Intentionally desktop-first — best experienced on a workstation
Portfolio
Field Notes · Platform Build

Building ArgusX
What Happens When You Stop Waiting for Someone Else to Build It

Author
Yana Ivanov
Published
April 2026 · Updated May 2026
Classification
Public — Field Notes
Topic
Threat Intelligence · Community Platform
Read Time
10 minutes
Status
Active development · Private collaboration
INDEPENDENT BUILD · COMMUNITY-FIRST PLATFORM · 14+ INTEL SOURCES · BUILT IN WEEKS · UNDER ACTIVE DEVELOPMENT
Section 01

I Keep Hearing the Same Thing

Podcasts. YouTube. Conference talks. Study groups. The security community is — and I mean this — one of the most generous, vocal, and passionate communities I have ever encountered. They share everything. TTPs, IOCs, tooling, tradecraft, career advice. Freely. Without gatekeeping.

And everywhere I listened, the same frustration surfaced. The signal is scattered. A critical IOC lands on Twitter and disappears in six hours. A Sigma rule gets buried in a GitHub thread. Someone connects a new malware sample to an existing campaign on Mastodon and nobody sees it because they follow different people. The intelligence exists. The people who care exist. The connective tissue does not.

I am not a seasoned analyst with a decade of incident response behind me. I am someone who made a career pivot into security earlier this year, is actively studying for CompTIA Security+, and has spent these months listening — deeply — to the people who live this work every day. What I heard was not a complaint. It was an opening.

The gap I kept seeing: Threat intelligence is being generated constantly by a passionate, skilled, generous community — and then dispersed across platforms that weren't designed to connect it. No structure. No relationships. No way for a defense post to find the threat it addresses.

Section 02

The Idea Was Simple. The Problem Was Real.

What if every threat post could be linked to the defense that addressed it? What if an IOC from MalwareBazaar could automatically surface its relationship to a CVE from CISA — and that CVE could surface the Sigma rule someone wrote to detect it? What if the community's collective intelligence was structured rather than scattered?

That's ArgusX. A community-driven threat intelligence platform where defenders share what they find, learn from each other, and grow together.

The name comes from Argus Panoptes — the hundred-eyed giant of Greek mythology who never sleeps. Every eye watching. Nothing missed. That felt right for a platform designed to surface what existing tools let fall through the cracks.

Figure 1 — The Asymmetry ArgusX Is Trying to Fix
The Underground
Organized. Coordinated. Free.
Threat actors share tools, zero-days, victim lists, and TTPs in real time. No fees, no membership committees, no gatekeeping. The offensive ecosystem works.
vs
The Defenders
Fragmented. Gated. Expensive.
ISACs cost thousands. Threat intel platforms are enterprise-only. Independent analysts, students, and small teams have nowhere structured to share what they find.

That asymmetry is not acceptable when the stakes are this high. ArgusX is the open infrastructure layer for defenders who are currently isolated by design — modeled on what works in open-source software (GitHub, npm, PyPI), where contributors share freely and reputation is earned through contribution.

Section 02b

Built Around the Community, Not the Engine

Most threat intel platforms are built engine-first — the value is the data and the analytics, the user is incidental. ArgusX is built community-first. The data only matters because of the people contributing it, learning from it, and using it to defend the things that matter.

That means the structure of the community is the most important design decision in the platform. Not the algorithms. Not the visualizations. The shape of how people enter, contribute, mentor, and progress.

A path, not a wall

The biggest mistake I could make would be to gate the platform behind credentials and connections — exactly the friction that made me build this in the first place. ArgusX is a vetted community, but never an elitist one. The application path is transparent and meritocratic. Someone with no credentials but real drive should be able to walk in and find the road forward, the same way I did when I started.

Tiers exist not as status symbols but as a structure for trust. Read access opens broadly. Posting and contribution access requires light verification. Mentorship and access to sensitive intelligence requires demonstrated contribution and community trust — earned through participation, not purchased.

Mentorship is built into the architecture

This is the part that matters most to me personally. The reason I struggled to break into security wasn't a lack of resources online — it was the lack of a guide. The cost of a mentor in this field, when you can find one, is often years of social capital you don't have when you're starting.

ArgusX makes mentorship a first-class feature, not an afterthought. Senior analysts can opt in to mentor. New analysts can apply for mentorship through a structured submission process. Matching is bias-free by design — mentors don't get to filter mentees on demographics, only on objective compatibility (timezone, technical focus area, learning goals). Every mentor commits to the same standard: open to all matched mentees, in good faith.

This isn't charity work. It's how the community sustains itself. The seniors of tomorrow are the juniors who got brought along today.

Section 03

What I Actually Built — And How Fast

This is the part I am genuinely proud of. Not because the technology is novel — it isn't. But because of what it demonstrates about what is possible when you combine a clear problem, the right tools, and a willingness to just start.

ArgusX went from idea to a working platform in weeks. Not months. Weeks. Built entirely by one person, with no dedicated engineering budget, using a stack that costs almost nothing to run.

Figure 2 — What's Running
14+
Live Intel
Sources
Continuously
aggregated
10K+
Threat Posts
Catalogued
Growing every
5 minutes
~5min
Ingestion
Cadence
Pulls overnight
at higher volume
~$5
Monthly
Infrastructure
Railway cron
everything else free

The backend is a Python ingestion script running on Railway — a cron job that fires every five minutes, pulls from over a dozen public threat intelligence APIs, deduplicates, and inserts into Supabase. During off-hours, between 1am and 8am, it pulls aggressively. It runs while I sleep.

The frontend is vanilla HTML, CSS, and JavaScript. No framework. No build step. The platform is designed to be lean enough that one person can maintain it indefinitely while the community grows around it.

The AI layer: Every new post is classified at insert time using Anthropic's Claude — campaign type, threat actor attribution, origin country, severity reasoning, additional tags. The intelligence gets smarter with every post ingested, and the cost remains a small fraction of monthly infrastructure spend.

Section 04

The Stack — Because Someone Is Going to Ask

LayerTechnologyCostWhy
FrontendVanilla HTML/CSS/JS — no build step, no frameworkFreeShips instantly. Zero dependencies. One person can maintain it.
HostingStatic hosting + Cloudflare DNSFreeCDN included. Custom domain. Zero ops overhead.
DatabaseSupabase PostgresFree tierManaged Postgres with real-time, auth, RLS, and REST API built in.
AuthSupabase + GitHub OAuthFreeGitHub identity = security community identity. Natural fit for a defender community.
IngestionPython 3 on Railway cron~$5/moRuns every 5 minutes. Handles a dozen+ APIs, dedup, and AI classification.
AI ClassificationClaude (Anthropic API)Pennies/moClassifies every new post. Campaign type, threat actor, severity reasoning.
Intel SourcesPublic threat intelligence APIs (government, abuse-tracking, vulnerability registries, news)FreeAll public. All free. All running simultaneously.

The total monthly cost to run ArgusX at current scale — ingesting hundreds of posts per day, classifying with AI, supporting community features — is approximately five dollars. That number will stay low for a long time. The Supabase free tier holds 500MB. At roughly 3KB per post, that is room for tens of thousands of posts before any cost scales.

Section 05

What This Is Really About

I want to be honest about something. I am building this because I genuinely believe it is needed. But I am also building it because the security community — the one I have been listening to, learning from, being inspired by — deserves a platform that reflects how it actually works.

The underground is organized. It has forums, shared tools, coordinated campaigns, and structured intelligence sharing. The defense community has Twitter threads and PDF reports that get emailed around. That asymmetry is not acceptable when the stakes are this high.

ArgusX is free for individual analysts. That is not a trial tier. That is the model. The people doing the actual work — the ones who write the detection rules, analyze the samples, share the IOCs — they should never have to pay to access or contribute intelligence. The platform exists because of them. It belongs to them.

The principles that guide every decision:

  • Evidence over opinion. No FUD. IOCs must be real. Claims must be verifiable.
  • Respect over hierarchy. Tier doesn't make you better than anyone — just trusted with more responsibility.
  • Defense over noise. The platform is for actual work, not chatter.
  • Mentorship without bias. Mentors open to all matched mentees, in good faith.
  • Built by defenders, for defenders. The people doing the work are the ones who own the platform.

What This Demonstrates About Building

I want to say one more thing about the process, because it matters beyond ArgusX specifically. We are at a moment where a single person with a clear problem, access to AI tools, and the willingness to learn in public can build things that would have required a funded team three years ago.

I did not know how to build a community platform from scratch when I started. I did not know how to architect a tier-based trust system. I did not know how to integrate AI classification into an ingestion pipeline. I figured it out — iteratively, with help, in public — and the result is a working platform with a real architecture and a real community model behind it.

When there is a will and the right tools, there is absolutely a way. That is the lesson I want this build to demonstrate. Not that I am exceptional. That the barrier is lower than you think, and the only thing between an idea and a working product is starting.

ArgusX is currently in active development. The platform is in private collaboration with a small team — engineering, research, methodology — focused on stabilizing the data pipeline and building out the rules and mentorship layers before broader access. If you work in threat intelligence, defensive security, detection engineering, or community-building for security analysts, and you'd like to learn more or follow the build, I'd genuinely love to hear from you.

Reach out via the contact channels on my portfolio.

These are honest field notes from a platform under active development. Originally published April 2026; updated May 2026 to reflect the current collaboration phase. The platform's architecture and feature set are evolving — but the mission remains: defenders helping defenders, free for the people who do the work, structured for the community that actually exists.

YI
Yana Ivanov
Security Analyst · Connecticut

Yana Ivanov is a security analyst based in Connecticut, focused on cybersecurity risk and CMMC compliance for defense contractors in the Connecticut defense industrial base. With 15 years of enterprise technology experience and an MS in Information Systems, she brings a practitioner perspective to threat intelligence analysis and has built CMMC-aligned training and tooling. She is currently pursuing CompTIA Security+ certification. ArgusX is her first platform build — designed and built independently, now in active development with a small collaboration team.

← Portfolio