Three Years of Building the Unbuildable

By Herman Bergsholm |

It’s been three years since I jumped head-first into building the backend systems behind River Security’s ActiveFocus platform, the engine our penetration testers rely on to continuously identify, surface, and eliminate vulnerabilities before cybercriminals can exploit them.

Since then, I’ve lived and breathed every backend detail: every query, every endpoint, every collector. And along the way, I’ve also found myself helping shape something less technical but just as important; our internal culture, built for a remote-first team of hackers, engineers, and operators.

It’s part of a bigger mission: helping protect honest customers from dishonest digital criminals. That mission is what drives everything we build, and every line of code I write. 

A Special Thanks

Before I continue, I would like to express my greatest appreciation towards the founders who hired me. Joining River Security wasn’t a given. The expectations and requirements are extremely high, and only a very few, carefully handpicked, make the cut. 

River Security is built around a small group of some of the most skilled cybersecurity professionals in the industry. A team of elite soldiers, defending against elite adversaries. Getting invited into that circle, alongside people who actively fight real-world cybercrime and protect good-hearted people and businesses, is something I don’t take lightly and will never take for granted. 

Uncharted Territory

Coming from fast-moving fintech startups, I was no stranger to innovation or solving unknown problems on tight deadlines. But even that couldn’t compare to what River Security was building. The chance to help shape the world’s most advanced penetration testing platform, while actively redefining offensive cybersecurity itself, was something I couldn’t pass up. Here, the problems are often so new you don’t even know they exist until you’re halfway through solving them. That level of uncertainty and impact is exactly what drew me in. You don’t really know what you’re building, as it has never been built before. 

What I do

At River Security, I serve as the lead backend engineer for ActiveFocus, the core platform that drives our continuous attack surface management. My role involves more than just writing code; it’s about holding a deep, tribal understanding of how the entire backend ecosystem fits together. From data collection and enrichment to processing, prioritization, and refinement, I work across the full spectrum of backend functionality.

Whether it’s tuning microservices, designing robust data flows, automating processes, debugging complex edge cases, or ensuring scalability across distributed components, I’m hands-on with it all.The platform spans a wide array of programming languages, databases, containers, AI, and custom-built collectors and scanners, all working in harmony through constant iteration.

With every change, I aim to keep one eye on performance and the other on long-term resilience, so that as the platform grows, it doesn’t just keep up, but stays ahead.

Beyond Code

In a fully remote company like River Security, building a strong culture doesn’t happen by default. We’re spread across locations, time zones, and roles. Yet we still need to feel and operate like a cohesive, high-functioning team. That’s not something you can mandate or automate. It takes effort, consistency, and a willingness from everyone to contribute in ways that go beyond their main role.

In a team this small and specialized, we all step outside our core responsibilities when needed. For me, that means doing what I can to help create an environment where people feel connected and part of something real, even when we’re not in the same room.

Some of the things I’ve contributed to include:

  • Custom emojis and low-barrier language, to make async work more human and approachable
  • Weekly throwbacks, sharing moments from past hackerspaces, conventions, or chats that spark laughter and memories
    Designing our digital Gather.town office, with dev rooms, easter eggs, and hacker touches that reflect who we are
    Hosting sit-down dinners during hackerspaces, with clean, real food and a proper atmosphere to unwind and talk

These aren’t grand initiatives, but they help bridge the distance. In a remote setup, even small efforts can make a big difference in how a team feels. To keep up with the pace and pressure of defending our clients, we all need to stay focused, motivated, and connected. Strong culture isn’t just a perk in a setup like ours. It’s part of what enables us to protect the people and businesses who rely on us.

The Hard Parts

Working on a platform as groundbreaking as ActiveFocus is incredibly rewarding, but it’s far from easy. Innovation sounds exciting on paper, but the reality is often frustrating, slow, and full of unknowns. You spend days, sometimes weeks, chasing down obscure issues, redesigning pieces that once worked fine, and building systems for problems no one has solved before.

The bar is high. Our platform is used daily by some of the most skilled penetration testers out there, and with that comes serious responsibility. Stability can’t be optional, and performance can’t be average. Every feature has to work under pressure, scale effortlessly, and deliver value instantly. Because anything less becomes a bottleneck for the experts relying on it.

There are moments where things break, where it feels like the entire system is balancing on your shoulders. Moments where the only option is to push through, for the sake of the greater good. But those moments also make the breakthroughs count. When something finally clicks, or when the team celebrates a major milestone, you know exactly why it was worth the effort: because real people depend on us to keep the threats out and the lights on.

The Learning Curve

The flip side of all those challenges? The learning curve is unbelievably steep, and that’s what makes it so rewarding. Working under these conditions forces you to grow fast. You’re constantly building things no one has built before, solving problems without blueprints, and thinking five steps ahead to keep the platform stable and scalable. Needless to say; it never gets boring.

It’s the kind of experience you can’t get from books, courses, or even most jobs. I’ve learned more in these past three years than I thought possible; about systems architecture, performance, resilience, data flow, problem-solving, and most of all, ownership. That level of growth only happens when you’re trusted with real responsibility and expected to rise to it.

Three Years In, and Still Just Getting Started

These past three years have been intense. Filled with challenge, growth, pressure, and a lot of pride. It’s been hectic at times, never easy, but always meaningful. And looking ahead, I don’t expect things to slow down. The road will only get steeper, the problems harder, and the platform more ambitious.

But I wouldn’t trade this job for anything. Being part of River Security – this team, this mission, this platform – is something I’m genuinely grateful for. 

There’s a lot at stake when practically everything, everywhere, depends on secure computer systems. Knowing that I get to spend each day helping stop cybercriminals and defend honest customers wanting to provide helpful and important services to anyone – actually making a difference in a digital world that never slows down – is what makes me proud to go to work every single day.

Here’s to more logs, more late-night breakthroughs, and a safer world. I can’t wait to keep hacking at it with this crew.

Thanks to everyone at River who makes this chaos so rewarding.

Herman Bergsholm

Posted in River Security