Andrew Sapozhnikov, Mad Devs: “one of the biggest challenges today is software security”

As recent global events impact businesses across all industries, cyberattacks on critical infrastructure have become a reality.

The development and implementation of trusted cybersecurity measures are on the rise. Software designed to protect information, like the best VPNs, may be inadequate. Keeping up with the complexities involved in data security requires a higher level of software development.

To find more answers on data and software security in the cybersec world, we turned to Andrew Sapozhnikov, the CIO and CTO of Mad Devs – a software development company on a mission to “automate everything!”

Can you tell us about the history and founding of Mad Devs and how the company has grown and evolved over time?

Our story began in 2007 when several of Mad Devs' co-founders and colleagues had primarily worked as developers and PMs in other projects.

Our expertise continued growing. Between 2010 and 2016, we launched several major technological products in multimedia, transportation, and delivery in Central Asia.

After successfully launching and supporting these products, we realized we had gathered a strong team with solid expertise capable of implementing world-class projects. That's when we decided to create Mad Devs.

There were 13 people on our team. Now, almost six years later, Mad Devs has over 150 employees. During our work, we have implemented over a hundred projects in various domains. It has attracted millions in investments and hundreds of thousands of users worldwide.

We have long specialized in developing custom software for unique, complex, or large systems. This requires exceptional quality, meets investor expectations, and complies with strict industry standards. We have now reached a level where our expertise and accumulated experience allow us to go beyond software development.

Today, we offer software development process consulting services. These services are to help companies adopt practices and approaches that continuously improve team performance and product quality. We offer technical auditing and technical infrastructure optimization services. It's to help companies achieve high standards and stable release of new features.

We help with auditing individual solutions, like the security and accuracy of smart contracts, and entire systems, like the stability of platforms and all their integrations and applications. Also, we conduct security posture audits and verify the compliance of company employees. This is to ensure security not only at the software level but also at the human level.

Tell our readers more about what you do. What challenges do you help to overcome?

So we act as technical co-founders who are ready to provide high-quality code. We integrate into the teams and businesses of our clients, build processes, propose profitable solutions, and make achieving goals a constant practice.

Often, young companies need more established development processes. Old, larger companies avoid changes in processes for a long time. They become outdated and fail to meet necessary needs or unlock their full potential. This is one of the key challenges for every company, and neglecting it can be incredibly costly.

First, we help businesses streamline their processes by automating and optimizing them, elevating development to a new level of efficiency and stability. It allows companies to maintain the relevance of their products and services by continually delivering high-quality functionality, even after our joint project work is complete.

Also, when developing a new product in an unfamiliar area or when improving an existing product to a higher level, companies often face a lack of experts needed for this. We provide all that. This guarantees the achievement of their goals and can be fully adopted by them. When working with us, companies not only get the best products and services but also expand the capabilities of their teams.

Another key challenge is the lack of transparency and trusts many companies seeking contractors face. Since transparency is one of our core principles, and trust is one of our main goals, we initially set up processes and use tools so that the customer can access everything in the development process.

At some point, the set of practices and tools for ensuring transparency reached a critical mass. Developing our related product was inevitable. It's how our Enji.ai was born. The product collects and processes data about all project activities and makes engineering teams' work transparent. Thanks to Enji.ai, our clients can monitor and get accurate reports at any given moment about what is happening with their projects, teams, and budgets.

In other words, we don't aim to simply sell a solution and acquire a client. We only bring real value and become partners who are genuinely interested in their success. Only this approach deserves effort and attention, and it yields results.

Can you speak to the role of innovation and creativity in software development? How does Mad Devs foster a culture of innovation within the company?

We strive to provide our employees with everything necessary for their development and the development of their projects. After all, the stronger each employee is, the stronger the team and the entire company.

In Mad Devs, professional communities of machine learning specialists, DevOps, software engineers, project managers, and many others allow professionals to go beyond their commercial projects. They can jointly develop and implement innovative pet projects. There, colleagues engage in intensive discussions of new technology, share opinions and experiences, help each other resolve difficulties developing their pet projects, or even create and develop a joint open-source project within the community.

This is how many of our projects have emerged. From the desire to contribute to the development of open source. We see this as very important, and we deeply love it. For instance, our open-source project, HardHat Mad Boiler, started from our desire to understand smart contracts technology better. We also wanted to see how to make its development more usable and secure. This led to an open-source product that other projects and companies actively use and support now.

We hold regular AMA sessions. At these meetings, company directors share their research and conclusions about what's happening in the world of technology. We discuss how it affects us and other companies. In this way, our AMA sessions often become a considerable discussion among all employees of all directions. Anyone can openly propose a topic during the session or anonymously send it in a form. This allows us to erase hierarchical and project borders. We freely exchange diverse opinions, discover exciting ideas, and stimulate each other toward a deeper understanding or a broader view of various aspects.

We release our monthly digest, Mad Times. In it, we talk about the company's internal news. We are constantly celebrating each other's successes on the development path each of us pursued. This lets employees understand that their development is of interest. That the updating of their knowledge and skills won’t go unnoticed. Moreover, we provide resources for this development. It ranges from our guides for each development direction to paying for chosen external learning resources.

We share our knowledge beyond the company. Readers can access our educational articles and tech podcasts. They can even discover the handling challenges during development in our case studies. There’s a compilation of engineering experience into proven practices and approaches in our ebooks, like the Engineering Handbook, which is available to everyone.

Additionally, we are regular co-organizers of GDG and other tech conferences. Our specialists perform as speakers, network with specialists from other companies, and always stay updated on the latest developments.

How did the recent global events affect your industry/cybersecurity/people's approach to their niche?

Indeed, the last few years have been challenging for the entire world. Many companies didn't survive the series of crises and threats we faced and continue to encounter. Most of them simply were not prepared for what was to come. And those who were relatively prepared didn’t expect it to last this long. This is perfectly illustrated by the World Economic Forum's research. It shows the Energy Supply Crisis, Cost-of-Living Crisis, Rising Inflation, Food Supply Crisis, and Cyberattacks on Critical Infrastructure. These are major concerns that are more exposed than ever and directly affect every company no matter its size or domain.

This forced all companies to reconsider many of their processes and approaches. They had to be more resilient and flexible, as well as prioritize the development of products and services that were not a priority before.

It seems that the gold rush of startups, where it was enough to present a promising project and get funding for its development, is coming to an end. Today, investors are more cautious with their money. They prefer to invest in fundamentally important things and bring real value that we need here and now.

This didn’t affect service companies as much. For example, we have always paid great attention to processes, constantly improved them, and strived to make them more transparent, flexible, and stable. This has allowed us not only to survive but also to continue growing in these challenging times. Our solutions' quality and security have always been our highest priority. So, we didn’t need to make fundamental changes that the company might not be able to handle.

It has had a big impact on product companies. Many found themselves and their products not the highest priority in today's events. Also, companies whose products responded to today's primary challenges, such as HealthTech and EdTech, had to make them much more secure. After all, a large influx of users onto their platforms concentrated much more user data than before. It's making them a target for malicious actors.

Can you discuss some of the biggest challenges facing the software development industry today? How do you address these issues?

One of the biggest challenges today is software security, independent of a company's size or sector. The importance and urgency of quality solutions in this regard have always been high. With each passing year, we become increasingly convinced of this. For instance, a recent Forbes article discusses the steady increase in cyber attacks on organizations compared to the previous quarter. It also refers to data from IT Canada indicating that, within the first four months of 2023, data from over 340 million users has leaked.

The amount and variety of important data today is immense and continues to grow. With the spread of neural networks, the number and level of threats to this data are unimaginably increasing. It's time to forget that security mistakes cost a lot. Today, the cost is unacceptable. The consequences are not just devastating but catastrophic.

In turn, we carefully monitor everything in the security field and how other industries' development affects this. We follow all the latest data security and encryption policies and educate our employees. Also, we are working on obtaining certificates for compliance with industrial standards. We help our specialists get the necessary knowledge and skills to achieve personal certificates.

Can you describe the challenges and opportunities that the COVID-19 pandemic presented? Additionally, how have recent geopolitical events in international business affected you? What steps has the company taken to navigate these changes?

Since we've been a remote-first company from the beginning, this didn't affect our internal processes and approaches. It's built on flexible development, transparent and asynchronous communication. However, like everyone else, we were shocked by what was happening and concerned about what the market would face. We didn’t seek opportunities in this but responded to the challenges by trying to help society as much as we could.

We developed two E-Learning platforms. One is MegaUni, in collaboration with leading universities and enterprises in Vietnam. Another is Edumall. Both make online learning as accessible, comfortable, and as effective as possible.

We also implemented some features into the products we were already working on. For instance, integrating the Ashyq service into the app of one of Kazakhstan's largest banks. It allows users to provide Covid certificates without making complicated shifts to the government website.

Here, we intensely focused on expanding our expertise in critically important areas. It included looking for projects in corresponding industries such as FinTech, HealthTech, and EdTech. Not only to provide development services but also to audit and ensure the quality of existing solutions.

As for how the company and its employees weathered this series of crises, first, we tried to assess the scale of these crises and the prospect of their duration. Since we didn’t hope for their quick resolution, we saw the need to review our priorities and expenses. It was necessary to optimize costs, dump optional costs for some services, and provide relocation for employees who needed it.

We focused on the most important thing – to make employees feel protected, to be able to continue performing work in good conditions, and maintain the quality of service that we provide to customers. In such difficult times, the well-being of our employees and the quality of our services were our top priorities.

How do you stay up-to-date on the latest trends and threats in cybersecurity? Are there any training and education programs or tools that you would recommend using?

We have a cybersecurity department whose main task is to keep an eye on everything that happens in the world of security and to ensure its high level. This requires the work of many specialists with a wide range of knowledge and skills who use various approaches and tools.

It's crucial for each specialist to systematically enhance and validate their skills by obtaining top security certifications. For instance, specialists from our department hold certifications from authorities like CompTIA, Offensive Security, etc.

Also, it's important to follow top security researchers and security companies. To carefully review and study their industry reports and blog posts. It helps to gather more insight into current cybersecurity topics. For instance, here is a list of some notable sources:

• Cyber Security News – Cybersecurity and information news, independent research, the latest tech analysis, and product reviews.

• Krebs on Security – Krebs is a respectable cybersec journalist known for his profound and in-depth investigative reporting.

• The Hacker News – One of the most popular and trusted news sites in the cybersec sphere, essential for regular updates.

• Dark Reading – Prime cybersecurity resource, providing comprehensive coverage from technical vulnerability reports to strategic risk management insights.

• TLDRSec – A newsletter featuring some of the best infosec and cybersec research across various areas.

• ZDNet Security – A blog about current research and security vulnerabilities accessible to specialists at all levels.

• NetSec on Reddit – An aggregator of technical content from the cybersec sphere with details on current vulnerabilities, exploits, and hacks.

Are there any training and education programs or tools that you would recommend using?

As for training and educational programs, HackTheBox, TryHackMe, and Capture The Flag all provide a great experience to learn new and maintain existing cybersecurity skills.

Attending cybersecurity events like RSA Conference, Black Hat, DEF CON, etc. also plays a significant role in staying updated and honing skills.

What does the future of your industry look like? How do you plan to stay ahead of the curve and continue innovating in the years to come?

The future of our industry is changing fast, and its pace of change is only accelerating. Yes, the development of some trends promising revolution has slowed down. Now we are observing their calm and confident evolution.

A prime example of this is blockchain. It didn’t help to make a sharp transition to Web 3, which many of us eagerly await. Yet, blockchain technology continues to develop. More products are being designed based on it, and it’s taking an increasingly key position in our future.

The same applies to cloud computing. Despite the desire of many, we haven't completely moved everything to the cloud. But the demand for cloud storage and computing continues to overgrow. As this technology develops, it's giving birth to more suitable variations for different types of tasks, such as Fog Computing and Edge Computing.

The development of AR/VR devices and applications also promises growth. Of course, this statement is questionable, considering the many attempts by various companies to harness and popularize this technology. But this is a logical continuation of the development of interfaces between humans and computers. Also, advances in speech and motion recognition via neural networks promises to significantly change the experience of using this soon.

Of course, the development of artificial intelligence, the increasing use of neural networks, and the creation of a growing number of applications based on them are happening right before our eyes. Let's see if this trend is the revolution that leads us into a fundamentally new era. It's already obvious that artificial intelligence helps us with incredibly difficult tasks that seemed impossible before. It helps not in a separate domain but all at once.

Mad Devs already has deep expertise in classic development and the development of blockchain-based and AI-based solutions. We are actively working to expand this expertise. We continue to take part in larger projects to help solve even more complex and important tasks. These tasks are in critical areas such as finance, medicine, transport, and others.

Our AI/ML specialists are working on achieving PhDs in philosophy, mathematics, and computer science. Our cybersecurity specialists are working on obtaining more advanced certificates. In general, every employee in the company has an interest in and motivation to keep up with what is happening in the world. They want to ensure their knowledge and skills are up-to-date to create even more value for the company, clients, and the entire world.

And finally, what is the future of the company going to look like?

We aspire to become uncompromising world leaders in developing large, complex, and unique technological solutions, including ensuring transparency and stability in their development. We aim for our services to be a good example for other companies. We also want our clients' companies to be successful. We have already done a lot towards this, but much more remains to come.