“Life at ForAllSecure” is a Q&A series dedicated to our growing company.
For this month’s profile, we talked with Dylan Bargatze, Senior Staff Engineer at ForAllSecure, who joined the company in 2020 and is based out of Cincinnati, Ohio.
I was hired for the analysis team because I have a background in reverse engineering, vulnerability research, that sort of thing. So my focus is on the analysis backend, where all the heavy computation takes place.
That being said, this is a startup, so anything we do that’s related to software, I touch. The engineers here work across the entire code base. We collaborate between Mayhem for Code and Mayhem for API. So, on a day-to-day basis, I’m doing anything and everything related to our software and our build process.
I graduated from undergrad in 2009, and I worked for Northrop Grumman for 12 years. For seven years, I worked on things like data fusion for the U.S. government.
I fell into offensive cybersecurity as a hobby. Then, a position opened up at Northrop as a Cyber Software Engineer, so for four years I got to work in offensive cybersecurity just north of Cincinnati, which is why I moved out here.
In 2020, I needed a change, so I reached out to ForAllSecure.
There is no typical day. But if there were one, it would look like this: I come in, I check in, and then I get to code for a good five or six hours. It's usually not interrupted. We do have meetings, but they're usually relatively quick. So I get to work on what I'm actually supposed to work on as my day job for a good chunk of it, which is fantastic.
The quality of the team and being part of that team is really what motivates me. Our team is incredibly smart. They raise you to their level. I can hop on a zoom call with someone and figure out a good approach to a problem within 15 minutes.
The other thing is that I love coding, and I get to do that here. I'm not shifted onto a management track or anything like that if I don’t want to be.
I've been given the opportunity to experiment and learn the Rust Programming language, which is a very hard language to learn.
We have a really supportive atmosphere here, where if someone wants to learn something that aligns with what we're doing, people are like “go for it”, which is cool.
This is one of the first places I've worked that actually embodies the company culture that we claim to have. The values—like accountability and growth mindset—are not meaningless buzzwords to satisfy investors or anything like that. The company really is that way.
As an example, we had some Japanese customers that gave us a binary whose output was fully in Japanese, so I sat here translating the stuff over so I could understand the error they were encountering. Because we’re accountable to that customer. We want them to be able to use our software. And everyone on the engineering team is that way. If there's a blind spot, we correct it. If we could be doing something better, for the most part, we fix it.
Before I came to work here, I was doing a lot of vulnerability research, which can be a very manual process when you're doing static analysis instead of dynamic analysis and when you’re not using techniques like fuzzing. It requires a lot of smarts. It requires a lot of focus.
Our software makes the job I was doing then—all of that—automated. And if it's automated, that means someone who just got out of undergrad and is writing Java and doesn't know about computer security—because their curriculum didn't cover it or whatever else—can just pop their software into our code, and it will tell them what needs to be fixed. We believe it should be that easy.
So that's a part of our mission that I connect with, because it makes this sort of analysis more accessible to everyone. You don't have to be a security savant to do it. You can just use Mayhem.
Understand the computer. Understand assembly language, and what a processor is doing, and how a computer actually works underneath, then start building up from there rather than the other way around.
Otherwise, you might learn Java or Python before C and then struggle with low-level concepts in C such as pointers or setjmp/longjmp. If you start from the bottom up, you understand how pointers and C and lower-level languages work, because they’re closely tied to how the computer works underneath.
If you understand the computer, there is no problem you can't eventually solve. It's a very dumb machine underneath. It’s not smart, it just can do a lot of simple things very fast. When we hire people for analysis roles, one of the things we're looking for is someone that understands the computer.
When I really need to solve a problem, I ask myself what the computer is doing in this instance, regardless of what the software is written in or anything like that. So, it really is the thing that helps you solve the most issues.
I have a wife and a dog, so of course I like spending time with them. I like video games, but I don’t get to play them a lot. I like to program. I'm programming in Rust for all my personal projects now, outside of all the Rust I’m programming at work. I also like to watch Formula 1 races when the season's going on.
My maternal great grandfather—or great-great grandfather, I can't remember which one—invented barbed wire. It was Glidden barbed wire. Of course, whenever I tell anyone that they're like, why are you not insanely wealthy? To which I'd like to know the answer, too. I have no idea.
Thank you for subscribing!