February 21st, 2025
Ep.17 – How AI is Changing OSINT, Dark Web Investigations, and Fraud Detection with Zara Perumal
What if AI could predict and prevent cyber fraud before it happens? In this episode of Hackers to Founders, Zara Perumal, CTO and co-founder of Overwatch Data, highlights her journey from early coding experiments to building an AI-driven cybersecurity platform. Hear how Overwatch uncovers threats on the dark web, automates OSINT processing, and helps businesses stay ahead of emerging fraud schemes.
Key Highlights in This Episode:
- Zara's early passion for coding, developing iOS apps, and studying at MIT.
- From Google's Threat Analysis Group to co-founding Overwatch Data.
- Using AI and automation to sift through OSINT and dark web intel.
- Turning customer feedback into real-time fraud detection solutions.
- Insights on navigating the startup world, from market fit to funding rounds.
People Mentioned:
- Zara Perumal – CTO and Co-founder, Overwatch Data
- Arjun Bisen – CEO and Co-founder, Overwatch Data
- Ron Rivest – MIT professor and cryptography pioneer
- Michael (YC Advisor) – Early guide during Overwatch's development
Technologies & Tools:
- GPT (ChatGPT) – AI scripting and analysis tasks
- JADX – Reverse-engineering Android applications
- Corellium – Mobile security research platform
- Telegram – Key source for cybercriminal communication
Cybersecurity & Hacking:
- OSINT – Open-source intelligence for threat detection
- Dark Web Investigations – Tracking illicit marketplaces and forums
- SIM Swapping & Credential Stuffing – Key fraud tactics Overwatch counters
January 29th, 2025
Ep.16 – The Birth of the CVE System, created by Adam Shostack
Who created the CVE system? Meet Adam Shostack: a renowned cybersecurity expert whose storied career spans vulnerability scanners, anonymized networks, and threat modeling. From his early fascination with security at Brigham and Women's Hospital to his role in co-creating CVE, Adam shares the highs and lows of founding security startups, guiding Microsoft's Secure Development Lifecycle, and forging new paths in cyber public health.
Key Highlights in This Episode:
- Adam's evolution from D&D enthusiast to pioneering CVE co-creator.
- Startup experiences at Net Tech and Zero Knowledge Systems.
- Developing the STRIDE framework at Microsoft and popularizing threat modeling.
- Embracing educational initiatives to scale cybersecurity expertise.
- Applying public health methodologies to address global cyber challenges.
Organizations and Initiatives:
- CVE (Common Vulnerabilities and Exposures) – A standardized system for identifying cybersecurity vulnerabilities.
- Net Tech – Early startup that built vulnerability scanners (Hacker Shield).
- Zero Knowledge Systems – Focused on anonymized networking solutions akin to Tor.
- MITRE – Collaborated with Adam to develop and support the CVE system.
- BBN – Early internet pioneer where Adam met key figures like Mudge and Weld Pond.
- Cyber Green – An initiative for applying public health approaches to cybersecurity.
People Mentioned:
- Adam Shostack – CVE co-creator, threat modeling thought leader.
- Mike Howard & Steve Lipner – Collaborators on Microsoft's Secure Development Lifecycle.
- Mudge & Weld Pond – Influential hackers encountered at BBN.
- Lance Cottrell & Paul Syverson – Contributed to anonymized network tech influencing Adam's work.
Notable Tools and Concepts:
- Hacker Shield – Early vulnerability scanner from Adam's startup.
- STRIDE – Threat modeling framework (Spoofing, Tampering, Repudiation, Info Disclosure, DoS, Elevation of Privilege).
- Tor & Mixmaster – Influential anonymized networking technologies.
- Log4j – Example used by Adam to illustrate public health approaches to vulnerability management.
January 20th, 2025
Ep.15 – CISO Lessons from Fox News, Point72, and Phosphorus with John Terrill
How do you defend Fox News, hedge funds, and global networks while building groundbreaking startups? John Terrill shares his journey from a curious 12-year-old attending 2600 meetings to becoming a seasoned CISO and security entrepreneur. He dives into founding Drawbridge Networks, pioneering microsegmentation, and the challenges of aligning cybersecurity strategies with business objectives in fast-paced environments.
Key Highlights in This Episode:
- Early hacker community exposure through 2600 meetings.
- Co-founding Drawbridge Networks and innovating microsegmentation.
- Tenure as CISO at Fox News during a high-profile ownership transition.
- Navigating ransomware, executive protection, and remote work challenges at Point72.
- Balancing offensive and defensive security strategies with business objectives.
- Advocating for more meaningful board-level cybersecurity discussions.
Companies and Organizations:
- Phosphorus Cybersecurity Inc – Specializes in xIoT security solutions.
- Point72 – Global hedge fund and asset management firm.
- Fox News Media – Major American media company.
- OPĀQ Networks – Acquired by Fortinet.
- Drawbridge Networks – Co-founded by John Terrill, focused on microsegmentation.
- NYU Tandon School of Engineering – Where John was an adjunct professor.
- BlackRock – Investment management corporation.
- NASDAQ OMX – Global financial services corporation.
- IBM (Internet Security Systems) – John's starting point in X-Force research.
- Zettaset – A big data security startup co-founded by John.
Events and Concepts:
- 2600 Meetings – Hacker gatherings for knowledge sharing.
- Microsegmentation – Strategy to isolate workloads and block lateral movement.
- Zero Trust – Security framework removing implicit network trust.
- MITRE ATT&CK Framework – Knowledge base of adversary tactics and techniques.
January 14th, 2025
Ep.14 – From Education Platform to Browser Isolation: The Birth of SquareX with Vivek Ramachandran
Vivek's passion for tackling cutting-edge cybersecurity problems led him to create SquareX, a browser-native solution aimed at eliminating client-side web attacks. In this episode, he discusses the importance of authenticity, community engagement, and leveraging expertise for scalable products. He also shares the ups and downs of entrepreneurship—from setting realistic goals and understanding market needs to surrounding yourself with trustworthy advisors and peers.
Key Highlights in This Episode:
- Founding SquareX to combat client-side web attacks through browser isolation.
- Community-building strategies, authenticity, and personal branding in InfoSec.
- Balancing entrepreneurship, family, and creative pursuits like comic book writing.
- Navigating market needs, refining product feedback loops, and learning from failures.
- The value of mentorship, realistic goal-setting, and forging strategic partnerships.
Events and Conferences:
- Black Hat
- Defcon
- BruCON
- NullCon
Books Mentioned:
Technologies and Platforms:
- Kali Linux
- Metasploit
- Qubes OS
Podcasts and Media:
January 7th, 2025
Ep.13 – Finding Your Passion in Cybersecurity with Dave Chronister
From crimping cables to advising the French Minister of Defense—Dave Chronister's journey is unreal! Dive into decades of cybersecurity wisdom as Dave shares how he founded Parameter Security, launched the hands-on ShowMeCon, and advised global leaders. Learn about strategic approaches to security, Dave's thoughts on AI, and the business acumen behind building successful InfoSec ventures. Don't miss out on this inspiring story of passion, adaptability, and impact in the cybersecurity world.
Key Highlights in This Episode:
- Establishing Parameter Security and launching ShowMeCon.
- Transitioning from small-town tech work to global cybersecurity advising.
- Balancing technical mastery with business and AI-driven insights.
- Speaking at top InfoSec conferences worldwide, including appearances with the French Minister of Defense.
- Approaches to teaching, training, and guiding new security professionals.
People and Speakers:
- Dave Chronister – Cybersecurity expert, founder of Parameter Security, creator of ShowMeCon.
- Chris REal0day – Host and interviewer, Hackers to Founders.
- French Minister of Defense – Mentioned as a speaker alongside Dave Chronister.
Companies and Organizations:
- Parameter Security – Dave Chronister's cybersecurity firm.
- ECCouncil – Provides certifications like CEH.
- EuroPol – EU law enforcement agency, references to cybersecurity initiatives.
- FBI – Mentioned in context of cyber investigations.
- Fortinet – Cybersecurity company known for high-quality speakers.
Conferences:
- ShowMeCon – Dave's premier InfoSec conference.
- Def Camp – Held in Bucharest, Romania.
- Positive Hack Days (PHDays) – Moscow-based cybersecurity event.
- Black Hat – Leading business-focused cybersecurity conference.
- DEF CON – Renowned grassroots hacking conference.
- RSA Conference – Government-centric cybersecurity conference.
Certifications and Courses:
- CISSP – Certified Information Systems Security Professional.
- CEH – Certified Ethical Hacker.
- Security Plus – Foundational cybersecurity certification.
Pop Culture References:
- Animal House – Noted for influencing Mizzou's party reputation.
Books Mentioned:
November 4th, 2024
Episode 5: Greg Martin, Cybersecurity Pioneer and Ghost Security Founder
Join Chris REal0day in an inspiring conversation with Greg Martin, who shares his journey from a young hacker in a small Texas town to the CEO of Ghost Security. Greg reflects on his early days, the rise of Linux, his work with the FBI and Secret Service, and his transition to entrepreneurship, offering invaluable insights for aspiring cybersecurity professionals.
Key Highlights in This Episode:
- Greg's journey from early tech curiosity to becoming a cybersecurity expert.
- His pivotal role at a local ISP and transition to data centers during the cloud computing boom.
- Work with the FBI, Secret Service, and private sectors to combat cybercrime.
- Insights into founding Ghost Security and the challenges of startup life.
- The role of mentorship in cybersecurity and training the next generation of professionals.
Additional Topics Covered:
- Experiences in the Secret Service Nitro program for cybercrime initiatives.
- Greg's entrepreneurial journey from developing open-source tools to launching startups.
- Balancing technical innovation with the business demands of a startup.
- The evolving impact of AI in cybersecurity and automation's role in productivity.
- Importance of understanding market needs and evolving technology for long-term success.
Greg Martin:
Ghost Security:
October 8th, 2024
Episode 1: Jordan Wiens @psifertex, Co-Founder of Vector 35, Binary Ninja
Exploring the intricacies of pricing strategies, administrative challenges, and market dynamics in the cybersecurity sphere.
In a recent episode featuring Jordan Wiens, co-founder of Vector 35, several critical aspects of running a business in the cybersecurity industry were discussed. From pricing strategies to overcoming administrative challenges and navigating market dynamics, Wiens shared invaluable insights derived from his extensive experience. This blog post delves into these insights, providing a deeper understanding of the strategies and decisions that shape the success of a cybersecurity company.
Setting Effective Pricing Strategies
One of the key takeaways from Wiens' discussion was the importance of defining a clear pricing strategy. Vector 35 initially set a low pricing threshold of $1500 for their licenses, but soon realized that negotiating individually for low-priced licenses consumed a disproportionate amount of time and resources. Wiens explained that they eventually raised the minimum threshold for negotiations to $15,000. This strategic move helped streamline their sales processes and reduce administrative burdens, allowing the team to focus on more significant, lucrative deals.
Overcoming Administrative Challenges
Wiens shared a particularly insightful anecdote involving interactions with a financial institution. The institution's purchasing process for small purchases was so inefficient that it stretched over six to nine months. This experience was a turning point for Vector 35, leading to the realization that engaging extensively with prolonged paperwork for low-value deals was untenable. Thus, they set clearer policies to avoid bureaucratic tangles, ultimately reducing wasted time and resources.
Adapting Market Entry Tactics
The discussion also highlighted different strategies for entering new markets. Wiens compared tactics such as offering products at reduced prices or even for free initially to gain market share, similar to PayPal's approach. This strategy can be beneficial in establishing a product's presence in the market before introducing fees. It's a delicate balance between attracting new users and ensuring sustainable revenue.
Navigating Enterprise Sales
When it comes to large enterprise-level deals, Wiens acknowledged the unavoidable complexity. These deals typically involve detailed contracts and negotiation processes, often demanding more time and resources. However, the payoff is considerably higher, making the effort worthwhile. For instance, a telecom company once purchased 40 licenses, highlighting the potential revenue from such sizeable contracts.
Impact of Free Tools on the Market
The emergence of free alternatives like Ghidra has significantly impacted Binary Ninja's strategy. Wiens noted that while these free tools appealed to students and hobbyists, the market remains dynamic with shifting preferences. Offering significant value through continuous product enhancements is key to staying competitive.
Balancing Commercial and Non-Commercial Licenses
Vector 35 has a higher volume of non-commercial licenses compared to commercial ones. However, commercial licenses contribute significantly more to their revenue due to higher pricing and the value-added services they offer. This highlights the importance of maintaining a diversified clientele to balance volume with value.
Company Growth and Financial Strategies
Wiens revealed that after facing a period of flat growth, the company considered taking on external investment. Although it was a precautionary measure and ultimately unnecessary, it underscores the need for strategic financial planning to navigate competitive market landscapes.
Importance of Team Motivation and Product Passion
The development of Binary Ninja, initially an open-source tool for CTF competitions, underscores the Vector 35 team's passion for their work. Despite the potential for higher earnings elsewhere, the team remains committed to the project due to a shared vision and genuine interest in the field.
Conference and Community Engagement
Wiens discussed an upcoming conference titled "Reverse," set to take place in Orlando, Florida. This community-focused event aims to foster a tight-knit environment, reflecting Vector 35's commitment to engaging with and contributing to the broader cybersecurity community. Plans to maintain the conference's intimate atmosphere include limiting attendance to 400 tickets and ensuring all attendees engage with the same content.
Conclusion
Jordan Wiens' insights provide a comprehensive look into the strategic considerations essential for a cybersecurity business's success. From effective pricing strategies and managing administrative challenges to adapting market entry tactics and maintaining team motivation, these lessons are crucial for any enterprise navigating the intricate cybersecurity landscape. The ongoing evolution of tools and market dynamics highlighted by Wiens underscores the importance of adaptability and continuous learning in achieving and sustaining success. As Vector 35 continues to grow and innovate, their commitment to quality and community engagement remains a cornerstone of their strategy.
- Jordan Wiens
- Chris Magistrado (Host):
- Hackers Mentioned:
October 2nd, 2024
Hackers to Founders - Episode 0 Released!
Welcome to the debut episode of "Hackers to Founders"! Join Chris Magistrado, aka REal0day, as he shares his unique journey from discovering gaming glitches to becoming a cybersecurity expert, business enthusiast, and podcast host. In this self-interview, Chris dives into his personal stories, career advice, and essential insights for aspiring cybersecurity professionals.
Connect with Us:
Spotify: https://open.spotify.com/show/5BgjVtDJc7xoyiQlbhKmL6?si=591d5f0477644225
YouTube: https://youtu.be/jfxLtOIEiF8?si=2Ab-xXxMa2VaZcVK
X (Twitter): https://x.com/Hacker2Founder
Instagram: https://instagram.com/hackerstofounders
TikTok: https://www.tiktok.com/@hackerstofounders
LinkedIn: https://www.linkedin.com/showcase/105189100
Discord: https://discord.gg/2TnH6hkuTG
Website: https://HackersToFounders.com
Podcast Website: https://podcast.HackersToFounders.com
In This Episode:
- Bypassing Windows Defender: Chris shares insights from his latest class and offers practical tips.
- Career Advice: Experiment, read books, watch Defcon talks, and set up a home lab or virtual machines for hands-on learning.
- Hacking: The importance of hacking in a controlled, legal environment.
- Success Qualities: Resilience and networking are key to thriving in the cybersecurity community.
- Networking Events: Learn about opportunities at Defcon, Black Hat, local hacker meetups like BSides, and Europe's CCC.
- Personal Journey: Chris recounts his college experience, challenges, and pivotal moments that led to his cybersecurity career.
- Recruiting: Transitioning to a recruiter and operating TopCleared Recruiting, focusing on elite cybersecurity talent.
- Cloud Computing Impact: How AWS and cloud services revolutionized the tech and cybersecurity landscape.
- AI in Cybersecurity: The growing role of AI in identifying and exploiting vulnerabilities.
- Personal Security Tips: Recommendations for antivirus software, VPN usage, and staying safe online.
- Special Features: Learn how Chris established a hacking club at SF State and brought in industry professionals to inspire students.
- Innovative Projects: Hear about Chris's personal projects and achievements in cybersecurity.
Resources Mentioned:
Tools Mentioned:
Books and Authors:
Get Involved:
Chris invites listeners to provide feedback and share their thoughts. Subscribe, leave a comment, or message Chris directly to join the conversation and stay updated on future episodes.
Listen to the Podcast:
Apple Podcasts | Spotify | Google Podcasts
Disclaimer: All activities mentioned are to be performed within legal boundaries and in a controlled environment.
August 27, 2024
Premieres October 7th!
The time is coming closer and closer! After a month of shooting episodes, we are in post production now and are signing partnerships! Things couldn't be more exciting! Stay Tuned to learn more!
To join the waitlist, apply here!
That's my dog. Cat is hiding.
After a decade in cybersecurity as a security researcher, I have discovered that many experts in our industry have amazing ideas about how to build and improve things. However, because they are unsure or do not know how to take their ideas and build a company from them, they either let those ideas die or attempt to integrate them into their existing companies. As we know, the bigger the company, the less likely it is that they will listen to new ideas.
In our upcoming podcast, we explore the world of cybersecurity professionals who have reached the pinnacle of their profession and have decided to launch their lives into the stratosphere of entrepreneurship. We delve into the struggles and challenges these founders have faced and continue to face.
But that's not all. We'll also be bringing in investors who specialize in cybersecurity companies. These investors will share their perspectives on what makes a cybersecurity startup worth investing in, the trends they are watching, and the advice they have for aspiring founders in the space. Their insights will provide a valuable complement to the stories of our featured entrepreneurs, offering a 360-degree view of the cybersecurity startup ecosystem.
We also uncover the strategies these founders employed to overcome obstacles and the lessons they've learned along the way. From securing funding to building a team, from dealing with setbacks to celebrating victories, these stories are not only about success but also about resilience, innovation, and the relentless pursuit of excellence.
Whether you're a cybersecurity professional with entrepreneurial aspirations, an investor looking for the next big thing, or simply someone who enjoys hearing about the journeys of industry leaders, this podcast offers valuable insights and inspiration. Join us as we bring you the untold stories of those who dared to turn their ideas into reality and, in doing so, are shaping the future of cybersecurity.
Stay tuned for our upcoming episodes, where each conversation will provide a unique perspective on what it takes to succeed in the ever-evolving world of cybersecurity entrepreneurship.
To join the waitlist, apply here!