Growth Hacking by Hackathon

BeyondTrust’s September 2022 Hackathon recently concluded, but not before spurring some impressive innovations from our engineering team. Read on to learn why BeyondTrust holds a company-wide hackathon series; gain a sneak, behind-the-scenes peak into an outside-the-box innovation process; and learn about some of the cool innovations that will come from this year’s hackathon series.

What is the BeyondTrust Hackathon?

The BeyondTrust Hackathon was launched in early 2020. Our hackathons take the form of a series of small hacking events arranged across all of BeyondTrust’s major offices. The September 2022 hackathon had 6 participating teams. All together, the hackathon series involves approximately 50 to 100 Engineering participants from various teams and regions. The hacking series allows everyone in engineering to work on an idea, pet project, or concept that they are passionate about. The goal is to spark innovation and improve cross-team communication.

Each hackathon commences with a kick-off event, allowing for collaborative brainstorming between team members. Over the following week, the teams pursue the implementation of their ideas through to completion. During the hackathon finale, the teams demonstrate their concept to a panel of judges from across the company. Winning teams receive prize money, extreme bragging rights, and the opportunity to potentially see their concept take shape in a future product release.

September’s judges included BeyondTrust team members from our Chief Architect all the way through Software Development Managers. In total, 8 senior staff participated in evaluating and grading the results. As you will see, the merits of this creativity and team building help drive BeyondTrust’s innovation.

What our leading experts say about the power of a hackathon

“Hackathons provide a way for the engineers to tackle items we may not always have time to prioritize,” says Duane Simms, Senior Product Manager at BeyondTrust and judge of the April 2022 Hackathon. “We have seen the power of this firsthand. Whether a result of cross-team collaboration or the efforts of an individual contributor, the friendly competition has pushed the innovation of our products. The ideas that have come out of the hackathon allow our products to solve problems, make our own lives better, and they’ve opened new pathways to better business processes.”

Hackathons are a great way for teams and individuals to explore new technology and ideas. From UI tweaks that make end users’ lives easier to completely new technologies and opportunities, they offer something for everyone,” says James Maude, Lead Cyber Security Researcher at BeyondTrust. “This year’s hackathons have really upped the bar and led to some great new product capabilities that clients will be seeing soon, as well as a whole range of internal improvements and some fresh perspectives.”

Why does BeyondTrust host company-wide hackathons?

Hackathons play two important roles that serve both BeyondTrust’s core values and go-to-market initiatives:

1) Building toward a strong corporate culture across the company by encouraging the development of skills and cross-team communication.

Hosting a company-wide hackathon provides a chance for engineers to let loose and have some fun working in a different problem domain while expanding their own comfort zone and skillsets. The cross-team collaboration helps break down silos and improve the sense of community across BeyondTrust’s various offices and teams.

“Hackathons are an essential part of building a culture of teamwork and innovation,” says James Maude, Lead Cyber Security Researcher at BeyondTrust. “They give our teams permission to play and learn through the experience together. It is always a privilege to be invited to participate or judge a hackathon as it really gives you a chance to see things from a different perspective and see the awesome talents your colleagues have to share. One of the best outcomes is the collaboration and creativity that comes from working with new people on ideas. There really is no such thing as a bad hackathon idea because it is as much about the process as the project.”

2) Driving customer-centric innovation by embracing the ideas, passions, and talents of in-house subject matter experts.

Many of the projects explored during the hackathon are concepts engineering team members have either developed an interest in or considered a more efficient solution for, but they haven’t had either the bandwidth or the opportunity to test them out. Unleashing subject matter experts to explore these concepts as side projects, using their own perspectives and expertise, can introduce new and unplanned-for improvements to the products.

“As a company, we get to leverage our talented subject matter experts to allow them to come up with innovative solutions to customer problems,” says Evan Lowry, Enterprise Architect at BeyondTrust. “This allows more innovative ideas to become prioritized so we can improve our customers’ experience with our products.”

This year’s hackathon winners!

Exploring charting libraries for visualizing the new Elastic cloud data

This project launched an exploration into using charting libraries to visualize new Elastic cloud data on BIUL (BeyondInsight Unix/Linux). Existing solutions through Kibana had non-ideal integrations. Ngx-charts was chosen due to its ability to use angular to do all rendering/animation, but which also utilizes D3’s math functions and shape generators.

A small aggregation layer was built on the backend to provide data in a format that ngx-charts accepts for several chart types. Recursive tree traversal was used to facilitate the selection of metric dimension to aggregate data, since the Elastic data is fairly large (follows ECS [Elastic Common Schema]). This winner represents a huge step forward in the visualization and reporting of data within the BeyondTrust Platform.

Supporting drag & drop into and out of the /Applications folder in Privilege Management for Mac

This project focused on supporting drag and drop both into and out of the /Applications folder in Privilege Management for Mac. The team was interested in resolving the conflict between the product’s finder extension and other installed products that also provide Finder Extensions (such as OneDrive and DropBox). They identified the root of the problem in the fact that the Finder Extension registers itself as having an interest in all folders on the boot volume to provide our context menu functionality.

If we can support drag and drop operations (on the same volume) to install and delete applications, then our Finder Extension can be limited to being involved with mounted virtual disk images only, thus removing the conflict with other installed Finder Extensions. This hackathon winner solved a major problem for MacOS security and will ultimately help drive a better endpoint least privilege solution.

Supporting Windows Hello in messages (easy MFA!)

One of the teams investigated introducing Windows Hello in messages to allow more options for authenticating privileged users and associated application launches. Observing that more businesses are using Windows Hello, and Microsoft’s push for a “post-password” world, the team theorized that adding Windows Hello could improve the multifactor authentication (MFA) experience for users by creating more varied MFA options and a more personalized message, all while accommodating users’ changing requirements for authentication and third-party support.

Adding Hello support would introduce MFA support right into the product. This winning team has validated that privileged application launches can use Microsoft Hello technology for challenge and response for individual applications during an active user session.

Process Hollowing

This team looked into process hollowing, a security exploit in which an attacker removes code in an executable file and replaces it with malicious code. The threat actor can then cause an otherwise legitimate process to execute malicious code. The team took a closer exploration into the potential techniques used to detect and prevent process hollowing to provide a more protective security solutions for end users. As a winner, this targeted use case addresses modern threats to users and applications that is trending to compromise end user assets.

Testing during Production

This team dug into the somewhat controversial concept of testing during production, like Chaos Engineering. They deployed a stable service and monitored its health while deploying a broken update, then used automated tests to analyze and promote a fixed version. The team wanted to explore a concept that could help prevent the deployment of an update from being able to degrade the stability of production.

In the standard product development cycle, developers test during multiple stages of development so they can see how any update will affect production at any point. Pull requests, CI, and QA tests represent the most common forms of testing, and these methods are able to catch a lot of problems. However, in all software development, there is always a percentage of risk that an issue will slip through. This project explored a process whereby a team could deploy a change without having 100% confidence in that change and still not risk destabilizing production.

This hackathon winner can make the production process more robust and confer many benefits:

• Building a robust production environment at the outset pays dividends continually over pre-deployment testing, which must be performed repeatedly to have value.
• When something does go wrong (and it will) you’ve already prepared yourself.
• The lessons you can learn from experimenting in production are of much higher quality than the lessons you learn experimenting anywhere else.

Hacking helps us Go Beyond

This year’s hackathon proved highly successful. By providing a unique opportunity for our subject matter experts to apply their skills to the topics, issues, and industry challenges they are interested in the most, we were able to spark development on some ground-breaking process improvements and product innovations that will ultimately benefit our users.

We also saw company-wide collaboration and teamwork in support of innovation, all driven by the talents of a team that was given permission to be creative and industrious with the products, processes, and concepts they interact with every day. We expect to see some impressive product innovations as a result of this year’s hackathon.

Of course, it doesn’t end there. Our next hackathon is tentatively slotted to begin early next year. To learn about how you can join the BeyondTrust team and participate in exciting events like the hackathon, visit our career page. And be sure to keep an eye on our product releases so you can see our leading hackathon innovations develop into game-changing product features.