Mathan K AMathan K A
Back to Case Studies
worked

Cyware Frontend

Led frontend across cybersecurity products, improved cyware.com performance scores from about 60 to about 90, supported WCAG 2.1 AA and VPAT certification work, and refactored Orchestrate codebase bundle strategy.

Role
Senior Software Engineer II
Company
Cyware
Timeline
Nov 2017 to Mar 2024
Stack
Angular 2+Vue.js 2Vue.js 3Nuxt.jsViteBootstrapWebpackTypeScriptCore Web VitalsWCAG 2.1 AA
Key Impact

Strong delivery discipline for enterprise grade cybersecurity SaaS

TL;DR

Impact

Metrics

MetricValueMeasurement context
cyware.com performance scoreabout 60 to about 90repeated performance audits on key pages during optimization cycles
Orchestrate initial JS bundle sizeabout 10 MB to about 4 MBbundle analyzer comparisons for initial payload shipped to clients
Accessibility certification supportachieved within about two monthsWCAG 2.1 AA remediation with QA and external VPAT stakeholders
High visibility deliveryCERT In initial release shippeddemo readiness and release execution with executive visibility

What I owned

  • Frontend delivery leadership across cybersecurity product surfaces and cyware.com
  • Incremental modernization plans that protected release cadence and reduced refactor risk
  • Performance work focused on render path, layout stability, and bundle strategy
  • Accessibility remediation with QA and an external VPAT team toward WCAG 2.1 AA alignment
  • Mentoring junior engineers through reviews, patterns, and delivery discipline

Context and goals

Cyware builds cybersecurity platforms for threat intelligence, security automation, and incident response. My focus was to deliver product commitments while raising quality in three areas that directly impact enterprise adoption and trust: predictable delivery, faster and more stable user experiences, and accessibility compliance.

The goal was not a rewrite. The goal was to modernize in place, keep the system dependable, and continuously improve the foundations.

Constraints

  • Tight demo timelines with high executive visibility
  • Mixed legacy stacks across products that limited appetite for disruptive rewrites
  • Security expectations where UI defects can become trust risks
  • Accessibility obligations requiring VPAT aligned reporting and verification
  • Public site expectations for speed and stability on key landing and content pages
  • NDA boundaries requiring practice level descriptions without customer specific details

Approach

I treated the work as a set of parallel workstreams, each with a clear definition of done, measurement, and rollback paths. This made it possible to keep shipping while improving the foundation.

Workstream 1: Threat Intelligence Platform delivery and CERT In release

Goal: Deliver a feature rich platform with demo readiness and production stability.

What I did:

  • Led frontend development for the Threat Intelligence Platform, first in Angular 2+ and later supported the revamp in Vue.js 2
  • Collaborated directly with the CTO to scope demo ready increments, prioritize clear data rendering and resilient error states, and keep changes reviewable under tight timelines
  • Supported the initial production release for CERT In with a reliability first mindset

Workstream 2: cyware.com revamp with Nuxt.js and Bootstrap

Goal: Make the marketing surface faster, more stable, and easier to maintain.

What I owned:

  • Owned the frontend revamp of cyware.com using Nuxt.js and Bootstrap
  • Improved responsiveness and cross device consistency
  • Reduced render blocking work by tuning the critical render path
  • Improved asset compression, caching strategy, and layout stability through predictable media sizing and container behavior
  • Increased performance scores from about 60 to about 90 on key pages such as the homepage and blogs through repeated optimization cycles

Workstream 3: Accessibility and VPAT support for Situational Awareness Platform

Goal: Contribute to WCAG 2.1 AA remediation and support VPAT based certification.

How I approached it:

  • Worked with QA and an external VPAT team to triage issues by severity and user impact
  • Fixed keyboard navigation, focus management, semantic structure, and ARIA usage where needed
  • Established a repeatable remediation loop: reproduce, fix, validate with keyboard and screen reader expectations, and run regressions
  • Mentored junior engineers on accessibility implementation patterns and review checklists
  • Helped the product achieve VPAT based accessibility certification within about two months of joining the effort

Workstream 4: Orchestrate refactor with Vue 3 and Vite

Goal: Reduce maintainability and performance risk by modernizing build and runtime patterns.

Key decisions:

  • Refactored legacy frontend code using Vue 3 and Vite to improve developer experience and build speed
  • Implemented dynamic imports for heavy modules, route level code splitting, and vendor chunk extraction to stabilize caching
  • Reduced the initial JavaScript bundle size from about 10 MB to about 4 MB based on bundle analyzer comparisons

Tradeoffs

  • Incremental modernization reduced risk but required strict boundaries between old and new patterns
  • Reusing existing UI primitives and Bootstrap helped maintain delivery speed, while selective improvements raised quality
  • Performance improvements were prioritized using measurable signals, not blanket optimization
  • Accessibility progress under deadlines relied on triage and phased remediation with verification loops

Outcomes delivered

  • Delivered high visibility releases under tight timelines without breaking release cadence
  • Improved marketing site speed and stability through focused render path and layout fixes
  • Reduced initial dashboard payload through code splitting and chunk strategy improvements
  • Strengthened accessibility compliance practices through remediation loops and team enablement

Evidence and redactions

  • Measurements are shared as approximate values to stay NDA safe while still communicating impact
  • Customer names, internal URLs, and proprietary workflows are intentionally omitted
  • Screenshots and traces are excluded unless explicitly cleared for sharing
Previous Experience

Quansentz: Privacy as code for Next.js

Built a Next.js native privacy layer that enforces purpose level consent at the API boundary, runs DSAR exports asynchronously, and produces a tamper evident audit chain for evidence.

beta
Read