OutThink | Cybersecurity Human Risk Management SaaS.

OutThink builds a SaaS platform that lets large organizations measure and reduce the cybersecurity risk caused by people: phishing simulations, training modules, behavioral scoring. The platform splits along microservice lines, with each service owning a slice of the human-risk domain. My work focused on the architecture and the patterns the team built against.

Each microservice is domain-driven and follows CQRS for the read and write split. The transactional path stays on SQL Server with strict relational integrity. Event-shaped data (training events, simulation outcomes, behavioral signals) lives in a NoSQL store optimized for write throughput and time-based queries. That hybrid keeps the relational core honest and lets the analytics path scale independently.

The async backbone runs over Azure Service Bus. Services publish integration events when their state changes, and other services react in their own time. The pattern is straightforward request-and-response inside a service, message-passing across services. Azure Cognitive Services hooks into the AI features the product needs for content classification and behavioral predictions. Azure API Management sits in front of the public API surface, handling auth, throttling, and the contract that external integrations target.

Code review across the platform was part of the day-to-day, and a lot of the conversation was about patterns more than frameworks: aggregates that own their invariants, handlers that orchestrate without business logic, projections that stay translatable to SQL.