Hello World

Imagine a world in which a company is born, solely to help keep computer systems safe from bad guys who want to do bad things - all day long. They do something called “attack surface management” and "continuous automated red teaming", a fancy way of saying they constantly check to see if there are any ways for bad guys to break into an organisation and do more bad things. In a world that relies on computers day in, day out, bad guys doing bad things to computers is.. not ideal.

Welcome to the engineering blog by the people who build that system at watchTowr! (It’s mid-2023 so yes, that was partially written by ChatGPT)

As a cybersecurity technology company, we are constantly figuring out how to allow enterprises to sleep better at night; Part of this journey includes fighting computers to make them do what we want them to do. At scale.

This blog exists to document engineering successes (and failures) and challenges we face along the way, how we approach and (hopefully) solve them, the consequences of those solutions, and other musings from the Engineering team that we’ve put together thus far. If you’re interested in cybersecurity-focused posts, our cybersecurity research team also has a pretty cool thing going on at watchTowr Labs blog.

Alright, so where do we begin?

The missing ‘e’?

watchTowr was founded in late 2021 by Ben to address the problems he saw after years of experience hacking large organisations - cybersecurity is hard, and cybersecurity is fast.

If you’ve ever been part of a large enterprise, you will know that technology is sprawling. Whether it be through natural expansion, acquisition, or just YOLO’ing through technology usage - presenting serious opportunities for cyberattacks to be successful. A successful attack could result in loss of both business and customer trust. Closer to home, this means that your and my personal data could be compromised through no fault of our own.

Organisations still rely on penetration tests - point in time, consultancy driven exercises - to find weaknesses and answer the question of “how would someone breach my network today?”. And then they do it again 12 months later.

But cybersecurity changes daily, it evolves at a pace faster than we’ve ever seen - this process just doesn't make sense anymore.

What if we could do better? What if we could help huge organisations keep up with these massive changes, and then focus on the vulnerabilities that matter - those that are immediately exploitable? What if we could take “shift left” to an extreme when it comes to protecting systems?

What if we could do it continuously?

Product-Market Fit

Late 2021 was when Ben decided he had something valuable on his hands after some successes with an early prototype of our product that was already mapping huge organisational attack surfaces, and finding weaknesses successfully.

It was written in PHP and while he still defends his development decisions to this day, for obvious reasons things had to change; and the Engineering team was born.

Note from Ben to the audience: I regret nothing.

First hires

As a technology business, engineering strength has always been our focus.

It all began with our Head of Engineering, Soe Min, joining the team. This was followed closely by a team of senior engineers including yours truly. By mid-2022 we had scaled up to a six-person engineering team with skill-sets that covered all identifiable aspects of the product:

1. Our public frontend
2. API backend that supports said frontend
3. Internal administrative security tools
4. Continuous attack workflow modules
5. Data pipelines
6. Cloud and application infrastructure

As an early-stage startup where things changed from week to week, we did not have the luxury of defining specific roles or hiring for a specific problem space.

Everyone on the team was hired because their skill-sets spanned multiple roles and in retrospect, this was definitely a Good Thing™.

Structuring the technical team

Team structures are a critical component of growing an engineering team. Do you hire in-house? What can be out-sourced? How should in-house teams be structured? How do we integrate work done by partner agencies?

Unoptimised team structures result in unnecessary communication overheads and slow down the development process. As an early-stage, we can’t afford to slow down, so we had to think it through:

• What will we need in-house expertise for?
• Should teams be organised by functional role? (IE frontend/backend)
• Should it be by problem domain? (IE customer-facing, workflows, big data)
• How granular should problem domains be? (IE account management, data visualisations, data workflows)

Being a cybersecurity organisation, security of our systems and codebase is something we take very seriously; yet being a startup we still have to move fast. We focused on a structure that allowed engineers to carry out the more strategic and sensitive work that added business value while enabling us to maintain product responsiveness in terms of more superficial fixes and updates.

After a period where everyone was contributing to multiple parts of the system, we eventually decided to form teams that were based on broad problem domains with the potential to go more granular if/when needed.

This resulted in our current team structure of:

1. Core Product - responsible for the development of the application from which customers assess their organisation’s attack surface, vulnerabilities and more.
2. Labs Cyber - responsible for the identification and codification of attacker tactics and techniques, and specialise in red-teaming activities
3. Labs Engineering - responsible for the development of tools and services that scale the outcomes of the automated attack workflows to data which customers find valuable
4. Platforms Engineering - responsible for the cloud and application infrastructure that powers all of the above

Structuring the teams this way reduced the noise in our daily communications and enabled us to only streamline communication interfaces between teams where it made sense to.

While going more granular is possible, it increases the risk of context being lost by individual engineers which in turn reduces the effectiveness of delivery if features are seen as specifications and not considered holistically as part of a larger product resulting in re-works.

Moving forward

While we have found a stable place to operate from, things will not stay this way forever so… Subscribe to our blog to read about it when we upgrade our team!

Also, we’re always on the lookout for talented individuals to join us on our rocketship (fun fact: we have 20 🚀 emojis in our team chat platform). You can find our available positions on this page but feel free to hit me up at joseph-at-watchtowr-dot-com for a chat if you'd like a more face-to-face approach.

The humans behind it

I personally believe in humanifying technology by connecting a product to the actual humans who’ve built it, so what would a welcome post on an engineering blog be if it didn’t introduce the engineering team?

Without further ado, here is our team as of the time of publishing-

Soe Min

Soe Min was the first hire for the engineering team at watchTowr, brought in to build and structure the team to take the company from MVP to enterprise-ready. He was also brought in to chew gum, which he has since run out.

Outside of his professional pursuits, Soe Min is an avid hiker and outdoor enthusiast. He finds inspiration and clarity in nature, and hiking has become a beloved pastime that allows him to recharge and generate new ideas. Additionally, Soe Min co-owns a pet hamster.

As the Head of Engineering, Soe Min is committed to leading his team to new heights and fostering a culture of innovation and collaboration. He believes in empowering his team to take ownership of their work and providing them with the resources they need to succeed.

Andrew

👁️👁️ I like code. I like apples, grapefruits and touching rocks. Requires the strongest potions. Seeks balance in the force.

Joseph

Joseph is a geek at heart and considers himself one of those lucky enough to be getting paid to do whatever he’d be doing in his free time anyway.

He likes experimenting with new technologies and he builds out developer tools and passion projects during his free time. He’s almost low-key proud of his project graveyard on Github. Outside of tinkering with computers, he also enjoys making music, taking part in Web3 communities, playing console RPGs, and bouldering.

He’s also a trained coach that’s (very slowly) on the way to getting certified (HMU if you’d like some life/executive coaching 😀)

LinkedIn: https://www.linkedin.com/in/joeir

Medium: https://joeir.medium.com/

Github: https://github.com/zephinzer

Jiew Meng

Jiew Meng enjoys building new things, gets a sense of achievement every-time he learns something new and believes in improving and learning new things constantly from experiences. In his free time, he enjoys simple things in life such as family time, long walks in nature for free vitamin D and fresh air and cooking/baking/groceries shopping.

Zhaoyan

Zhaoyan is a puzzle enthusiast who finds great joy in solving puzzles like Sudoku and crossword puzzles. There's something incredibly satisfying about cracking the code and unraveling the mystery behind each puzzle.

When he is not exercising his brain with puzzles, he loves disconnecting from the digital world and immersing himself in nature. Walking in the park allows him to unwind, breathe in the fresh air, and appreciate the beauty of the outdoors. Additionally, he is quite the table tennis aficionado. He finds it exhilarating to engage in friendly matches with friends, as it combines both physical activity and mental focus. It's always a great way to bond and have some fun.

Overall, he believes in maintaining a healthy balance between mind and body, and these activities truly make his free time fulfilling and enjoyable.

LinkedIn: linkedin.com/in/zhaoyan-xie

Leonard

Leonard is super proud to be a single-digit hire. Employee no. 6!

He's been working at startups since 2014. Not getting any younger but still hands-on and will probably never stop getting stuck in.

Let’s go!!!!

Jonathan

Jonathan is a dynamic problem-solver who finds joy in bringing ideas to life. He is committed to his craft and also thrives on collaborating with like-minded individuals to build meaningful products. Outside of work, you can find him fine-tuning parameters and brew ratios to bring out the best from another bag of coffee beans.

Wyn

Wyn is often fascinated by user psychology when it comes to interacting with tech. He loves learning more about the ‘how’ and the ‘why’ of engineering design - passionate toward being the bridge between humans and tech! When he’s not nerding out about design, you can find him eating (most likely) or exercising to stay healthy! 🙆🏻‍♂️🎉

Maik

Maik is passionate about collaboration and learning from others. As a member of the engineering team, he enjoys exchanging ideas and brainstorming with his colleagues to find creative solutions to complex problems. He finds the process of collaborating with others to be not only intellectually stimulating but also a lot of fun.

In his free time, Maik explores his interest in game development. He enjoys the process of building and designing games, finding it to be both challenging and rewarding. He also has a keen interest in language AI models and enjoys experimenting with new technologies to see what he can create.

When he's not working on his technical pursuits, Maik loves spending time with Tummy, his furry friend. He's a huge fan of cats and dogs and enjoys spending time with them whenever he can. Whether it's playing fetch or cuddling up with his dog, he finds that being around animals helps him relax and unwind.

LinkedIn: https://www.linkedin.com/in/maik-rantetasik/

Github: https://github.com/maikgr

Albert

Albert is a problem solver first, and a software engineer second. Inside his crazed up mind is a longing to want to understand how systems work in the grand scheme of things, and also to collaborate with others in the team to create awesome products. Synergy from both people and code amaze him.

Outside of work, Albert is an avid moviegoer— he would like nothing but to grab buttered popcorn and buy tickets to a weekday movie in a theatre. When no movies are showing, Albert turns into a niche type of gamer. An unashamed Playstation fanatic, Albert is a fan of behemoth-like AAA games— Resident Evil being one of his favourite franchises.

P.S.: Albert is in shortage of memes. Please donate memes to him because a meme a day keeps the doctor away. Kthxbai.

LinkedIn: https://www.linkedin.com/in/hansalbertlianto/

GitHub: https://github.com/HansAlbertLianto

Doriann

Doriann is solutions oriented and entirely driven by his curiosity and thirst to learn. Computing has been his main motivation since early in life, but later on opened himself socially while still keeping a leg into the matrix. During his free time he loves to be immersed into stories from which he can learn from experiences that will define his personality, whether through movies, games, books or social interactions.

In addition to that, Doriann is in constant self-improvement search, as well as a way to maintain happiness, as happiness is all that truly matters right?

LinkedIn: https://www.linkedin.com/in/doriann-corlouër

GitHub: https://github.com/RaJiska

Nehemiah

Nehem is a seasoned software developer with a passion for Python and related technologies with a knack for logical problem solving and a love for clean, efficient coding.

Away from office, you will find him at the local gym or at hiking trails over the weekends. Nehem also enjoys travelling, particularly interested in exploring East Asian cultures. He is currently passionate about learning Chinese language and loves making lyrical videos for songs

LinkedIn: https://www.linkedin.com/in/nehemiahjacob/

GitHub: https://github.com/n3h3m

Youtube: https://www.youtube.com/@pinyinsongs

Cheers

Till next time 🥂

Credits

• Ben for edits for the culture
• Titus Talent for Mo
• Header photo by KOBU Agency on Unsplash