80. Think Like a Hacker: Why Curiosity Drives Innovation and Security (with Ted Harrington)
Hello, everyone, and welcome to another episode of the Security Podcast of Silicon Valley. I'm one of the hosts, John McLaughlin. I'm joined with our other host, Sasha Sinkovich. And today we're sharing with everyone an amazing, spectacular guest, Ted Harrington.
Welcome to the show, Ted. Yeah, I'm excited to be here. Thanks for having me, guys. Welcome, Ted.
So on LinkedIn, I can see that you're an executive partner with Independent Security Evaluators and you're a co-founder of Start Vendor Risk Management, as well as a bestselling author. Looks like you have a book released called Hackable, How to Do Application Security Right. Yep, and I've got another one coming out this summer called Inner Hacker. Inner Hacker, I love it.
Is that about the inner journey of your hacking things? And what is the internal motivation behind just breaking stuff? What the book is about, it's for everyone, for anyone, not just security professionals, but it teaches the hacker mindset because I think the hacker mindset is a superpower. And I think it helps you find new ways, overlooked ways to accomplish whatever you're trying to accomplish.
And you can apply it to anything. It's not just about computers. And how I arrived at the title, Inner Hacker, is that I believe there's a hacker inside everyone. And my job with that book is to help the reader find and then unleash their own inner hacker that already exists inside.
I love that. I love that. So what's the spirit behind hacking? Hacking is about, it's about looking at a scenario, a situation, a problem, a goal, whatever, and being willing to think differently about it than maybe what most people do.
So hackers are, as I've been researching this idea, I've been working on it for many, many years. I lead a team of ethical hackers. I wrote the bestselling book called Hackable, which talks about practical implementations of this mindset. I gave a TED Talk called Why I Need to Think Like a Hacker.
And now I'm working on this book. And I've been advocating this idea for a really long time. Like, you need to think like a hacker. And that, of course, begs the question, like, well, what does that even mean?
What does it mean to think like a hacker? And so I've sought to answer that. And I've distilled it down to four attributes that hackers possess. And they are that hackers are curious.
Hackers are nonconforming. Hackers are committed. And hackers are creative. And the way that I can demonstrate that everyone has a hacker inside them is simply by looking at children.
Because little kids exhibit all four of those traits, right? Like, they're curious. They're always, like, sticking their fingers places. And they're always asking questions.
And they're committed. They're going to pursue that thing that they want you to give them no matter how many times you say no. And they're nonconforming, right? You're going to tell them, do this or don't do that.
And they're going to be like, well, maybe I will. Maybe I won't. And they're really creative, right? Kids are just, they're just funny.
And they, like, come up with all these, they're just wildly imaginative. And so all, well, I shouldn't say all, but, like, probably almost every child is like that. But many adults are not like that. So somewhere along the way, we learned to stop following those instincts and those traits.
So it's a choice. And so I think that we can, it already exists inside us. And then we can draw that out. And then if you think like a hacker in whatever the situation is, that helps you think differently than everyone else.
And once you start to think differently, that reveals these overlooked pathways or these missed opportunities that other people are kind of blinded to because they're all following along. Like the herd's all going in the one direction until you step out of the herd and say, well, why are we going there? Then you start seeing these other pathways. It's the curiosity, right?
You have to be always curious about alternatives, about different paths to take. Yeah. That's what kids have. Yeah.
Yeah. So like, as I've been working on this book, I've been interviewing, this has been a really cool byproduct of this. I get to interview all these hackers, right? So I get to call up someone that I admire from the security community and ask them, you know, what does it mean to you to think like a hacker?
And I think without exception, I'm pretty sure it was every single one of them. They said the first thing they said was that hackers are curious. And to me, that feels like table stakes. Like if you're a security professional, you're probably a curious person.
But then you realize in the grand scheme, the grand scope of the human population, a lot of people are not curious. They just like, they just go about their days. It's kind of like do whatever they're doing. And that's the way that they do it.
And they don't stop and ask these questions. And hackers are maybe the other end of the spectrum where they're like, maybe they're too curious. You know, they're asking these like relentless, incessant questions. But yeah, it's that curiosity, trying to understand how things work and why they work that way.
And that's how you find these flaws, security flaws in systems, computer systems. But that's also how you find these new ways of accomplishing whatever it is you're trying to accomplish. I was about to say that curiosity is also aligned with innovation. Absolutely.
Right. Like when you think about an entrepreneur, entrepreneurs are absolutely hackers. Right. So what does an entrepreneur do?
They, I think people who aren't entrepreneurs or aren't innovators, they maybe look at an entrepreneur and they're like, oh, they run business. They make money. And it's like, those are the byproduct of the curiosity. What an entrepreneur does is they, they observe conditions and they're like, huh, I've, I've heard people talk about this problem.
Why isn't that problem solved? Why do current or conventional approaches not solve that problem? Is there a better way? And then they start to explore that.
And it's through that curious exploration that you come up with a business that solves that problem for an audience. That's innovation. Yeah. I love that.
I love that. And I love this idea that you have to be willing to kind of like break the rules a little bit, but just like question them, you know, to get to the core of like what's really going on in a situation and noticing those small details, just like insights. Right. Yeah.
It's interesting. It's interesting. You bring up rule breaking actually, because in this, this book that I'm working on, there's an entire chapter that I write about rule breaking and how to think about rules and what are the purpose of rules and when should we break rules? And it's really interesting because rules serve a great purpose.
Like rules should exist. Rules govern how a system behaves. They create order out of what otherwise might be chaos. So I wouldn't sit here and say we shouldn't have rules.
And in fact, most rules exist for a good reason and probably should be followed. But what we are looking at, what you're looking for with the hacker mindset is there's a subset of rules that are better if they are not followed. It's better if you bend the rule or you break the rule or you just straight up bypass it entirely. And the trick is figuring out, well, which rule is which?
And that was a really fun chapter to write. This has been a really exciting, interesting idea for me to explore, thinking about like all the elements to rules, right? There's legal boundaries and there's moral boundaries. There's ethical boundaries.
There's safety boundaries. There's reputational boundaries. And thinking about all these things and then figuring out, well, some of those rules should be broken or bent or bypassed. Which ones?
And I just think that's a really, really cool exercise to go through. I think a lot of hackers almost inherently just, they just know it without thinking about it. They're like, well, I'm not going to break, I'm not going to kill someone. Like that's a rule that I shouldn't break because there's significant implications.
But maybe I don't need to wait in line to get into, I don't know, like the conference. Everyone lines up in a line because they see this line. It's like, is there another way in? And a hacker might say, okay, well, the consequences might be acceptable to maybe break that rule.
You mentioned that there is a reason for rules and I agree. And maybe there is a concept of some rules are like technical debt. Things have changed. We've evolved.
The laws have changed. And you have this many layers of different laws that essentially deem some of the bottom layers of the rules not applicable. But we still have to follow them because they haven't changed or they haven't been removed. Yeah, that's a very important observation, right?
I refer to there's an associated idea called rule bloat, which is the idea that like rules get later on top of rules because like now a new scenario happens and it's like, oh, we didn't think of that. So let's add another rule for that. Much of the like any sort of like legal systems a lot of times are like that. There's a lot of rules on top of rules.
But you brought up this really important observation that is that things change. Like the only constant in the human existence is that things will change. And so we have to realize that like rules need to be adaptable. They shift over time.
Look at I think a great example of that if we think in a legal context, you think about like institutionalized discrimination as an example. Like today it would be unlawful to make choice choices about someone based on like their gender or ethnicity or whatever. Whereas like not even that long ago, like you could count it in the number of decades. That was literally enshrined in law that people of a certain gender or ethnic background were or were not allowed to do certain things.
And that's an important shift societally that it's like that was wrong even at that time. Morally was wrong, but by the letter of the law was the way that it was. And so these things need to change. We need to be able to see rules and laws change and evolve because just everything else changes.
And so rules need to change along with them. It's almost like a supply chain in software. You have this bloated supply chain that you have no idea what's beyond 10 layers of dependencies. But there is something there that you should be careful potentially.
Yeah, yeah, I'd agree with that. That's a good correlation. Maybe being an entrepreneur is just realizing like there's a shorter path to a similar outcome with less bloat, with less rules, with less things to complicate the journey. I remember before Uber came out, you'd get into a taxi and there's like cameras everywhere and there's a giant plastic like shield.
And then there was no seatbelts or anything even in the back. And you could see all of these like widgets and gadgets that just surrounded the driver. Just like all of these things, electrical components, and it was all like regulated. And I'm looking at that, I'm going like, why do we need all of this stuff?
Like, what is that? We're just going from point A to point B. Get some money. And like, that's that.
And I think like maybe in some very core sense, that's what Uber realized. Like, hey, you could just get in a car. You don't need all of that extra fancy stuff. It doesn't need all of that regulation maybe.
And maybe some of those regulations are actually a good thing and they're coming back and like touching Uber. But it felt like ripe for disruption. Yeah, I think that regulation is an interesting one because in some contexts, regulation improves things. And in a lot of contexts, it does the opposite.
Close down innovation. Part of what it can do, though, is regulation is useful when it protects groups who the market forces on their own aren't going to protect those groups. So using that taxi example, like, have you gotten in a taxi in another country? You're almost certainly getting taken advantage of, right?
You get in this taxi and you're like, how badly am I getting ripped off right now? And that's like regulation in America exists because it's like, well, maybe those individuals, you know, individual person getting in a taxi shouldn't be getting ripped off. I think if we bring it to security, like a cybersecurity context, regulation has proven to be effective for things like IoT devices, medical devices, things where the market forces aren't actually incentivizing security in those cases. It's like, let's just go deploy these things, right?
And think of the early editions of Internet connected devices. It was like security is like hard. The passwords are hard coded. You can't even change the passwords, you know?
And so regulators needed to come in and say, OK, well, the market forces like capitalism isn't driving this improvement in the way that needs to. And so regulation had to step in and say, OK, well, these changes have to happen. And I'm not a proponent of regulation in almost all contexts, except for something like that, where it's like it needs to take something from like zero to one in order to make that improvement. The problem comes from once you're at one and then it's one to N is where all these layers of bureaucracy get added onto it.
Things become less efficient, more expensive. It no longer meets the spirit of the underlying purpose of the regulation. So that's where the rules that should be broken come to surface and tying it all back to the taxicab example where it's like all of a sudden you've got all this regulated tech and it's like this isn't actually helping the rider experience. There is a healthy amount.
Just like there is a healthy amount of security in any business, there is a healthy amount of regulations in any space. And you just have to find the balance, hopefully. So it's about finding the balance. I love that.
It's a very Zen approach to security or to hacking or maybe just life in general. Yeah. I mean, certainly all things, all things in balance. And I don't know if there's a hacker angle to balance, but there probably is like just understanding where to actually want to know there's one.
One thing that came out of this as I was interviewing all these different hackers and they're telling me their cool stories. And sometimes the story, they don't even think they're that cool. They're like, oh, well, this thing happened. It's like not that interesting.
They tell me, I'm like, that's the most interesting story I've ever heard. Yeah. Like that happened all the time. And just the way that they – one of the insights that came out of this, like one of the guys I was interviewing who works at our company, he's talking about this idea that hackers have to know when to stop digging.
Because hacking is like by nature sort of uncertain, right? You look at a system and you're like, I kind of think that there might be an exploitable security vulnerability in this area, so I'm going to dig. And then you find a couple things that like maybe it's not quite the exploit yet, but it signals that like, hey, maybe you're on the right path. But if you keep digging too far, like you only have so much time or energy or money or resources you can put into something.
And if you burn them all on a dead end, then you kind of miss the other stuff that's important. And so having that – this is to the point of balance. It's like being able to figure out when to stop digging and when to say like, all right, I'm butting my head against a wall. It's time to divert and look towards something else.
So I think that's an example where balance comes into play. This is the effort versus the reward that you get in exchange for that effort. For sure. Do you have a favorite tool that you like to use that is kind of like maybe not a hard stop but a signal to be like, well, maybe I should start asking these questions about balance and pop the stack maybe sometime soon?
Yeah. There were a few questions actually in this exact conversation that I was referencing with one of the guys who works for us where what he would do is his exercise. I forget the exact question. I have them written down like one of the things that's going to be a byproduct of this book is a whole bunch of like templates and worksheets that people can then download to go like implement these ideas on anything.
So I can't remember exactly what all the questions are right now, but they were things like, is the path I'm going getting me closer to my goal? And the answers might be like yes, maybe, or no. And if the answer was no, obviously it's like, okay, divert. But he might not think of it unless he stopped and asked that question.
And if the answer is clearly yes, then like obviously keep going. But a lot of times it was that middle, like maybe. And so then there have to be like follow-up questions like, is it worth it? Like would the payoff be big enough based on where I'm going?
Have I seen something similar in the past that would suggest I'm going to be successful here? Even if no, does that mean that maybe it's still worth going because this is maybe something never before seen? And is that worth investing the effort? So he has this whole like sequence of questions that the purpose of it is to just take a minute and ask yourself some clarifying questions.
And then once you've answered them and you make a decision, which is either, you know, keep going or redirect. Then, you know, as you're pursuing that, you're doing it intentionally. Even if you want to be wrong, even if like two weeks later, it's like, well, that turned out to not be a great. The result wasn't worth it.
He still did it intentionally. It wasn't like I wish I had thought about that, you know, it was all right. Well, next time I now have learned these different signals that teach me something else for the future. It sounds like a great system that maybe everyone should occasionally follow.
Like this question is universal, right? Every morning I wake myself up and I'm asking myself, oh, what is it today? A lot of people don't do that. A lot of people, and I actually understand why.
So as humans, we fall into these norms where we ignore patterns. We're looking for the interruption of patterns, but we want to fall into patterns. And we want to, we learned along the way that safety is in the herd. Safety is not being out on your own.
You're safe in the herd. And so that translates to like an information workforce that we have today where people are doing more. I mean, obviously there's beyond knowledge workers, but like a lot of the way the world works today is people like go do an office job. And, you know, they're doing knowledge work where it's like, all right, we're only looking for interruptions to the pattern.
We want to, we want to stay within the herd. And that is what produces these things where people wake up every day and they're like, I got my routine. I'm going to go, I'm going to drink my water. I'm going to go to the gym.
I'm going to go to the office. I'm going to come home and make dinner and go to bed. And it's easy. And that's a beautiful thing.
Like being able to have that comfortable life. So it takes someone intentionally to step out of that every day and say, what am I going to do today? And will that thing bring me closer or farther away from my goals? You just have to stay curious.
It's a very comfortable and luxury life that we have in order to have that luxury of waking up, having a glass of water, going to the gym, going to the office, coming back, going to the grocery. You don't have to source your food out into the fields. You don't have to source the wood to keep the fire burning, have the heat. But staying curious is the challenge.
There's also nothing wrong with like optimizing for those comforts, right? For the consistency, for the security. And I think that a lot of people do that very intentionally. Personally, I don't.
And actually, I will use comfort as an indicator to start questioning things. When things get so comfortable, I will be like, oh, actually, am I am I learning and growing? Like, am I still challenging myself? And it sounds like that's very aligned with the hacker mentality.
Totally. Yeah. I mean, comfort is an interesting thing because in one sense, isn't that ultimately what we're all trying to achieve? Right.
And how do you define comfort? It's like a lot of ways it's measured are the things that people are trying to achieve in life. Right. Like you're trying to have enough money.
You're trying to have enough companionship, enough love. You're trying to have enough sense of community. You're trying to have enough sense of contribution. Like your life mattered.
These are all things that are measurements of comfort. I mean, in some sense, like modern society is very complex, complicated. It used to be very simple. Do I have shelter?
Do I have food? Do I have water? Do I have companions? Am I, you know, I'm still here?
Great. Let's do it again. And for portions of the human population today, that is still where they are. You know, we're all in the situation.
Like, I don't think cavemen would be producing a podcast. Right. But it might be an interesting one to listen to. But we're at a point where now we can have some of that more like intellectual realization, thinking about like, well, what are ideas?
How can we have a better life? How can we help other people have a better life? I mean, that's really what a show like this tries to do. Right.
Like share ideas, help someone else solve their problems, live their life in some better way. That's kind of what we're talking about here. And that's where I think this mindset, the hacker mindset is so much bigger than just computers. I mean, yes, this is how you build better, more secure systems.
But this is also how you live a better life that's more efficient. And like one of the ideas here that's within this is the hacker mindset. It helps you identify and then capitalize on things like like shortcuts and loopholes. And as I was writing about this idea, I remember pretty vividly, I'm like talking about this idea of shortcuts in particular.
And I was traveling at the time and I go to the gym in whatever city I was in. I've never been to this gym before. And I walk in, I like check in or whatever. And on the wall is this like massive mural with one of these like inspirational things that's like painted on there with, you know, like an athlete sweating or whatever.
And it said in huge text, it said, there's no shortcut to sweat. And it kind of like stopped me in my tracks. I'm standing there because here I am talking about why you want to use this mindset because it helps you find shortcuts. And then here's this painting illustrating the shortcuts are actually bad.
And I kind of stopped for a minute. I was like, wait a minute. Are shortcuts a bad thing? And that was an interesting experience for a curious person to be like, what are we talking about here?
And I realized that context, of course, matters because there is no shortcut to build muscle. But the way we live our lives, the way we approach our careers, the way we just go about everything that we're doing, there's all this wasted bureaucracy and bloat and inefficiencies. And that's where shortcuts are great. Like, why would we make our lives harder than they need to be?
As long as we're not violating other people, like there's definitely a code of conduct that needs to be followed to utilize the hacker mindset. But it's basically don't violate anyone and make things better. Like, if you do those two things, you can use the hacker mindset. And then we should totally be using shortcuts.
So that's really what I think we're talking about here is how do we live better lives, more efficient lives, more optimized lives, lives that allow us to accomplish our goals. Maybe we can accomplish them faster than we otherwise might be able to. Maybe we can accomplish them in ways that are bigger or more impactful. Maybe we couldn't even accomplish them at all if we didn't adopt a new mindset like this.
The life is evolving. Today, we have this hot buzzwords, LLMs, AIs that also meant to remove a lot of inefficiencies, a lot of bureaucracies, a lot of noise and make our lives more efficient. And to the mindset of hacker, the inner hacker. There are a lot of corporate or proprietary models out there that you can pay and use the service.
But there are a lot of open source models that people choose to deploy locally, not only to save money, but also for the privacy concerns, etc. That ties into the hacker mindset. Some people choose not to use the corporate models, but deploy something locally. Security is best done when it's either invisible or not very visible to the user.
Like everyone's used to logging a password to get into something. But then all the stuff that's happening behind the scenes, they don't necessarily suffer from. And if you make them suffer from it, they might be like, I'm just not going to use that particular stuff. These are the barriers of entry.
The more barriers of entries you introduce, the more likely people will look for alternatives. Yeah, exactly. And I know a lot of security people that would put that on the user. But I, as a security person, I feel like responsible to take care of like the adoption of the security mechanisms, of the security programs that we roll out in all of these companies that are all coming from a good place.
But they have to be balanced with the culture, with what's acceptable, with the workflows that are already in place. And if you're asking people to change too much too quickly, it's just not going to happen. Right? You're not going to have a more secure company.
You know, you could be trying and trying, but you'd be very frustrating from a security perspective because you won't see the traction. And then if you have to invoke like a power dynamic to get things to happen, I also count that as a failure. Right? Because if you're like, oh, I'm the CSO and you have to do this because I said so.
Okay. Maybe there's a place where you can actually sell that idea so that it's a win for everybody, including the folks out there that you're asking to change. And they may actually adopt it because they see the value in it. Yeah.
It's an easy cop out to say like, oh, the user is the weakest link. And, you know, people say that kind of stuff all the time. Yeah, that's true. Yeah.
But that doesn't mean that we should then just like give up and say like, well, it's on individual users to fix this problem. It's like the way that recycling has been approached, at least in America, was rather than it being like we're going to responsibly produce and recycle materials. There was this thing like maybe 20 years ago where it was like recycling programs where now it's like it's up to you, Mr. And Mrs.
Consumer of Products, to make sure you put your plastic bottles in the recycle bin. And all of a sudden it's like the responsibility was shifted. And that's not how we want to think about security. Like, well, it would be secure if the users would just listen.
But one of the things that's been I think is really powerful and successful is we think about like the psychology of how do you engage the user into the security mission? And there's this amazing study that some psychologists did. I don't know when they did it, maybe like 20 years ago or something. And what the research demonstrated is that simply by engaging people in the mission, they want to be part of it.
And that's why training programs, awareness programs, evangelizing the security mission, why approaching security as like I love the way that you were describing it, that like it's your job as a security professional to get people engaged in this. People will want to be part of it if they feel like it's part of their job. It's not like, oh, that's the security people's job. I can click on whatever I want.
But it's also not entirely my job to keep the whole company safe. It's like we're all in this together. That has proven to be very, very effective. But the mission needs to be clearly stated, right?
Because if you're not sure why do I have to do these things a certain way, it might seem as an overhead. Why is such an important part of rule breaking? Understanding the – well, you weren't talking about it in the context of rule breaking. I just made that pivot.
But understanding why behind anything is important because people, especially smart people, which include the kind of people who listen to a podcast, like trying to learn new ideas, they're the kind of people who are always wondering like, well, why do I have to do that? Why do we do it that way? And it's not that it's because they don't want to follow that process. It's because they want to make sure that they align with the beliefs of why that process is that way.
And when you ask those why questions, like why is it that way? Why was it built that way? Who is it built for? What was that person or group like trying to accomplish?
Then you make a choice, which is either, okay, that makes sense to me. I get why it's like that. I'm going to follow that rule. Or you make a choice to say like, yeah, I'm not going to follow that rule.
I'm going to deviate. I'm willing to not follow along. Or I'm saying rule, but it could be process, anything like that. Yeah, no, I get it.
I love that. I am obsessed with respecting people's autonomy. And I believe 100% that everyone is smart and everyone wants to do the right thing. And when you like accept those as just true, like it changes the way that you can interact with people and it drives leaders, I think, to really try to respect people's autonomy.
And so if someone wants to do something that's not aligned with maybe the interests of the company, you know, it's not that they're being nefarious or lazy or whatever. Maybe they're just trying to do the right thing from their perspective, from their understanding. Like they're missing the context. They don't feel like they're part of the mission, right?
Right. So I love that. That's that's absolutely aligned with the hacker mindset. And like when you respect people's autonomy, you're also inviting them to challenge like the way that things are done, too.
So you leave space for that hacker. Right. To deviate a little bit from. Yeah, 100%.
You brought up a really interesting point, right? Which is I'm paraphrasing what you're saying that like most people, they they want to do the right thing. They don't want to violate other people. I not only believe that to be true, I've observed it to be true.
And it even surprises me that I think that because we haven't really talked about ethical hacking in much detail on this call yet. But I imagine that, you know, many people listening to this know what it is. But like that's what ethical ethical hacking like. Our purpose is to look at systems and to find how they could be exploited.
So like all day, every day, what hackers do is they think about the bad in the world. Like, how could someone attack this thing? Why would they attack it? What do they want to accomplish?
How do they victimize? All that kind of stuff. So you kind of it's like the classic movie, The Matrix, right? Like we're unplugged from The Matrix and we see the ugliness of the world.
But like we at least see the world for what it is. But that's different for most people who are plugged in The Matrix. They they don't have to see the ugliness. They see the beauty of the world.
But even despite being unplugged from the world, unplugged from The Matrix and seeing the ugliness of the world, I still believe it to be true that most people most of the time want to behave ethically. They want to treat other people right. Sometimes there's a conflict between someone's sense of self-preservation and freedom. They're going to prioritize that over someone else's like being treated fairly or ethically.
But for the most part, people given the choice would prefer to do the right thing. Yeah, there's a there's a lizard brain that sometimes will override things in the heat of a moment, perhaps. Welcome to being human, I guess. Yeah.
I love the reference to The Matrix, too. Maybe we we both saw that movie at a very impressionable age and it stuck with us. The message of being able to challenge the way things are presented. I think my understanding of that movie has even evolved over my lifespan, like which is crazy to think of.
Like there's only how many movies do you really like ever think about again after the fact. But just the idea of like, yeah, the metaphor we just talked about of unplugging from the matrix and the idea of making a choice in your life about one path or another path. When I first saw The Matrix, I didn't understand it as a hacker movie, but I now very much see it as a hacker movie. Same.
Same. One of the traits of hacker that you mentioned is commitment. You've built a lot of companies and you've also finished Boston Marathon. What is the parallel between running a marathon and building a company?
They both suck most of the time. Like almost all the time, it really sucks. But then you have these moments of just joy along the route. I'm doing something that a lot of people would find really painful and challenging.
You don't know what the outcome is going to be, but you're willing to put in the work anyway. And you don't quit. You know, you have to wake up and you have to run because you enjoy it. Because you enjoy it.
And because it's the privilege that you get to do it. I get to get up. I get to push my body. I get to strengthen my mental resolve.
And I get to go do this thing that's hard. And it's uncertain what the outcome will be. And that to me, running that race, entrepreneurship, and even just like the hacker ethos, they're all the same. Like the willingness to go do a thing over and over and over again, including a thing that's physically uncomfortable with no certainty of success.
Because it's worth doing. Because it's hard to do. Like the kind of people who are attracted to those, they're my kind of people. You have true grit.
Thank you. It required that for sure to finish. And then, you know, then you arrive at race day and it's like a celebration. And just like, you know, here it is, we've been, I've been doing this version of our hacking company, ISC, with my business partner, Steve.
He and I have been partnering up for like 13 years. There's no proverbial race day in entrepreneurship. There's no like, and today you will now see it pay off. It's just like, it's just the goalposts keep moving.
But I can look back on the past, you know, 13 years we've been doing this and just see so much joy, even though it's like entrepreneurship, training for a marathon, hacking. It's like you get punched in the face 99 times. And you're like, but there will be the 100th time that something good happens. And that's what, you know, you get excited to go find that 100th time.
And that's the commitment, right? You commit to yourself that I've invested all of this time and effort. I'm curious to know what the outcome will be. Yeah, we get to.
And we get to. It's a great privilege to be able to do that. Yeah, I agree. To even just have the mindset to be able to do that.
Right. I mean, if you could, if you could travel back in time and meet your younger self, I'm super curious, would you? Yeah, no, I think that'd be cool. I would have told him to buy more Bitcoin.
That sounds like pretty good advice. Yeah, that would have that would have gone great at that time and hold it. I don't know. I guess maybe inherent in your question is like, would I want to have like back to the future to myself and then maybe change the course of my life?
Because then I gave myself a piece of advice that, you know, changed some things. I don't know. I mean, I think maybe there's some duality in that where it might be cool to be like, if I could have anticipated some of the opportunities that I missed or that I fumbled, like doing them differently. Like, yeah, there's probably things where it's like it would have been nicer if that went a different way.
But all of those things, they also built me to where I am today. And I'm like just so grateful I get to live the experience I'm living right now. I don't know. Would I want to like have the butterfly effect where like one little change changes everything and now maybe my life is different in a not as cool way.
So I never pondered that. You wouldn't be the same person if you went back and had a conversation with yourself. You'd be on a different track. You'd be a different person.
And I think the person that you are today is an amazing, spectacular, very successful, love the deep thinking sort of guy. So you're too kind. No, it's just the truth. They're just sharing, you know, a little conversation, friendly back and forth.
I'm sure you share that energy with everyone that you bump into in this world. So all the gratitude in the world. Thank you so much for joining us for a show on the security podcast of Silicon Valley. Ted, it's been an absolute honor and a great pleasure.
Yeah, it's been it's been awesome hanging out with you guys. And for anyone who's listening, if you want to learn more about like this book that's coming out or insights from ethical hacking, you just want to follow me on LinkedIn or get connected just about any question you might have. Just hit me up. You can find me pretty easily.
It's just my name. Just Ted Harrington dot com. That's my website. Awesome having you on the show, Ted.
Thank you guys for having me. No, thank you guys. And thank you to all our listeners for tuning in to another episode of the security podcast of Silicon Valley. I'm John McLaughlin, one of the hosts, joined with Sasha Sinkovich, the other host.
And this is a Y Security production. Thank you, everyone.