All sorts of questions - "What's the best way to do X?", "How would it impact security?", "Why we need this?", "What happens if this fails?", "Remind me how this works?", "Am I thinking in the right direction?"
Even more questions to the business / CEO ( Why this, why now )
"why", "how", "can we", "who can"?
Just try to be humble in the world where nobody knows anything (including yourself)... :)
One could do worse than asking for major decisions to come with a (ultralight, readme like) platform/product enhancement proposal (PEP).
Then, in a group, probing together for 12 factor app or AWS well architected type principles as well as something like BSA security principles, gets you a very long way.
The framework doesn't matter, just something to cause a beat of design, ops, and threat modeling and "rugged manifesto" thinking.
