エピソード

  • Ep.8 - Marcus Sailler, Global Director of Red Team at MUFG
    2024/11/27
    SummaryIn this episode of Hackers to Founders, Chris Magistrado interviews Marcus Sailler, a seasoned expert in cybersecurity with over 25 years of experience. They discuss Marcus's journey from the military to leading red teams, the importance of understanding business impact in cybersecurity, and the nuances of interviewing in the field. Marcus shares insights on building effective red teams, the significance of program development, and how aspiring professionals can transition from pen testing to red teaming. The conversation emphasizes the need for intellectual curiosity, practical experience, and the ability to communicate effectively within organizations. In this conversation, Chris and Marcus delve into the dynamics between red and blue teams, discussing the transition of professionals between these roles and the importance of understanding various vulnerabilities. They explore the relevance of legacy vulnerabilities in modern cybersecurity, the challenges faced in building effective red team programs, and the ethical considerations surrounding the use of zero-day vulnerabilities. Additionally, they highlight the significance of industry breaches in validating security programs and the value of certifications and training for aspiring red teamers. In this conversation, Chris and Marcus delve into various aspects of cybersecurity, focusing on the importance of critical thinking in exams, the transition from on-premises to cloud environments, and the necessity of understanding cloud infrastructure for red teaming. They also explore social engineering techniques, particularly vishing, and discuss the #WeHackHealth movement, which combines fitness and cybersecurity. Additionally, they touch on the discovery of CVEs and the challenges of vulnerability management in software. In this conversation, Chris REal0day and Marcus Sailler discuss various aspects of the cybersecurity industry, including investment opportunities, content creation strategies, the importance of networking, and career transitions. They explore the challenges of building relationships in a corporate environment, the significance of soft skills, and the complexities of navigating global cybersecurity issues. The discussion also touches on the differences between vulnerability research and red teaming, highlighting the unique challenges and rewards of each career path. In this conversation, Marcus Sailler and Chris REal0day delve into various aspects of cybersecurity, leadership dynamics, cultural insights, and personal growth. They discuss the challenges of reporting vulnerabilities without rewards, the complexities of different leadership styles, and the importance of understanding interpersonal relationships through concepts like love languages. The conversation also touches on the significance of cultural adaptation in language learning, the tools essential for cybersecurity professionals, and the value of continuous training and development in red teaming. Additionally, they share insightful book recommendations that emphasize resilience and self-awareness in both personal and professional contexts.TakeawaysRed teamers must understand the business impact of their findings.Interviews should be interactive and allow for discussion.Early career experiences can be valuable in cybersecurity.Joining the military can provide a strong foundation for IT careers.Building a red team requires maturity in the organization's security posture.Learning from experts and networking is crucial for career development.Program development is essential for legitimizing red team efforts.Demonstrating curiosity and initiative can help in career transitions.Creating internal communities can foster talent and interest in cybersecurity.Understanding operating systems is key for effective red teaming. Red teamers often transition from blue team roles due to frustration with unaddressed issues.Understanding foundational vulnerabilities is still valuable, even if less prevalent.The usefulness of vulnerabilities depends on the organization's maturity and vulnerability management program.Building a red team requires investment in talent development and retention.Using industry breaches can effectively validate the need for security programs.Ethical considerations arise when using zero-day vulnerabilities in demonstrations.Training and certifications are crucial for effective red teaming.Practical experience is essential for understanding red team operations.The urgency of red teaming requires quick execution in complex environments.A strong understanding of both offensive and defensive strategies is necessary for red team success. The exam structure emphasizes critical thinking and situational awareness.Understanding cloud infrastructure is crucial for aspiring red teamers.Vishing is an effective social engineering technique that uses phone calls.The #WeHackHealth movement promotes fitness within the cybersecurity community.Vulnerability management requires ...
    続きを読む 一部表示
    2 時間 14 分
  • Ep.7 - Lauro Perez, Host of Exploit Brokers
    2024/11/19

    Summary
    Chris REal0day interviews Lauro Perez, a seasoned software engineer and cybersecurity enthusiast, exploring his journey from a young computer enthusiast to a professional in the field. Lauro shares pivotal career moments, including a life-changing scholarship, navigating job offers, overcoming imposter syndrome, and the importance of mentorship. The conversation highlights AI’s role in learning, the evolution of cybersecurity, and challenges like ransomware-as-a-service and bug bounty programs. Lauro emphasizes soft skills, networking, and balancing work with personal growth while reflecting on ethical considerations in tech. They also discuss content creation in cybersecurity, hands-on learning, unscripted podcasting, and future aspirations. Touching on AI, true crime, and gaming, the dialogue offers insights into the evolving tech landscape and personal growth.

    Key Takeaways

    • Lauro's passion for computers began at age 10, with perseverance shaping his career.
    • A scholarship was pivotal, and networking led to multiple job offers.
    • Soft skills, confidence, and concrete achievements are crucial in interviews.
    • Mentorship and self-study greatly impact career growth.
    • AI tools aid in learning, cybersecurity, and content creation.
    • Balancing work, family, and personal projects is essential.
    • Imposter syndrome is common but manageable with self-belief.
    • Challenges in cybersecurity include AI's role, unfair bug bounty rewards, and ransomware-as-a-service.
    • Sharing knowledge empowers others and reinforces personal learning.
    • Trends like AI and diverse representation are reshaping cybersecurity.
    • Hands-on learning is critical, as computer science education often lacks depth.
    • Authentic, unscripted content fosters engaging discussions.
    • Collaboration and personal experiences inspire innovation in tech, health, and gaming.


    Lauro Perez
    LinkedIn - https://www.linkedin.com/in/lauroperezjr/

    Exploit Brokers
    Website - https://exploitbrokers.com/
    YouTube - https://www.youtube.com/@exploitbrokers
    Spotify - https://open.spotify.com/show/3YRafqb2OGxfXgoIPfRbe2?si=40e21cd5ac0b45c0
    Rumble - https://rumble.com/user/ExploitBrokers

    続きを読む 一部表示
    2 時間 22 分
  • Ep.6 - Sumit "Sid" Siddharth, Founder of SecOps Group
    2024/11/12

    Summary

    In this episode, Chris interviews Sid, a prominent figure in the cybersecurity field, discussing his journey from a small town in India to becoming a successful entrepreneur in the UK. Sid shares insights about his early education, the importance of peers in his career, and the transition from corporate life to founding his own company, NotSoSecure. He emphasizes the significance of training in scaling his business and reflects on the acquisition of his company, highlighting the challenges and rewards of entrepreneurship. In this segment of the conversation, Sid and Chris delve into the intricacies of service businesses in the VC landscape, the evolution of SecOps Group, and the innovative exam models they have developed in the cybersecurity education sector. They discuss the challenges and strategies of building a brand through exam offerings, the importance of understanding the consulting landscape, and how to navigate competition effectively. Sid emphasizes the significance of creating value through affordable and accessible exams, which has led to substantial growth in their business. In this conversation, Chris and Sid explore the intricacies of entrepreneurship, investment, and mentorship. Sid shares his experiences with certifications, the importance of understanding business dynamics, and the value of enjoying the entrepreneurial journey. They discuss the significance of identifying strengths and weaknesses in startups, the role of community in product development, and the future vision for growth in Sid's ventures. The conversation emphasizes the importance of networking, collaboration, and the mindset required for successful entrepreneurship.


    Takeaways

    • Sid's journey showcases the importance of curiosity and resilience.
    • Early exposure to hacking sparked Sid's interest in cybersecurity.
    • The role of peers is crucial in personal and professional growth.
    • Transitioning from corporate to entrepreneurship requires courage and preparation.
    • Training became a key revenue stream for Sid's business.
    • Clear messaging is essential for standing out in a competitive market.
    • Sid emphasizes the importance of creating trainers rather than just being a trainer.
    • The acquisition of Not So Secure was a strategic decision for growth.
    • Entrepreneurship is about building something and knowing when to let go.
    • Success in business often requires recognizing one's strengths and weaknesses.
    • VCs typically prefer product-based businesses over service-based ones.
    • Service businesses can sell for 5x to 7x EBITDA depending on various factors.
    • The principles of hacking can be applied to various aspects of life and business.
    • SecOps Group aims to provide affordable and accessible cybersecurity exams.
    • The exam business has seen rapid growth, with over 50,000 participants in a year.
    • Building a brand through innovative exam offerings can lead to increased leads and business opportunities.
    • A bottom-up approach in sales can complement traditional top-down strategies.
    • The exam model is lean and allows for quick updates and changes.
    • Creating value through good quality and reasonably priced exams is key to popularity.
    • The exam portfolio has expanded significantly in a short time, indicating market demand.
    • Certifications can be controversial; choose wisely.
    • Investing is more about mentorship than just money.
    • Understanding a business's needs is crucial for investment.
    • Failures are part of the entrepreneurial journey.
    • Enjoying the process leads to eventual success.
    • Identifying strengths and weaknesses is key for startups.
    • Community engagement is vital for product success.
    • Market fit is essential before launching a product.
    • Networking can lead to valuable collaborations.
    • Continuous learning and adaptation are necessary for growth.

    Guest:
    Sumit Siddharth - https://www.linkedin.com/in/sumsid/
    SecOps Group - https://secops.group/

    続きを読む 一部表示
    1 時間 23 分
  • Ep.5 - Greg Martin, Founder of Ghost Security
    2024/11/04

    Summary

    In this episode of the Hackers to Founders podcast, host Chris REal0day interviews Greg Martin, a prominent figure in the cybersecurity field. Greg shares his journey from a young hacker in a small Texas town to becoming the CEO of Go Security. He discusses his early fascination with computers, the rise of Linux, and his first job at a local ISP. As he transitioned into the world of data centers and cloud computing, Greg also recounts his experiences working with law enforcement agencies like the FBI and Secret Service on cybercrime initiatives. The conversation highlights the evolution of cybersecurity and Greg's entrepreneurial ventures. In this conversation, Greg Martin shares his journey from feeling like an imposter in the cybersecurity field to being recruited by the NSA. He discusses the challenges he faced during the recruitment process, his experiences at ArcSight, and the importance of mentorship in cybersecurity. Greg also reflects on his transition from employee to entrepreneur, emphasizing the significance of training the next generation of cybersecurity professionals. In this conversation, Greg Martin shares his journey from developing a cybersecurity tool to founding multiple startups, including Ghost AI. He discusses the challenges of entrepreneurship, the importance of securing investment, and the evolving role of AI in business. The conversation highlights the significance of mentorship, the realities of startup life, and the innovative solutions being developed in the application security space.

    Takeaways

    • Greg Martin's journey in cybersecurity began at a young age.
    • He was inspired by movies depicting hacking culture.
    • Linux played a crucial role in his early career.
    • His first job was at a local ISP where he learned networking.
    • Greg transitioned to data centers during the rise of cloud computing.
    • He worked closely with law enforcement on cybercrime cases.
    • The Secret Service's Nitro program focused on cybercrime.
    • Private sector collaboration is essential in combating cyber threats.
    • Greg's entrepreneurial spirit led him to found multiple companies.
    • His experiences shaped his understanding of cybersecurity's complexities.
    • Cybersecurity professionals often experience imposter syndrome.
    • Recruitment by the NSA can feel surreal and movie-like.
    • Young talent in cybersecurity can be intimidating.
    • The interview process at the NSA is rigorous and unique.
    • Honesty in background checks can impact career opportunities.
    • Transitioning to a startup can open new doors.
    • Building software for cybersecurity requires creativity and passion.
    • Mentorship is crucial for the growth of young professionals.
    • Entrepreneurship in cybersecurity can stem from open-source projects.
    • The journey from employee to founder is filled with challenges.
    • Starting a company can stem from recognizing a valuable opportunity.
    • Navigating early challenges is crucial for startup success.
    • Securing investment is often about finding the right partners.
    • The entrepreneurial journey is filled with ups and downs.
    • AI is transforming the landscape of business and security.
    • Investing in startups carries significant risks and rewards.
    • Mentorship can be a game-changer for first-time founders.
    • Automation can significantly enhance productivity in tech roles.
    • Understanding market needs is essential for successful entrepreneurship.
    • Building a product that evolves with technology is key to long-term success.

    Greg Martin - https://www.linkedin.com/in/gregcmartin/
    Ghost Security - https://ghostsecurity.com/
    Ghost Security Reaper - https://github.com/ghostsecurity/reaper

    続きを読む 一部表示
    1 時間 45 分
  • Ep.4 - Hahna Latonick, Director of Security Research at Dark Wolf Solutions
    2024/10/28

    Summary
    In this episode, Chris interviews Hannah Latonick, a cybersecurity expert with over 18 years of experience. They discuss Hannah's journey into cybersecurity, her experiences with Capture the Flag competitions, her role at Dark Wolf Solutions, and her insights on government contracts and networking. Hannah shares valuable advice for aspiring cybersecurity entrepreneurs and highlights innovative projects her team is working on, including a focus on drone technology and vulnerability research. In this conversation, Hahna Latonick discusses her journey in cybersecurity, the importance of data security in hostile environments, and the future of Dark Wolf Solutions. She shares insights on scaling success in defense contracting, building strong customer relationships, and the role of mentorship in her career. Hahna reflects on her entrepreneurial spirit from a young age, explores various side hustles, and discusses her experiences with seed funding and startups. She emphasizes the importance of investing in oneself and continuous learning, particularly in the field of cybersecurity training. The conversation concludes with Hahna sharing her upcoming conferences and networking opportunities.

    Takeaways

    • Hannah Latonickhas over 18 years of experience in cybersecurity.
    • Her journey began with a family computer and curiosity about technology.
    • Capture the Flag competitions played a significant role in her career.
    • Dark Wolf Solutions focuses on finding zero-day vulnerabilities.
    • Networking is crucial for small businesses in government contracting.
    • Small business set-asides on SAM.gov provide opportunities for new companies.
    • Engaging with small business offices can facilitate government contracts.
    • Conferences and trade shows are valuable for networking and learning.
    • Cybersecurity is vital for national security and everyday life.
    • Innovative projects include automated tools for vulnerability discovery. Data security is crucial, especially in hostile environments.
    • Dark Wolf Solutions aims to compete with top defense contractors.
    • Customer intimacy is key to successful contracting.
    • Mentorship has played a significant role in my career growth.
    • Entrepreneurial spirit can start from a young age.
    • Investing in yourself opens up more opportunities.
    • Continuous learning is essential in the tech industry.
    • Teaching cybersecurity helps reinforce my own knowledge.
    • Networking at conferences is vital for career advancement.
    • Exploring side hustles can lead to new business opportunities.

    Hahna Latonick
    LinkedIn - https://www.linkedin.com/in/hahnakane/
    X (Twitter) - https://twitter.com/hahnakane
    BSides Tampa Presentation - https://youtu.be/xi5EFPmw18g?si=w10fpRjv4hswWMc_

    Dark Wolf Solutions
    Website - https://darkwolfsolutions.com/
    Android Security Research Playbook - https://asrp.darkwolf.io/
    Drone Security Research Playbook - https://dronewolf.darkwolf.io/
    IoT Exploitation Blog Post - https://blog.darkwolfsolutions.com/dws-blog-09-26-2024-ep-15
    Spoofing Mint Browser Blog Post - https://blog.darkwolfsolutions.com/dws-blog-07-30-2024-ep-8

    Topics
    Mastering Your Money - Stop Yearning Start Earning - https://amzn.to/48nuOTf
    Unlock Your Millionaire Mindset Today Course - https://www.udemy.com/course/unlock-your-millionaire-mindset-today/
    The Personal MBA - https://amzn.to/3Ys9gQE

    続きを読む 一部表示
    2 時間 30 分
  • Ep.3 - Alan Braithwaite, Co-Founder & CTO of RunReveal
    2024/10/21

    Summary

    In this episode, Chris Real0day interviews Alan Braithwaite, Co-Founder and CTO of RunReveal. They discuss Alan's journey from hacker to entrepreneur, his literary influences, the philosophical foundations of his work in cybersecurity, and the importance of curiosity and learning in the hacker mindset. Alan shares insights from his early experiences with gaming, his education, and his career at Cloudflare and Segment, highlighting the lessons learned along the way. The conversation culminates in a discussion about building RunReveal and understanding customer needs in the cybersecurity landscape. In this conversation, Alan discusses the importance of customer feedback in product development, emphasizing the value of engaging with paying customers. He shares insights on building a user-friendly product, the significance of data management and security, and the introduction of streaming detections. Alan also outlines his vision for a flexible security pipeline and strategies for customer acquisition. The discussion touches on the challenges of on-prem solutions, the journey of founding a startup, and the role of community in innovation. Alan highlights the balance between focusing on the big picture and being present in the moment, concluding with recommendations for books and resources that have influenced his journey.

    続きを読む 一部表示
    2 時間 13 分
  • Ep.2 - Umit Aksu, Founder of Mobile Hacking Lab
    2024/10/14

    Umit Aksu (@MobileHackingLab)

    In this episode, host Chris "REal0day" Magistrado sits down with Umit Aksu, Founder of Mobile Hacking Lab. Umit shares his journey into cybersecurity and reflects on his experience working with leading organizations like ING, DarkMatter, and Microsoft. From his work at these industry giants to the creation of Mobile Hacking Lab, Umit’s insights reveal the depth and passion that drive his commitment to cybersecurity education.

    Key Highlights in This Episode:
    - Umit’s path from cybersecurity roles at ING, DarkMatter, and Microsoft to founding Mobile Hacking Lab.
    - The inception of Mobile Hacking Lab: the first lab of its kind to offer an immersive mobile research environment, developed in partnership with Corellium.
    - The lab’s mission to equip penetration testers and security researchers with practical tools and knowledge in 0day discovery across mobile applications and ecosystems.
    - The expertise of Mobile Hacking Lab’s educators, bringing real-world experience in 0day research to empower security professionals.
    - A detailed look at Corellium, led by Amanda Gorton (co-founder) and Bill Neifert (Director of Partnerships), as a powerful mobile virtualization platform that stands as a top choice for mobile security researchers.

    Additional Topics Covered:
    - Insights into building and leading cybersecurity programs.
    - Future offerings at Mobile Hacking Lab, including specialized courses in userland and kernel fuzzing.
    - How the partnership with Corellium enhances Mobile Hacking Lab’s capabilities, making advanced security research more accessible to professionals.

    Social Links:
    Umit Aksu
    LinkedIn - https://www.linkedin.com/in/umit-aksu-7397485b/
    Mobile Hacking Lab - https://www.mobilehackinglab.com/link/B1zkaV

    Chris Magistrado (Host):
    LinkedIn - https://linkedin.com/in/cmagistrado
    X - https://x.com/REal0day
    Podcast - https://hackerstofounders.com
    Recruiting Agency - https://TopClearedRecruiting.com
    Articles - https://medium.com/@real0day

    Corellium Leadership:
    Amanda Gorton - https://www.linkedin.com/in/amandafgorton
    Bill Neifert- https://www.linkedin.com/in/billneifert/

    Follow Us for More Episodes and Updates:

    Instagram - https://instagram.com/hackerstofounders
    TikTok - https://www.tiktok.com/@hackerstofounders
    LinkedIn - https://www.linkedin.com/showcase/105189100
    Discord - https://discord.gg/2TnH6hkuTG
    Spotify - https://open.spotify.com/show/5BgjVtDJc7xoyiQlbhKmL6?si=af728a2b3cb74d8b
    Apple iTunes - https://podcasts.apple.com/us/podcast/hackers-to-founders/id1771903476
    Amazon Music - https://music.amazon.com/podcasts/e34efad3-bf38-431d-be45-348ef6838262/hackers-to-founders

    続きを読む 一部表示
    2 時間 9 分
  • Ep.1 - Jordan Wiens aka @psifertex, Co-Founder of Vector35, BinaryNinja
    2024/10/07
    Jordan Wiens (@psifertex) Welcome to Episode 1 featuring host Chris "REal0day" Magistrado and special guest Jordan Wiens, @psifertex, co-founder of Vector 35 and creator of Binary Ninja. In this episode, we discuss Jordan's journey from network defense to founding Vector 35, the unique features of Binary Ninja, and the evolving landscape of reverse engineering tools. We also delve into pricing strategies, sales processes, handling administrative challenges, and the impact of market dynamics on tool preferences among cybersecurity professionals. Key Highlights in This Episode:- The importance of not negotiating low-value licenses and setting a minimum threshold for negotiations to streamline sales processes.- Experiences with prolonged purchasing processes in financial institutions and the lesson learned in reducing bureaucratic processes.- Market entry strategies and navigating competition with free tools like Ghidra.- Enterprise sales and managing complex contracts for larger deals.- Impact of competing tools on revenue and strategy for commercial vs. non-commercial licenses.- The philosophy behind student discounts and nominal pricing.- Future plans for Binary Ninja and continuous commitment to its development.- Insights into the upcoming "Re-verse" conference in Orlando, Florida.Social Links:Jordan Wiens (Special Guest) X - https://x.com/psifertex LinkedIn - https://www.linkedin.com/in/jwiensVector 35 - https://vector35.com/Binary Ninja - https://binary.ninja/Chris Magistrado (Host):LinkedIn - https://linkedin.com/in/cmagistradoX - https://x.com/REal0dayArticles - https://medium.com/@real0dayRecruiting Agency - https://TopClearedRecruiting.comPodcast - https://hackerstofounders.comHackers Mentioned:Rusty Wagner @D0ntPanic - https://github.com/D0ntPanicJayson Street: - https://www.instagram.com/jayson.street/ - https://www.linkedin.com/in/jstreet/Jeremiah Grossman - https://x.com/jeremiahgMike Frantzen - https://www.linkedin.com/in/mike-frantzen/Conference Details:Re-verse Conference: https://re-verse.io/Date: February 28 to March 1Location: Orlando, FloridaCompanies and Tools Mentioned:Binary Ninja - https://binary.ninja/IDA Pro - https://hex-rays.com/ida-proGhidra - https://ghidra-sre.org/Miscellaneous Tools and References:CUI Standard - NIST Guidelines: https://csrc.nist.gov/projects/protecting-controlled-unclassified-informationCapture The Flag (CTF) Competitions: https://ctftime.org/Connect with Us:Twitter - https://x.com/HackerToFounderInstagram - https://instagram.com/hackerstofoundersTikTok -- https://www.tiktok.com/@hackerstofoundersLinkedIn - https://www.linkedin.com/showcase/105189100Discord - https://discord.gg/2TnH6hkuTGWebsite - https://HackersToFounders.comSpotify - https://open.spotify.com/show/5BgjVtDJc7xoyiQlbhKmL6?si=af728a2b3cb74d8bApple iTunes - https://podcasts.apple.com/us/podcast/hackers-to-founders/id1771903476Amazon Music - https://music.amazon.com/podcasts/e34efad3-bf38-431d-be45-348ef6838262/hackers-to-foundersSubscribe for more episodes and insights from cybersecurity professionals who have transitioned into new ventures.Like, comment, and share if you found this episode useful.Follow us on social media for the latest updates and episodes.Watch, Learn, & Grow in Cybersecurity! (00:00) - 1 [00:00:00]: Introduction to Jordan and Vector 35 (00:00) - of Jordan's role and dedication to solving ongoing problems in the reverse engineering field. (00:00) - to the podcast and the guests, focusing on the guest’s background and company journey. (00:00) - Chapter 4(00:00) - 2 [00:01:00]: Founding of Vector 35 (00:00) - of the formation of Vector 35 and its 10-year journey. (00:00) - into the DARPA CTF contract which gave the company its start. (00:00) - Chapter 8(00:00) - 3 [00:05:00]: Binary Ninja's Development (00:00) - of the development history of Binary Ninja from an internal CTF tool to a commercial product. (00:00) - transition from Python to a full C++ rewrite to enhance capabilities and performance. (00:00) - Chapter 12(00:00) - 4 [00:10:00]: Early Career and Education (00:00) - Wiens’ formative years, education in math and computer science, and first job experiences. (00:00) - journey from university IT support roles to a focus on network security and forensics. (00:00) - Chapter 16(00:00) - 5 [00:20:00]: Network Defense and Security Work (00:00) - recount of early projects and learnings in network defense at the University of Florida. (00:00) - examples of handling security incidents and implementing automated security measures. (00:00) - Chapter 20(00:00) - 6 [00:25:00]: Capture The Flag (CTF) Competitions and Impact (00:00) - introduction to CTF competitions and their significance in his transition to offensive security roles. (00:00) - development of a strong skill set in reverse engineering and exploit writing through CTF participation. (00:00) - Chapter 24(00:00) - 7 [00:35:00]: Evolution and Experiences in DEFCON CTF (00:00) - evolution of DEFCON CTF from ...
    続きを読む 一部表示
    1 時間 45 分