Marketplace • Fractional CTO
We rebuilt the chef marketplace after a cyberattack attempt, added routing + payments automation, and instrumented analytics to support nationwide expansion and $1M ARR in seven months with no marketing spend.
2,500+
Chef-client matches
-63%
Booking processing time
<0.2%
Payment errors
40 hrs/week
Operational savings
Month 1
Assessment + roadmap, payment stack redesign.
Month 2
Launched new booking workflow + chef onboarding.
Month 3
Automated payouts, CRM sync, and reporting.
A quick operator-level summary of what changed.
Problem
A high-touch chef marketplace was bottlenecked by manual coordination, spreadsheets, brittle payments, and then hit by a cyberattack attempt that forced a full shutdown.
Action
HyperNest acted as a fractional CTO for the marketplace, rebuilding the core system after the attack, redesigning booking flows, automating payouts, and wiring analytics into every critical surface.
Outcome
EatCookJoy scaled chef-client bookings, cut booking processing time by 63%, freed the founder’s team from operational fire drills, and grew to $1M ARR within seven months of relaunch without paid marketing.
EatCookJoy had built a thriving chef marketplace in San Francisco, connecting private chefs with clients for in-home dining experiences. But the operational backbone of the business was held together by spreadsheets, manual text-message coordination, and a patchwork of no-code tools that broke whenever volume spiked. The founder and a small ops team spent upwards of 40 hours per week on tasks that should have been automated: confirming chef availability, sending booking confirmations, reconciling Stripe payments against a Google Sheet, and manually tracking which chefs had current food handler certifications. Every new booking required a human in the loop, which meant the marketplace could not scale beyond the founder's personal bandwidth. The payment stack was particularly fragile. Chefs were paid through a combination of Venmo, Zelle, and manual bank transfers, with reconciliation happening in a spreadsheet that was already three tabs too complex. When a client disputed a charge or a chef needed a partial refund, the ops team had to reconstruct the transaction history from chat logs. Error rates on payouts were running above 3%, which eroded chef trust and created real financial exposure. The booking flow itself was equally brittle: clients would submit a request through a web form, an ops person would text available chefs, wait for replies, then manually confirm the match and send a payment link. Average booking processing time from request to confirmation was over four hours. Then, in early 2025, a targeted cyberattack attempt forced a full platform shutdown. The attack exploited vulnerabilities in the existing infrastructure, and the founder made the decision to take everything offline rather than risk client or chef data. The business went to zero revenue overnight. Without a rapid, secure rebuild, the chef network would disperse to competitors and the client base would move on. The timeline for recovery was measured in weeks, not months, and the rebuilt platform needed to be fundamentally more secure than what it replaced.
We stepped in as fractional CTO within days of the shutdown and ran a parallel workstream: rebuild the core marketplace on a modern, secure stack while our Staff Security Engineers Naveen and Rohan conducted a comprehensive Vulnerability Assessment and Penetration Test (VAPT) on the new infrastructure before a single user touched it. The rebuild was not a patch job on the old system. We designed a new architecture from scratch using Next.js, Node.js, GraphQL, and PostgreSQL, with Stripe Connect as the payment backbone and Airtable as the operational CRM. The decision to use Stripe Connect rather than continuing with manual payout methods was driven by three factors: automated split payments to chefs with configurable platform fees, built-in 1099 reporting for tax compliance, and automated reconciliation that eliminated the spreadsheet-based process entirely. The booking flow was redesigned around real-time chef availability. Instead of a human texting chefs and waiting for replies, the new system maintained a live availability calendar for each chef, allowed clients to see open slots instantly, and confirmed bookings automatically when a match was found. We built a chef CRM with skill tagging (cuisine specialties, dietary restriction expertise, event size capacity), compliance tracking (food handler certifications with expiration alerts), and performance scoring based on client reviews. The ops dashboard consolidated scheduling, inventory management, and support ticket tracking into a single interface, replacing the five disconnected tools the team had been juggling. For analytics, we stood up a data warehouse feeding Looker Studio dashboards that tracked marketplace KPIs: booking conversion rates, chef utilization, average order value, repeat booking rates, and geographic demand heatmaps. Security was not an afterthought bolted on at the end. Naveen and Rohan ran a full VAPT cycle that included automated vulnerability scanning, manual penetration testing of the API surface, authentication flow review, and a social engineering assessment. They identified and remediated 14 vulnerabilities before launch, implemented a Web Application Firewall (WAF) with custom rulesets for the marketplace's specific traffic patterns, and established an incident response playbook so the team would know exactly what to do if another attack occurred. The entire rebuild, from shutdown to secure relaunch, took less than eight weeks.
The turnaround from complete shutdown to live, revenue-generating marketplace took less than eight weeks, a recovery timeline that preserved the chef network and client relationships that would have been lost with a longer outage. EatCookJoy now runs a self-serve marketplace with minimal manual intervention. Booking processing time dropped from over four hours to under 90 minutes (a 63% reduction), and payout error rates fell from above 3% to below 0.2%. The ops team recovered more than 40 hours per week of manual work, which the founder redirected to chef recruitment and client experience. Stripe Connect automated reconciliation eliminated an entire category of financial error that had been eroding chef trust. The business results speak to the strength of the rebuilt platform. After the relaunch, EatCookJoy grew from zero to more than $550K ARR in five months and crossed $1M ARR in seven months, all while remaining in beta and spending effectively nothing on paid marketing. Growth was entirely organic, driven by word-of-mouth from chefs and clients who experienced a dramatically improved booking and payment flow. The cyberattack recovery timeline itself became a proof point: the company demonstrated resilience under extreme pressure, rebuilt with enterprise-grade security, and came back stronger than before. With the VAPT-hardened infrastructure and WAF in place, the platform has had zero security incidents since relaunch, and the incident response playbook gives the founding team confidence that they can handle future threats without another shutdown.
Tools, platforms, and competencies we owned for this engagement.
Product
Backend
Ops
Security
“HyperNest gave us enterprise-grade infrastructure so we could focus on chefs and customers. After the cyberattack, Naveen and Rohan made our security rock solid—I sleep better at night knowing they reviewed everything.”
Zainab Ghadiyali
Founder & CEO, EatCookJoy
We'll replicate the playbook and customize it to your goals.