Interview with Startup Junkie: Protecting Your Business, Think Like a Hacker

I recently conducted an interview with the Startup Junkie Podcast. I enjoyed discussing my perspective on cybersecurity, and how being a hacker has given me an important perspective on what it means to be secure.

I also think that the screenshot of the YouTube video was awesome, because it was the perfect shot of me with eyes closed and in what appears to be a prelude to a self-embrace.

From the blog:

Are you at risk of getting hacked and having all of your data exposed, deleted, or ransomed? As we continue to rely more heavily on technology, cybersecurity becomes a paramount concern.  
Foster Davis, Co-Founder and COO of BreachBits, joined the Startup Junkies Podcast to discuss the seriousness of cybersecurity and the role his business plays in protecting companies.

After a 13 year career in the Navy, Foster and his co-founder John Lundgren saw a hole in the cybersecurity market. Most cybersecurity companies were charging between $400,000 and $1,500,000 a year to perform quarterly assessments of their client’s protection against cyber attacks. With technology evolving rapidly and new software updates coming out regularly, a lot could change between quarterly audits. Clients’ could be exposed for two months before their following assessment.

BreachBits altered the cybersecurity market by incorporating bots into their workflow. Instead of hiring several engineers and hackers, roughly 70% of BreachBits’ hacking workforce is bots that are designed to perform all of the same tactics a human would.

By using these bots, BreachBits can increase productivity while lowering costs. You don’t have to pay bots the same way you pay people, and bots never have to take a break! They can operate 24/7 without taking a lunch break or going home for the weekend. This added productivity allows BreachBits to do something that their competitors can’t. They offer continuous assessment rather than quarterly audits, ensuring that their clients are always protected.  

“BreachBits is the idea that the best way to catch a thief is to hire a thief. The best way to find out if you are going to be hacked by a hacker is to actually hire hackers to do it.” (12:31)
BreachBits operates primarily as the “Red Team” in their auditing process, meaning that they work continuously to find holes in a company’s cybersecurity by acting as hackers. Their goal is to find the weak points before a hacker can. It offers a different viewpoint of a client’s security strategy than the “Blue Team,” or defensive strategy, making for a more complete security plan.  

“I love red teaming because it’s not just about us taking the tools that a hacker uses, the tools that the offensive, the adversary uses. It’s about becoming them. It’s about immersing ourselves in the way that they think. And so, in many ways what you want to actually do is have a very deep separation between your blue team and your red team.” (21:48)

For Foster, cybersecurity is merely another form of risk management. While some companies think it is too expensive or not worth the effort, Foster says that it’s a calculated risk.

“I have a lot of experience in risk management, and I am a big believer that cyber risk is just like any other risk. Cyber security is really not that mysterious. If you’re a business owner or responsible for a line of business, you should be asking your security people the same thing you’re asking your finance people or your logistics people or your storeroom people. What is the bad thing that can happen? How likely is it that it will happen? And if it were to happen, how bad would it be?” (26:03)

– Episode 236 of the Startup Junkie Podcast

Here’s a direct link/embed of the interview.

The entire interview with notes can be found at the Startup Junkie Podcast.

Subscribe or Leave a Comment