Cartography started as a scrappy internal tool at Lyft, designed to give security teams visibility into their sprawling cloud infrastructure. From day one, graphs were at the core—helping us connect assets, identities, and risks in ways traditional tools couldn’t.
In this talk, I’ll share the story of Cartography’s evolution from an internal experiment to an open source project, to becoming part of the CNCF Sandbox, and eventually the foundation for my startup. Along the way, we learned hard lessons about graph data modeling in messy, fast-changing domains like cloud and security vulnerability management. I’ll show how we designed Cartography’s schema to balance flexibility and performance, the Cypher patterns that powered real-world security investigations, and how we dealt with scaling pains as our graphs grew.
But building a graph platform isn’t just about the tech. I’ll also dive into what we got right (and wrong) running an open source project: fostering contributions, handling community tensions, and the often unseen work of sustaining a project over time. Finally, I’ll reflect on the journey of open source and startup life—and how I’m betting that growing a healthier OSS graph platform will help grow the company too. By the time of this talk in November, I’ll have more fresh stories on whether that’s working.
Speaker
Alex Chantavy
Co-founder and CEO, SubImage
Alex Chantavy has been an avid Neo4j user for over 10 years. He is the co-founder and CEO of SubImage, a cloud security startup backed by Y Combinator. He is the co-creator of Cartography, a popular open-source security graph tool.
In prior roles, he architected and built Lyft's vulnerability management platform, led penetration tests for Microsoft's Red Team, and worked on [REDACTED] at the NSA.
Free online courses and certifications. Join the 100K+ Neo4j experts.
Manuals for Neo4j products, Cypher, and drivers
Live and on-demand events, training, webinars, and demos
