Andrew Carnegie. While it claims to be supported by research, the methodology doesn't appear to be rigorously scientific. The best way to test the book's ideas is to put them into action.

Don't expect to get paid simply for knowing something; you have to act on that knowledge. The world doesn't pay people for what they "know"; it pays them for what they do or for their ability to inspire others to act. A skilled leader can significantly increase the efficiency of others, persuading them to provide better service than they would on their own.

It's one thing to want money—everyone does—but it's another thing entirely to actually be worth more. Many people confuse their desires with their true worth. Your financial goals have nothing to do with your actual value, which is determined solely by your ability to provide valuable service or to encourage others to do so.

Success is unattainable for those who repel people with a negative personality. Power is achieved through cooperative efforts, and a negative personality won't facilitate such cooperation.

Having a college degree doesn't necessarily make one educated. An educated person has learned how to achieve their goals without infringing upon the rights of others. Education is less about accumulating knowledge and more about applying it effectively and consistently.

If you're obsessed with the idea of becoming rich, my first recommendation would be to read this book.