Many enterprises are facing the same challenge: How do they modernize infrastructure while still supporting business-critical legacy applications?
Andrew Brydon, the Field CTO for HashiCorp Australia/New Zealand and former platform engineering leader at one of Australia’s largest financial institutions, NAB, understands the problem well, because he lived it. The bank’s oldest running system dated back to 1967, running assembly code. But the company needed to build a modern engineering platform despite its dependency on legacy apps to meet growing customer demands.
At HashiDays 2025, he shared five key lessons from his experience.
»1. Build for the future without ignoring legacy
For many organizations, legacy systems aren’t going away soon. Modernization, in this context, is about enabling new development capabilities and building bridges between eras of technology. The key to accomplishing this is abstraction; creating a centralized platform that allows new infrastructure to be built and services to operate while still accessing essential legacy data and workflows.
”We have mainframes. We have three-tier apps. We use SAP… dealing with that all the way through to modern microservices running on Kubernetes. So every type of legacy complexity you can think of… we had to work with it and work out how to make that more efficient for our software developers.”
– Andrew Brydon, CTO for HashiCorp ANZ
»2. Standardization is the cornerstone of security and scale
Inconsistency is one of the biggest threats to modernization efforts. When every team configures its own snowflake infrastructure, the result is fragmentation and increased risk. According to Brydon, this is what happened at NAB. Early in their cloud journey, teams used different approaches to deployment and configuration, leading to gaps in visibility and compliance.
The solution was to build a centralized, unified security and infrastructure lifecycle management platform with pre-approved, immutable templates. This approach abstracted away complexity for the user while enforcing guardrails.
Standardization also gave the bank’s security teams something invaluable: trust.
“This was great for our security teams because they got to approve the platform once and anyone who used the platform was automatically security approved”
— Andrew Brydon, CTO for HashiCorp ANZ
That single change turned compliance from a bottleneck into a built-in feature of the stack.
For organizations scaling across hundreds or thousands of applications, standardization is critical. It creates the consistency needed to secure data, scale confidently, and deploy faster.
»3. Embed security and self-service into the platform
At the heart of the NAB’s modernization journey was a fundamental shift: turning infrastructure and compliance into a self-service experience.
Again, the centralized platform was the key — offering a single pane of glass to provision infrastructure and automate baked-in compliance/security guardrails end-to-end. Developers no longer had to navigate slow, complex ticketing workflows or approval chains; they simply pushed code to GitHub and the platform handled the rest.
“By abstracting infrastructure and automating deployment, we enabled engineers to focus on writing code, not managing environments.”
— Andrew Brydon, CTO for HashiCorp ANZ
»4. Measure developer productivity like a business metric
Another key to modernization is always the human element. A centralized platform should improve the work-lives of developers and make them more productive. But the only way to know if you are successful is to measure it.
Brydon deployed analytics tools on top of GitHub to track how engineers spent their time. The data was eye-opening: Before platform and workflow optimizations, developers were only writing code about two and a half days per week.
“We had a choice to make. Do we optimize those two and a half days to make developers faster, or do we try to increase their time spent coding to three days? Adding another half day, across 4,000 engineers, was worth about $100 million a year in productivity.”
– Andrew Brydon, CTO for HashiCorp ANZ
This insight helped gain executive support and justify investments in automation, self-service tooling, and process simplification. By automating manual steps and abstracting infrastructure tasks, organizations can give time back. Through standardized CI/CD templates and automated testing pipelines, the bank reduced build times from 45 minutes to about 10 (with a goal of under 2). The more friction Brydon’s team removed, the more value they unlocked.
»5. Use AI to amplify engineers, not replace them
The introduction of AI tools for developers (coding assistants, automated testing, etc.) has raised both excitement and anxiety. Some executives see AI as a path to doing more with fewer people. Brydon’s experience tells a different story.
When his team began experimenting with an AI-based coding assistant, expectations were sky-high. “Executives heard ‘60% more productivity,’ but the reality was closer to 15–20%,” he said.
Even so, that 15–20% was transformative when scaled across 4,000 engineers. The biggest gains came not from writing more code, but from improving code quality and test coverage. AI-assisted tools accelerated automated testing, reduced rework, and allowed engineers to focus on higher-value tasks.
That’s the real opportunity of AI in engineering, Brydon feels. Freeing developers from repetitive tasks so they can be more creative, enabling faster innovation cycles.
»Take the next step
Brydon’s experience at one of the largest financial institutions in Australia shows that modernization can lead to real transformation. It just takes relentless focus, standardization, automation, and a modern engineering platform to make it happen.
“Modernization is a marathon, not a sprint. But the results are absolutely worth it.”
— Andrew Brydon, CTO for HashiCorp ANZ
To learn more about how you can create a modern centralized platform that will empower developers to…
- Connect legacy systems into modern workflows
- Spend more time coding instead of handling operations or compliance tasks
- Write higher-quality code
… read the guide to empowering platform teams to do cloud right.
Watch Andrew’s entire presentation here:
