Building telco-grade cybersecurity: Inside the engineering, hiring, and delivery playbook at CYAN Security Group GmbH with Markus Cserna, CTO of cyan Digital Security

Why this conversation matters for engineers

When cybersecurity runs inside telecom networks rather than around them, everything shifts: latency is measured in microseconds, reliability in nines, and release cadences must meet established telco processes. That’s the operating reality at CYAN Security Group GmbH. In the session “Markus Cserna, CTO von cyan Digital Security,” the CTO offered a clear, pragmatic look at how his organization builds, ships, and operates deeply integrated security products with a lean team.

The setup blends a high-performance C++ core, solid Java backends, production-ready mobile apps, and a DevOps function driving automation and containerization toward continuous delivery. The culture prioritizes team chemistry over rigid checklists and intentionally builds broad skill sets. For engineers who want impact at scale, this is a grounded view of a company where technical excellence, product pragmatism, and team fit come together.

Mission and impact: enabling telcos to deliver security

CYAN Security develops “tief integrierte Software … in Telekom Operator rein” so operators can offer “Cyber Security Produkte an ihre Kunden.” In other words, the company is an enabler that embeds security where it really matters: in the traffic path. Markus Cserna makes the stakes explicit:

This isn’t the logic of a stand-alone web portal; it’s the logic of an always-on, deeply embedded filter analyzing and securing customer traffic at massive scale. For engineering, that sets the tone: architecture, language, and libraries bow to performance and reliability.

Team size, structure, and roles

Founded in 2006, the company now has “65 Mitarbeiter” with “knapp 30 Techniker.” It’s a sizable engineering team spread across multiple product lines and functions:

• C++ development for inline filtering and traffic analysis
• Java/Spring Boot backends and AngularJS frontends for provisioning, dashboards, and operator interfaces
• Mobile apps (native iOS/Android) with Flutter on top for unified UI
• DevOps and Operations to run builds, package artifacts, support production, and roll out to customers
• Product management and a Product Owner bridging ideas and implementation

C++ at the core: high-performance data-path security

Everything that “analysiert und filtert” customer traffic runs in C++ with established libraries like Boost. The mission is clear: throughput, low latency, and zero downtime. “Billions of requests” forms a hard constraint on architecture and testing.

Java backends, UIs, and operator integrations

Surrounding the performance core are services for provisioning, UIs, and operator-facing interfaces. Cserna highlights “Springboot” and “AngularJS” as key technologies, balancing deep network integrations with user and operator workflows.

Mobile apps and an in-house SDK

Security extends to devices: CYAN Security maintains native iOS and Android apps and layers Flutter “drüber” to unify UI. Notably, “wir stellen auch unser eigenes SDK her,” which adds a dedicated release and quality path on mobile. Cserna mentions “vier Leute” focused on these mobile/UI responsibilities—a tight, production-focused squad.

DevOps, Operations, and product management

Dedicated DevOps and Operations teams bridge code to customer: they handle “Build-Pipelines,” automate packaging, support “Internet-Betrieb,” and “rollen … die Software an unsere Kunden aus.” Product management shapes ideas into requirements, while a Product Owner translates them into a form “die auch die Techniker verstehen” and tracks progress. Product reality—not theoretical purity—drives the organization.

Engineering culture: depth plus breadth

Cserna underlines that this is “keine klassische Web-Applikation.” The stack is broad; the telco context demands more than framework fluency. The team thrives on T-shaped profiles—deep expertise anchored by cross-domain awareness:

That philosophy runs through hiring, onboarding, and daily collaboration. Robust generalists with a strong core discipline who can operate across data path, backend, mobile, and operations are set up to succeed here.

Hiring by signal, not checklists: culture first, skills can be learned

The hiring process follows a familiar shape—CVs come in, team leads screen them, interviews include HR. But the decisive criterion is cultural fit:

How do they test it? Not just via Q&A. CYAN Security invites candidates for trial days, brings them into meetings, and has them work with teams to see if “Miteinander” works. When the chemistry is right, they make an offer. Only then does formal onboarding start.

Onboarding for fast impact: training on the job, straight into sprints

Onboarding covers “die internen Prozesse,” but the operative philosophy is immediate contribution. It’s “Training on the Job”: new joiners are “sofort in den Sprints drinnen,” expected “sofort aktiv mitzuwirken” and deliver “Mehrwert.”

That’s not just a throughput tactic; it’s a motivation strategy:

Practically, that means no drawn-out shadowing. Instead, fast integration into sprint work—supported by team leads and a product-centric cadence.

Retention and growth: opening paths “left and right”

Retention is explicitly managed: “Es ist ja nicht andauernd am Rekruten sein.” The organization works to ensure “Zukunftsperspektiven” fit and makes it “relativ leicht auch andere Bereiche zugänglich.” With a broad stack, it’s natural to let people learn “links und rechts”—new technologies and domains that open growth paths.

The company’s small size becomes an advantage: fewer silos, more cross-pollination, and visible impact. That fuels long-term motivation.

Technology stack: proven, production-focused, and broad

CYAN Security favors “abgehangen[e]” technologies—frameworks and libraries that have demonstrated reliability and show active development. The stack in focus:

C++ with Boost for inline filtering

• Purpose: analyze and filter traffic inside telco environments
• Requirements: high throughput, low latency, resilience
• Ecosystem: C++ with established libraries like Boost

Java backend, AngularJS frontend

• Backend: Java with Spring Boot for provisioning, processes, and operator interfaces
• Frontend: AngularJS for dashboards and admin surfaces
• Operator integrations: built for telco realities

Databases and operations

• Databases: “Postgre, MongoDB,” installed and run by in-house teams
• Ops fundamentals: “stark Linux-lastig” with heavy automation (Ansible, Terraform)
• Virtualization and containers: customer environments rely on virtualization; internally, “Docker, Kubernetes” are active topics

Mobile and SDK

• Native apps: iOS and Android
• UI layer: Flutter used “drüber” for consistent interfaces
• Additional: an in-house SDK with the accompanying release pipeline and QA disciplines

DevOps tooling and delivery

• Build pipelines: GitLab and Artifactory
• Practices: versioning, automated tests, packaging through to customer delivery
• Target state: Continuous Delivery “auf Knopfdruck nach dem Sprint”—the next milestone

Productivity tooling

• Jira and Confluence—“Hassliebe”: complex and sometimes unwieldy, yet essential for task and ticket management

The throughline is consistent: production-ready, widely adopted technologies suited for scale.

From pipelines to continuous delivery

Pipelines are in place; Continuous Delivery is the explicit goal. Cserna is candid: “Wir sind noch nicht so weit, aber Continuous Delivery ist ein Thema, das wir jetzt angehen wollen.” The why is straightforward: telco customers historically run release cycles and “klassische Deployment-Modelle.” From a product perspective, the team wants updates “schneller … zum Kunden.”

The path forward leans on containerization and orchestration: “Wir werden verstärkt jetzt auf Container und auch das Deployment in Richtung Kubernetes setzen,” because that’s how “wir … unseren Continuous Delivery Gedanken umsetzen können.” Technology follows delivery strategy—not the other way around.

Strategy: modern, cautious, and open-source friendly

Cserna describes the stack as “recht modern,” while remaining cautious with new trends: “keine Firma, die auf die nächsten großen Trends sofort drauf springt,” especially because their software “sehr lange zum Einsatz” stays with customers. That demands predictability and longevity in dependencies. Open source is “gang und gäbe,” and he’s “ein großer Fan davon.”

The principle is clear: maturity over hype. Choose frameworks and libraries that are proven and actively maintained. For engineers, that means modern work without experimental churn on customer systems.

Collaboration: product-first, team-led, agile

Work runs in agile sprints. Team leads provide technical leadership; the Product Owner translates product ideas into actionable specifications “die auch die Techniker verstehen” and tracks progress. DevOps and Operations shoulder packaging, tests, and rollout to customers. The model is pragmatic:

• Team leads: hands-on technical screening in hiring and day-to-day guidance
• Product Owner: a clear bridge from product intent to engineering execution
• Sprints: immediate participation and contribution for new hires
• DevOps/Operations: end-to-end enablement from code to customer

The result is short feedback loops, clear ownership, and shared accountability for delivery.

Why CYAN Security stands out for tech talent

If you’re drawn to security at scale and impact inside telco networks, the session spelled out substantial reasons to pay attention:

• Deeply integrated, always-on security: work on “hochperformanten Systemen” handling “Milliarden an Anfragen,” where failure is not an option.
• Broad technical canvas: C++ data-path, Java/AngularJS applications, mobile (iOS/Android/Flutter), SDK development, and DevOps/Operations.
• Mature technologies: emphasis on “abgehangen[e]” frameworks with active evolution—less churn, more production impact.
• Delivery ambition: GitLab/Artifactory pipelines today, “Continuous Delivery … auf Knopfdruck” as the next milestone.
• Containers and Kubernetes: a concrete trajectory to ship updates faster to customers.
• Agile onboarding with early impact: “Training on the Job,” immediate participation in sprints, and a focus on delivering “Mehrwert.”
• Growth across boundaries: deliberate opportunities to learn “links und rechts” and explore other technologies and domains.
• Culture fit over checklists: trial days, real team collaboration before an offer, chemistry as a first-class criterion.
• Product-centered leadership: team-led technical direction with a Product Owner translating product intent into engineering clarity.

This is a place to learn not just a stack, but how to design and operate security products that live inside conservative release environments and still move toward modern delivery.

Our takeaways from “Markus Cserna, CTO von cyan Digital Security”

First: performance and resilience aren’t just technical attributes—they’re organizational ones. A system that filters billions of requests without fail needs teams, processes, and tooling that make reliability real, from C++ to packaging and rollout.

Second: delivery drives technology. The push to containers and Kubernetes is sensible here because it operationalizes continuous delivery within telco constraints.

Third: culture outperforms checklists. “Fachliche Themen kann man immer lernen … aber die Chemie …” This logic shapes hiring, onboarding, and retention. Investing in how people work together accelerates productivity and belonging.

Fourth: breadth is a feature. The “breites Spektrum” of technologies creates complexity and career paths—the combination that fuels motivation in smaller organizations.

Fifth: pragmatism wins. Open source yes, trend-chasing no. In critical infrastructure, what’s proven and actively maintained is what matters.

Conclusion: technical rigor meets product pragmatism

CYAN Security Group GmbH shows how a focused engineering organization can deliver telco-grade security: a C++ core as the backbone; Java/AngularJS systems for provisioning and UIs; mobile apps and an in-house SDK; DevOps teams orchestrating packaging, tests, and rollout; and a culture that builds broad skills and puts team chemistry first.

The road ahead is clear: more containers, more Kubernetes, and more continuous delivery—at a pace aligned with telco realities. For engineers, it’s an opportunity to hone performance and reliability while advancing modern delivery practices. Not as buzzwords, but as production reality.

• 

  

  Alexander Zlatnik, Head of Product & Technology von cyan Digital Security

  Alexander Zlatnik von cyan Digital Security gibt im Interview Einblicke in die Developer Teams, die Technologien die dort zum Einsatz kommen und wie das Recruiting im Unternehmen gestaltet ist.

  Watch now
• 

  

  Milen, Teamlead Project Managemtn at CYAN Security Group

  Watch now
• 

  

  Alexander Zlatnik, Head of Product and Development at CYAN Security Group

  Watch now

• 

  

  René Bürke, Technical Product Manager bei cyan Digital Security

  René Bürke von cyan Digital Security erzählt im Interview über seinen Karriereweg bis hin zur aktuellen Arbeit im Technical Product Management und gibt Tipps für Neueinsteiger.

  Watch now
• 

  

  Jorge Costa, Product Manager bei cyan Digital Security

  Jorge Costa von cyan Digital Security fasst im Interview seinen beruflichen Weg bis hin zur aktuellen Arbeit als Product Manager zusammen, redet über die Besonderheiten des Unternehmens und gibt Tipps für Neueinsteiger.

  Watch now
• 

  

  Mislav Findrik, Research Engineering Lead bei cyan Digital Security

  Mislav Findrik von cyan Digital Security spricht im Interview über seinen Werdegang – angefangen von der Schule bis hin zu seiner aktuellen Arbeit – und gibt Tipps für Beginner.

  Watch now