Hackers to Founders

by Chris Magistrado

19 episodes

Updated Daily

Accepts GuestsHas SponsorsLocation 🇺🇸

Overview

I'm Chris (REal0day) Magistrado, hacker who interviews hackers, entrepreneurs, community builders, and investors. https://HackersToFounders.com

Language

🇺🇲

Publishing Since

10/2/2024

Visit Website View on Apple Podcasts RSS Feed

Reach out to this podcast

Get in touch with the podcast creators

Email Addresses

1 available

Phone Numbers

0 available

Get Full Contact Details

Recent Episodes

March 21, 2025

Ep. 18 - Eliminating Human Errors w/ Patrick Thomas

What if AI-powered security could eliminate human errors in cybersecurity? Meet the founder making it happen. In this episode of Hackers to Founders, I sit down with Patrick Ben Thomas, the founder of NullZec and its advanced malware development division, Shadow Mask. Patrick shares his journey from early cybersecurity research to building a solution designed to eliminate human errors and prevent malware from spreading. We discuss how his team integrates sandboxing, zero-trust architecture, and in-house malware analysis to isolate and detect threats before they reach end users. He also dives into the offensive research behind Shadow Mask, where they develop real-world exploits to strengthen defenses. Tune in to learn how Patrick is blending adversary simulation with next-gen defense strategies to reshape cybersecurity.People<ul><li><a href="https://www.linkedin.com/in/patrickbenthomas/">Patrick Ben Thomas</a> (Guest, Founder of NullZec & Shadow Mask)</li><li><a href="https://en.wikipedia.org/wiki/Kevin_Mitnick">Kevin Mitnick</a> (Famous hacker, cybersecurity expert)</li></ul>Companies & Organizations<ul><li><a href="https://www.nullzec.com/">NullZec </a>(Parent company founded by Patrick Ben Thomas)</li><li><a href="https://www.shadowmask.xyz/">Shadow Mask </a>(Malware development & adversary simulation division under NullSec)</li></ul>Products & Technologies<ul><li><a href="https://amzn.to/43NHWAB">HackRF </a>(Software-defined radio device used for security research)</li><li><a href="https://www.nuand.com/">BladeRF </a>(Full-duplex SDR used for radio frequency security research)</li><li><a href="https://proxmark.com/">Proxmark 3</a> (RFID/NFC security tool for cloning and emulation)</li><li><a href="https://flipperzero.one/">Flipper Zero</a> (Multi-tool for hardware and RF hacking)</li><li><a href="https://lab401.com/">NFC Kill </a>(Device used to destroy NFC-enabled cards by electromagnetic pulse)</li></ul>Cybersecurity Events & Conferences<ul><li><a href="https://defcon.org/">DEFCON </a>(Hacker conference)</li><li><a href="https://www.blackhat.com/">Black Hat</a> (Cybersecurity conference)</li><li><a href="https://bsides.org/">BSides </a>(Security conference, mentioned as besides)</li><li><a href="https://www.rsaconference.com/">RSA Conference</a> (Cybersecurity event)</li></ul>Cybersecurity Services & Platforms<ul><li><a href="https://www.virustotal.com/">VirusTotal </a>(Malware analysis service, mentioned as insufficient for zero-day threats)</li></ul>

February 21, 2025

Ep. 17 - How AI is Changing OSINT, Dark Web Investigations, and Fraud Detection w/ Zara Perumal’

What if AI could predict and prevent cyber fraud before it happens? Meet the founder making it possible " On this episode of Hackers to Founders, we feature Zara Perumal, the CTO and co-founder of Overwatch Data. The episode explores Zara’s journey from an early fascination with computer science, influenced by her software developer father, to her evolution into a cybersecurity and AI entrepreneur. Zara recounts her first steps into coding, beginning with HTML at age 11 and later developing iOS apps, which sparked her passion for building technology. She reflects on her experiences at MIT, where she explored bioinformatics, machine learning, and eventually cybersecurity, which became a turning point in her career. Her work at Google’s Threat Analysis Group further deepened her understanding of digital threats, leading her to the realization that she wanted to create a company addressing cybersecurity challenges at scale.The episode then shifts focus to Overwatch Data, where Zara details the company's mission to harness AI to process OSINT (open-source intelligence) and provide actionable insights for businesses. She describes the challenges of collecting and analyzing data from the dark web and fraudulent networks, explaining how Overwatch leverages automation and investigative techniques to detect threats and fraud. She also discusses the business side of the startup, from finding the right market fit to the importance of customer feedback in shaping their solutions. Throughout the conversation, Zara and host Chris Magistrado delve into the complexities of cybercrime, the evolving threat landscape, and the role of AI in modern threat intelligence, offering listeners a fascinating look into the intersection of security, AI, and entrepreneurship.People<ul><li><a href="https://www.linkedin.com/in/zperumal/">Zara Perumal</a> – CTO and Co-founder of Overwatch Data, specializing in AI-driven cybersecurity.</li><li><a href="https://www.linkedin.com/in/cmagistrado/">Chris Magistrado</a> – Host of Hackers to Founders, interviewing tech and security entrepreneurs.</li><li><a href="https://www.linkedin.com/in/arjun-bisen/">Arjun Bisen</a> – CEO and Co-founder of Overwatch Data who initially had the idea for the company.</li><li><a href="https://www.linkedin.com/in/ronald-rivest-98923747/">Ron Rivest</a> – Renowned cryptographer and MIT professor who influenced Zara’s interest in cybersecurity.</li><li>Michael (YC Advisor) – Advisor at Y Combinator who guided Overwatch Data through its early stages.</li></ul>Companies & Organizations<ul><li><a href="https://www.overwatchdata.ai/">Overwatch Data</a> – A cybersecurity startup leveraging AI to process OSINT and detect fraud.</li><li><a href="https://www.csail.mit.edu/">MIT CSAIL</a> – MIT’s Computer Science and Artificial Intelligence Laboratory where Zara conducted research.</li><li><a href="https://www.belfercenter.org/">Harvard Belfer Center</a> – A research institute focused on security, where Zara contributed to digital democracy defense.</li><li><a href="https://www.akamai.com/">Akamai </a>– A cloud and cybersecurity company where Zara gained experience in software and data analytics.</li><li><a href="https://www.nasdaq.com/">NASDAQ </a>– A major stock exchange where Zara worked in technology roles.</li><li><a href="https://www.apple.com/">Apple </a>– Technology company where Zara developed software.</li><li><a href="https://www.ycombinator.com/">Y Combinator</a> – Startup accelerator that backed Overwatch Data.</li><li><a href="https://www.corellium.com/">Corellium </a>– A company providing a virtualization platform for mobile security research.</li></ul>Technologies & Tools<ul><li>Objective-C – Programming language used for iOS app development before Swift.</li><li>Swift – Modern programming language for Apple’s ecosystem.</li><li>React Native – A framework for building cross-platform mobile applications.</li><li>Flutter – Google’s UI toolkit for natively compiled mobile apps.</li><li>JADX – A tool for reverse-engineering Android applications.</li><li>Telegram – Messaging platform heavily used by cybercriminals for fraud and illicit activities.</li><li>GPT (ChatGPT) – AI tool used for scripting and automating analysis tasks.</li><li>DeepSeek – An AI tool discussed for its open-source implications.</li><li>Magic Eye – A bot used for detecting duplicate images on Reddit.</li><li>Corellium – A mobile security research platform used for analyzing malware.</li></ul>Cybersecurity & Hacking<ul><li>OSINT (Open-Source Intelligence) – Intelligence gathered from publicly available sources.</li><li>Dark Web – A hidden part of the internet where illicit cyber activities and fraud take place.</li><li>SIM Swapping – A fraud technique where hackers take over phone numbers to gain access to accounts.</li><li>Credential Stuffing – A hacking technique using stolen username-password combinations.</li><li>PDF Malware – Malicious software hidden in PDFs, which Zara researched in academia and at Google.</li><li>Null Market (Nulled) – A recently taken-down dark web forum used for cybercrime.</li><li>DNM (Dark Net Marketplaces) – Online platforms for buying and selling illicit goods.</li><li>Grams – A dark web search engine that indexed darknet marketplaces.</li><li>MD5 Hashing – A cryptographic technique used to verify digital signatures.</li></ul>

January 29, 2025

Ep. 16 - The Birth of the CVE System, created by Adam Shostack

Who created the CVE system? That's Adam! In this insightful episode of "Hackers to Founders," host Chris REal0day Magistrado welcomes Adam Shostack, a renowned cybersecurity expert and co-creator of the Common Vulnerabilities and Exposures (CVE) system. Adam recounts his journey from a curious and geeky childhood, engaging in activities like D&D and building with Legos, to his influential career in cybersecurity. He delves into his early experiences at Brigham and Women's Hospital, where he first encountered the importance of security and privacy in medical systems. Adam shares his entrepreneurial ventures, including his pivotal roles in startups like Net Tech and Zero Knowledge Systems, highlighting the challenges and rewards of building security-focused businesses during the nascent stages of the cybersecurity industry. His passion for threat modeling is evident as he discusses his work at Microsoft, where he developed user-friendly threat modeling tools and authored influential books to make security practices more accessible.Beyond his technical achievements, Adam emphasizes the significance of education, training, and mentorship in advancing cybersecurity. He explains his transition from product development to focusing on training and creating scalable educational programs, ensuring that essential security skills are widely disseminated. Adam also explores his collaboration with Cyber Green to establish cyber public health, aiming to apply public health methodologies to measure and mitigate cyber impacts effectively. Throughout the conversation, Adam underscores the importance of diversity in fostering innovative solutions and the need for adaptable strategies in an ever-evolving threat landscape. His dedication to making cybersecurity more inclusive and his visionary approach to integrating interdisciplinary techniques position him as a key thought leader committed to enhancing global security practices.People<ul><li>Adam Shostack: Renowned cybersecurity expert, co-creator of the Common Vulnerabilities and Exposures (CVE) system, author of several influential books on threat modeling and security design.</li><li>Frank Abagnale: Subject of the book "Catch Me If You Can," which influenced Adam's childhood interest in security and deception techniques.</li><li>Leonardo DiCaprio: Actor who portrayed Frank Abagnale in the movie adaptation of "Catch Me If You Can."</li><li>Mike Howard: Worked alongside Adam on the Secure Development Lifecycle team.</li><li>Steve Lipner: Collaborated with Adam on threat modeling initiatives.</li><li>Rob Kinnaki: Worked with Adam on the cyber public health project, contributing to the development of new cybersecurity disciplines.</li><li>Tara Wheeler: Partnered with Adam in establishing cyber public health methodologies.</li><li>Heidi Trust: Recommended by Adam as a notable figure intersecting usability and security.</li><li>Gene Spafford: Part of Adam's professional network, contributing to cybersecurity discourse.</li><li>Steve Belvin: Known to Adam, part of his network of cybersecurity professionals.</li><li>Bruce Schneier: Part of Adam's extensive network within the cybersecurity community.</li><li>Marcus Ranham: Known to Adam, contributing to his professional relationships.</li><li>Mudge: Met by Adam during his time at BBN, part of his influential network.</li><li>Weld Pond: Met by Adam at BBN, contributing to his professional connections.</li><li>Prerit Garg: Contributor to threat modeling methodologies.</li><li>Lance Cottrell: Influenced Adam's work on anonymized networks at Zero Knowledge Systems.</li><li>Paul Syverson: Co-inventor of onion routing. His work influenced the development of anonymized network systems like Tor and Zero Knowledge Systems.</li><li>Steve Christie: Involved in the development of the CVE system.</li><li>Dave Mann: Collaborated with Adam on creating the CVE system.</li><li>Andre Fresh: Worked with Adam on developing the CVE system.</li><li>Tony Sager: Helped secure funding for the CVE system through collaboration with MITRE.</li><li>Stephen Savage: Involved in ransomware detection research, mentioned in relation to cyber public health.</li></ul>Organizations<ul><li>CVE (Common Vulnerabilities and Exposures): A standardized system for identifying and categorizing cybersecurity vulnerabilities. Co-created by Adam Shostack to provide a common reference for vulnerabilities across different platforms and organizations.</li><li>Net Tech<ul><li>Startup focused on developing vulnerability scanners. Adam played a pivotal role in this successful startup, contributing to the creation of security tools.</li></ul></li><li>Zero Knowledge Systems: Startup aimed at creating anonymized network solutions similar to Tor. Adam joined this company to work on privacy-focused technologies.</li><li>MITRE: Not-for-profit organization that manages various federally funded research and development centers. Collaborated with Adam to develop and support the CVE system.</li><li>Secure ID: Company that produced authentication tokens. Adam conducted security and privacy reviews of their products early in his career.</li><li>BBN (Bolt Beranek and Newman Inc.) Technology company known for its work on ARPANET and early internet infrastructure. Adam worked here and met key figures like Mudge and Weld Pond.</li><li>DEF CON: One of the world's largest and most notable hacker conventions. Adam attended DEF CON, sharing experiences and networking with other security professionals.</li><li>2600: Hacker community magazine and associated meetings. Part of the hacker culture Adam was involved with during his early career.</li><li>ShmooCon: Annual East Coast hacker convention. Adam attended and interacted with the hacker community here.</li><li>CISA (Cybersecurity and Infrastructure Security Agency): U.S. federal agency responsible for cybersecurity and infrastructure protection. Mentioned in the context of cybersecurity research and vulnerability management.</li></ul>Products and Tools<ul><li>CVE System (Common Vulnerabilities and Exposures): A standardized system for identifying and cataloging cybersecurity vulnerabilities. Co-created by Adam Shostack to provide a common reference across the cybersecurity industry.</li><li>Hacker Shield: Vulnerability scanner developed by Adam's company. Used by organizations to identify and remediate security vulnerabilities.</li><li>Stride: A mnemonic framework for threat modeling (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege). Developed by Prerit Garg and others to help structure threat analysis.</li><li>Tor: An anonymity network that directs internet traffic through a free, worldwide, volunteer overlay network. Influenced the development of Zero Knowledge Systems' anonymized network products.</li><li>Mixmaster: Asynchronous email router designed for anonymizing email traffic. Developed by Lance Cottrell, influencing Adam's work on privacy-focused networking.</li><li>Log4j: Java-based logging utility with significant vulnerabilities exploited in cybersecurity attacks. Discussed by Adam in the context of vulnerability management and public health approaches to cybersecurity.</li><li></ul>

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at [email protected] for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.

Recent articles