Engineering a Strategy for a Startup

By Ben Turner, Head of Engineering @ Cloudburst Technologies
Published Jun 04, 2024

Cloudburst is a seed-level company with a nexus in crypto, online communities, risk intelligence, counter-terrorism, and fraud prevention. We've focused on an initial number of key use cases, including cryptocurrency pump-and-dump market manipulation, pig butchering scam disruption, money laundering detection, and trafficking intelligence.

The recurring lesson learned through experience by Cloudburst's team has been that threat actors involved in crime, fraud, and violence build off a standard playbook of previously exploited techniques -- and that they then probe for weaknesses and opportunities in the latest technologies and protocols. Furthermore, Cloudburst knows that threat actors often voluntarily disclose information about their illicit activity in public forums in order to recruit or to build their communities, brands, or customer base.

This represents a unique challenge for Cloudburst's Engineering team.

We have observed a generational gap between pre-crypto-era companies and industries versus those formed afterwards; older companies are still skeptical of the credibility and value of crypto. On the other side, crypto-focused customers haven't yet invested in threat/risk intelligence solutions or mature security tools because they haven't learned the lessons of the past yet and because they are not yet required to in many cases without stricter government regulations.

How do you hire people when such large gaps exist not only in mindset but in toolsets? Cloudburst Engineering would need to select software developers who can adapt with the latest techniques being used by threat actors while applying the best practices of threat intelligence and software engineering.

They must be willing to venture from parsing poorly structured HTML or XML, to reading poorly documented wrappers for poorly documented APIs, to understanding how their code looks like across a network, to how to structure different types of data to be searchable and usable as one, to aggregating the data into more and more refined views to answer customer questions. And then those software developers must build up that domain knowledge into automated, repeatable, scalable, observable processes and definitions stored in version control.

This uncertainty and rapid evolution can be unsettling for most software developers, and many prefer not to enter this space as a result.

So we end up meeting, recruiting, and hiring software developers who exhibit flexibility and drive to pursue threat actors wherever they go next as first principles. Backgrounds matter less to us than wanting to participate in the mission.

Accounting for the operational tempo of threat actors, we want to stay close to the actors' hips as they move, and so we must pursue non-dogmatic solutions that toe the line between patching together different mini-solutions and providing a framework to add in modular sections to support more mature use cases. We must build products that don't always require the effort to turn a large ship around through expensive product cycles. We operate faster when our software developers understand what communities are most influential, what their TTPs are, and what the best technical touchpoints are to find them.

Yet Cloudburst Engineering also knows the value of building systems that don't require much human intervention to maintain. Automation is key towards keeping our team lean and small so that we can move fast and not have to make existential tradeoffs; we choose engineering policies, practices, and frameworks which lend themselves to getting out of developers' ways. Though we are a new company, we already have our data managed in a data warehouse, and can perform LLM-based predictions across tens of millions of data points at scale, for the purpose of tagging, classification, and filtering. Building out our products consists of analyzing the process by which we can identify threat actors and their schemes and figuring out what we can automate. Instead of relying on large numbers of analysts, we focus on real-time automation to provide access to insights and attribution immediately to our users.

This frees up our software developers to focus on the business logic of our domain: keeping up with the bad guys. This leads naturally to innovation, studying and reading inventive research papers released about threat actors, blockchain technology, fraud, etc. and figuring out how to automate those techniques into products to aid our customers' investigations and risk calculation.

Things will inevitably change as Cloudburst grows, but the Engineering team sees its role at this seed stage as staying true to its core principles of speed, flexibility, and light footprint so as to maintain a competitive edge amongst its peers and to bridge the generational gaps between traditional finance and crypto, threat intel and web3, US and international jurisdictions, etc. where threat actors thrive.

We hope this look into the mentality of our Engineering Department gives some insight into the DNA and long-term strategy of our company as we grow. And we also hope you'll join us and collaborate with us on our journey.