A menacing figure with glowing eyes wearing a dark hoodie emerges from a jagged slice in a large, dirty dice. The background shows a digital environment with computer screens and wires, and there are sparks and dark energy around the scene. The CyberDax logo and slogan 'Don't bet on threats!' are visible at the bottom.

About CyberDax

CyberDax was developed to address a gap in how modern security operations approach detection.

Most detection strategies are built around isolated events—logins, processes, or alerts viewed independently. In practice, real-world attacks do not operate that way.

They unfold as sequences of behavior across identity, endpoint, and network activity.

CyberDax exists to shift detection away from event-based thinking toward behavior-based analysis grounded in how adversaries actually operate.

Why It Exists

Security teams often struggle with:

  • High alert volume with low signal quality

  • Over-reliance on static indicators

  • Limited visibility into post-compromise activity

  • Disconnect between threat intelligence and detection logic

CyberDax was developed to address these gaps by aligning detection engineering directly to observed adversary behavior and multi-stage attack patterns.

How It’s Developed

CyberDax is built through:

  • Applied threat analysis of real-world campaigns and exploitation patterns

  • Translation of adversary tradecraft into structured detection logic

  • Iterative refinement of detection methodology and scoring approaches

  • Continuous evaluation of detection effectiveness under realistic conditions

The framework is shaped through ongoing research and practical analysis rather than theoretical modeling alone.

Design Principles

CyberDax is guided by a set of core principles:

  • Detection should reflect adversary behavior, not assumptions

  • Sequences provide signal where individual events do not

  • Detection logic must be deployable, not just conceptually complete

  • Telemetry limitations must be explicitly accounted for

  • Analysis should be structured, repeatable, and defensible

Creators

CyberDax is developed by cybersecurity practitioners focused on detection engineering, threat intelligence, and data-driven security analysis.

Edward “Tony” Dolley

Detection Engineering, Threat Intelligence, Threat Hunting, and Behavior-Based Analysis

Tony focuses on translating adversary behavior into structured detection logic and building detection methodologies aligned to real-world attack activity. His work centers on threat hunting, detection strategy, and behavioral modeling, with an emphasis on identifying multi-stage adversary activity across identity, endpoint, and network telemetry.

Dave Vineyard

Data & Analytics Engineering — Telemetry Processing, Automation, and Detection Data Infrastructure

Dave focuses on designing and building the data and analytics systems that enable CyberDax. His work centers on scalable telemetry processing, data pipeline architecture, and transforming high-volume security data into structured datasets that support detection engineering, investigation, and operational decision-making.

His work also includes applied data science approaches to analyzing security data, helping identify patterns, improve signal quality, and support behavior-based detection strategies

Current Focus

CyberDax continues to evolve through:

  • Structured threat analysis and detection-focused research

  • Development of behavior-based detection methodologies

  • Expansion of data and analytics capabilities

  • Ongoing refinement of detection engineering approaches

Looking Forward

CyberDax is being developed to improve how organizations:

  • Understand threat activity in context

  • Prioritize risk based on real-world exploitation

  • Build detection strategies aligned to adversary behavior

Note

The creators of CyberDax are actively pursuing full-time opportunities in data science, detection engineering, threat intelligence, threat hunting, and cybersecurity data engineering.