Challenges

Hyperscaling Security

For more than a decade, BitMEX has operated in a high-stakes segment of the financial industry while maintaining a strong security record. That history has shaped a cautious, disciplined approach to protecting the exchange and the assets it safeguards.

Eventually, the environment within BitMEX began to change. A recent data center migration from Ireland to Tokyo marked a significant shift in how the platform operated, with most workloads and business processes moving onto Amazon Elastic Kubernetes Service (EKS).

The move improved performance and scalability, but it also introduced new complexity. As the infrastructure became more distributed, understanding what was actually running across the platform and how quickly to assess potential risks became more challenging for the security team.

“With the migration, most of our workloads and business processes were now on Amazon EKS,” said Florian Bielak, CISO at BitMEX. “We needed a way to understand what was happening in that environment, and to do it fast enough to keep pace with how the platform was evolving.”

Solutions

Unifying Runtime Detection and Response

BitMEX has long viewed security as something that should enable the business rather than constrain it. As the platform evolved, this philosophy became harder to uphold. Approving new workloads or changes carried real risk when the security team could not clearly see what was running, or how it behaved once deployed.

“We didn’t want to be one of those security teams that always says no,” said BitMEX’s Detection Engineering Lead. “But we also couldn’t reasonably approve workloads that we couldn’t see.”

‍

“When we can see what’s actually happening at runtime, security doesn’t have to slow the business down.”

Florian Bielak, CISO, BitMEX

‍

The Sysdig platform changed that dynamic. By giving the team real-time visibility into runtime behavior across containers and workloads, security decisions no longer depended on assumptions or incomplete context. The team could evaluate activity as it happened, understand whether a workload behaved as expected, and make calls based on evidence rather than caution alone.

That shift mattered in day-to-day operations. Security could move faster without lowering standards, and engineering teams no longer faced friction simply because visibility was lacking. Instead of slowing the business to stay safe, BitMEX gained the confidence to approve and manage workloads while maintaining a strong security posture.

Tearing Down Inefficient Triage

For BitMEX, triage decisions often come down to timing. Acting too slowly can increase exposure, while acting too quickly can pull teams into unnecessary escalation.

“Do I have the luxury of waiting for a patch, or do I need to wake people up at 2 in the morning?” Bielak said.

Before Sysdig, answering that question required time-consuming investigation across multiple systems. With clearer runtime context, the process became faster and more grounded. BitMEX has since reduced its average triage time by 50%, allowing the team to assess risk without defaulting to worst-case assumptions.

‍

“Cutting our triage time in half changed how we decide when to act and when to wait.”

Florian Bielak, CISO, BitMEX

‍

“Within the dashboard, we have all the context we need to determine whether an alert requires a response and which workloads are affected,” Bielak said. “We can often begin investigating within 30 seconds, and spend less time putting out unnecessary fires.”

That speed comes from understanding what’s active in the environment. By distinguishing vulnerabilities present in memory from those that exist only on paper, the team can ignore noise and focus attention where it matters most.

“Compared to other exchanges, our team is much more agile,” he said. “Even a marginal improvement in where and how we spend our time makes a tremendous difference.”

A Smarter Approach to Remediation

As BitMEX scaled, remediation became less about identifying issues and more about coordinating action. Different engineering teams maintained their own Kubernetes environments. Addressing a critical issue often meant tracking down the right owners, confirming impact, and deciding what actually needed to be fixed first.

As runtime context improved, remediation became more focused. The security team could quickly identify which workloads were affected, isolate issues when necessary, and pass along precise guidance to the teams responsible. Instead of broad instructions or precautionary escalations, remediation efforts were scoped to the systems that mattered most.

‍

“Remediation only works when we know exactly what needs attention and who needs to act.”

Florian Bielak, CISO, BitMEX

‍

That same need for focus extended to the people doing the work. BitMEX operates with a lean security team, which means that every hire counts and ramp time matters. To support that reality, the team uses Sysdig Sage™, an AI-powered cloud security analyst built directly into the platform. Sysdig Sage enables engineers to query runtime data using natural language and translate results into actionable understanding.

Rather than replacing expertise, Sysdig Sage bridges the gap between experience levels. Junior team members can explore alerts, queries, and investigations with more context, while senior engineers stay focused on higher-impact decisions.

“Our team is very lean, so I’m selective with who I bring on board,” Bielak said. “New team members need to start somewhere. Giving them a way to interact with the data helps them understand not just what they’re seeing, but why it matters.”

“When you think about a new employee, what becomes more important than experience is grit and stamina,” he said. “Will they keep digging until they really understand an issue? Tools like Sysdig Sage give them the context needed to sustain that learning loop.”

People, Ethos, Partnership

BitMEX’s decision to work with Sysdig was shaped as much by alignment as by capability. In an industry where security tooling is often opaque or closed off, the team has been deliberate about choosing partners who share its values around transparency, rigor, and openness.

“We’ve deliberately avoided working with security partners whose ethos doesn’t align with ours,” Bielak said. “Sysdig, with all of its open source work and open core, is aligned with the tools we want to invest in.”

That alignment proved durable. During a period of organizational and regulatory retrenchment, BitMEX was forced to reduce tooling across its environment. Even then, the relationship with Sysdig remained intact. The team continued to engage, exchange ideas, and follow Sysdig’s research and product direction.

As BitMEX stabilized and its Kubernetes footprint expanded, runtime visibility quickly became non-negotiable again. Returning to Sysdig was not about reopening a vendor evaluation. It was about re-establishing a foundation the team already trusted.

‍

“The BitMEX partnership with Sysdig is rooted in the conviction that runtime visibility – detecting drift and anomalous behavior in real-time – is the ultimate source of truth. In a cloud-native world, deep visibility into container execution is how we build lasting institutional trust."

Florian Bielak, CISO, BitMEX

‍

Today, the partnership is defined by regular collaboration and day-to-day engagement. Each week, Bielak receives updates from the Sysdig team and maintains a direct feedback loop with engineers and leadership alike. Sysdig answers questions quickly and shares new developments early.

“The support from Sysdig has been exceptional,” Bielak said. “Knowing that I have the ear of their people, and that even their CISO pays attention, makes their value clear beyond the platform. Not every vendor opens the door the way they do, or takes the time to understand the challenges we face.”

To learn more about BitMEX, visit bitmex.com.