Jorge Laurel
Writing

Part 2: Code, Coffee, and Course Corrections

Jorge Laurel · ·5 min read

Day 2 of a 5-part series: The Development Sprint That Changed Everything


Did you miss Part 1? It’s available here.


Remember those ambitious PRD dreams from Part 1? Well, reality has a funny way of keeping your feet on the ground—even when you’re moving at AI speed.

What followed my planning phase was one of the most intense and educational weeks of development I’ve ever experienced (OK, my firs actually). Not because of long coding sessions (thank you, AI Agent), but because of how rapidly I could test ideas, hit walls, pivot, and try again.

If Part 1 was about vision, Part 2 is about execution—and all the beautiful chaos that comes with it.

The 7-Day Sprint That Felt Like 7 Weeks

Days 1-2: Foundation and Reality Checks

The AI Agent started with the basics: React.js frontend with TypeScript for type safety, Node.js/Express backend with PostgreSQL database, and basic newsletter display functionality. Simple enough, right?

Wrong. Even “simple” features revealed complexity I hadn’t anticipated. Take user authentication, for example. My PRD called for “Firebase authentication for secure admin access.” Sounds straightforward until you realize you need to decide:

  • Client-side vs. server-side session validation

  • Role-based access control implementation

  • Session timeout and refresh strategies

  • Multi-factor authentication requirements

This is where the AI Agent really shined. Instead of spending hours researching best practices, I could immediately get implementation suggestions and security considerations. What would have been a day of Googling and Stack Overflow diving became a 30-minute architecture discussion.

Days 3-4: The Intelligence Layer

Here’s where things got exciting. I integrated OpenAI’s GPT-4o for content analysis and had the AI Agent build automated RSS feed processing from major cybersecurity sources. The AI could categorize threats by severity, extract key insights, and even determine relevance scores for different types of cybersecurity professionals.

But here’s the kicker: the AI analyzing content while an AI was helping me build the analysis system. Meta? Absolutely. Effective? You bet.

Major “Aha” Moment

I discovered that AI content analysis could automatically categorize threats by severity level, completely eliminating the manual tagging I would have to do. This single feature probably saved me 2-3 hours per week of manual work.

Days 5-6: Security Hardening (The Fun Part)

As a cybersecurity professional, this was where I got to be really hands-on. I implemented:

  • CSRF protection and XSS prevention

  • Comprehensive security headers

  • Rate limiting and access controls

  • Input validation and sanitization

The AI Agent partnership was crucial here because security isn’t just about knowing what to implement—it’s about implementing it correctly. Having a development partner that could instantly provide secure code patterns while I focused on threat modeling was game-changing.

Day 7: Polish and Testing

Mobile responsiveness optimization, performance enhancements, and my first security audit. By the end of day 7, I had something that looked professional and felt secure.

The Features That Didn’t Make the Cut (And Why)

Remember that ambitious feature list from my PRD? Here’s what got the axe during development:

Real-time Notifications

Why it got cut: Added significant complexity without clear user benefit. Most cybersecurity professionals don’t need instant newsletter notifications—weekly cadence was perfect.

Comment System

Why it got cut: Security concerns outweighed engagement value. Managing user-generated content securely would have doubled my security surface area.

Custom Email Templates

Why it got cut: I discovered Substack integration provided better deliverability and professional email handling rather than building my own system. Plus, I am already using Substack to email subscribers the Friday Wrap Up every week as soon as it’s published.

Multi-admin Collaboration

Why it got cut: Single admin model proved more secure and aligned with the newsletter’s current workflow.

The Pivot That Saved Everything

The biggest course correction came on Day 4. I’d spent considerable effort building a complex email delivery system when I realized Substack integration could handle this infinitely better.

Instead of fighting email deliverability, spam filters, and unsubscribe management, I could focus on what made my platform unique: intelligent content curation and beautiful presentation.

This pivot saved me probably 2-3 days of development and iteration. It resulted in a better user experience. Sometimes the best code is the code you don’t write.

Development Velocity at AI Speed

Here’s what blew my mind: the iteration speed. Traditional development cycles where you implement a feature, test it, find issues, and fix them can take days. With AI collaboration, this cycle compressed to minutes.

Traditional Process:

  • Implement feature → 4 hours

  • Test and find issues → 2 hours

  • Research solutions → 3 hours

  • Fix and retest → 2 hours

  • Total: 11 hours

AI-Assisted Process:

  • Discuss feature with context → 10 minutes

  • Implement with best practices → 15 minutes

  • Test and iterate fixes → 10 minutes

  • Total: 35 minutes

This wasn’t just about speed—it was about being able to experiment freely. When the cost of trying something is 35 minutes instead of 11 hours, you can afford to be more creative and exploratory.

Two Unexpected Challenges

Challenge 1: Feature Creep at AI Speed

Because implementing features was so fast, it was tempting to keep adding “just one more thing.” I had to be disciplined about sticking to core functionality and not getting distracted by every cool idea.

Challenge 2: Human Oversight Still Essential

AI can implement features rapidly, but human judgment is crucial for determining if those features actually solve real problems. I built and then removed several features that were technically impressive but practically useless.

The Real Magic: Compound Benefits

The most surprising discovery was how features built early enabled more sophisticated features later. The content analysis system I had the AI Agent build for threat categorization became the foundation for relevance scoring, which enabled personalized content ranking, which made the archive search incredibly powerful.

This compounding effect is where human-AI collaboration really shines—the AI can see technical connections and possibilities that emerge from the architecture, while human domain expertise guides which connections are worth pursuing.

Tomorrow’s Deep Dive

In Part 3, we’ll explore the security-first approach that became my secret weapon. From OWASP testing to enterprise-grade protection, I’ll dive into how I had the AI Agent build security into every layer of the application—and why that approach probably saved me from a dozen vulnerabilities I never would have thought of.