The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

The Security Podcast of Silicon Valley

The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

85. How Companies Lose $197 Million in Seconds (with Channi Greenwall, Olympix)

Hello, everyone, and welcome to another episode of the security podcast of Silicon Valley. I'm one of the hosts, John McLaughlin. I'm joined the other host, Sasha Sienkiewicz. And today we have an amazing guest to share with everyone, Hani Greenwald, the founder and CEO of a new security startup, Olympics.

Welcome to the show. Thank you for having me. So share with our listeners a little bit about Olympics. What is Olympics out to do?

Do you think of yourself as a security person? Do I think of myself as a security person? Yes, I think it's very much twisted into my DNA. I have a technical background, so a master's in security engineering.

I worked in that field for a little bit before moving on full time to product and then to starting Olympics. I guess maybe it'd be helpful then to go a little bit into the genesis of Olympics and where it came from. We'd love that. Okay, great.

So like I said, traditional technical background. Started Olympics after I personally deployed a side project on chain. I love security for context just because it's so much more fun to break than to build. And it's very dynamic, which I also, as an ADHD, highly stimulated person, gravitate to.

Things that are constantly moving, evolving. There's nothing monotonous about it. So I started Olympics because I personally deployed a project on chain. I thought, wow, this is such a unique attack surface.

For context, just looking at Web 2 versus Web 3, you have three kind of key differentiators. The first being in Web 2, we live, patch, redeploy, patch, redeploy. You know, as Mark Zuckerberg famously says, move quick and break things, which you have the luxury of being able to do in the Web 2 traditional ecosystem. User wants to change on that, no problem.

Fix, fix, fix, fix. Web 3, just deploying or changing your source code is such another animal. The second piece is the transparent nature. So again, in Web 2, we have the luxury of firewall and so many security systems that overlay and protect our underlying code.

In the Web 3 ecosystem, everything's on chain. So you can deduce it at a source or bytecode level. So essentially, it's transparent. And the third reason is direct access to liquidity.

And I think this is the most interesting reason. So again, in the Web 2 ecosystem, if you undergo an exploit, they steal your data. Of course, regulatory comes down and the reputational damage and the payout sucks. It's a huge industry just to stop those things from happening, right?

Really sucks. It's horrible. It's fueled the 300 billion plus security market. However, it's nothing in comparison to if your entire company goes under via an exploit.

So right now, you know, you get hacked in the Web 3 ecosystem and 12 billion is drained, 27, 37, 197 million, like that in a matter of a second. So security is so critical. And I found this really interesting because I always had a personal fascination and like these attack surfaces that have such high stakes. So something to comp it to would be like medical device security.

If your medical device fails, insulin pump, something like that, there's no coming back, right? So those are the stakes. Or, you know, if, for example, your airplane fails, you're gone. So these are like critical systems.

So the same attack surface kind of translates. Now, a big ecosystem, it's a critical system because it can kill your company. Millions of people's money could just be drained in a matter of a second. So it was really fascinating.

I was like, wow, there's hundreds of billions circulating here. There must be the most insane security stack. And I just want to see what people were building because I've always been fascinated by like these critical system attack surfaces and what people build there. And historically, it's always been like formal verification or like in traditional industries.

And no one's really nailed it. And it turns out that the Web3 ecosystem hadn't as well, which was surprising to me given how much money was there. But it just shows the urgency for this technology that like people are building despite critical security infrastructure being in place. When we started Olympics in 2022, over 16 billion had been exploited to date.

90% of all exploited contracts. So I'm referring to smart contracts had undergone an audit, which is the only kind of security unlock that existed in the ecosystem. And to explain an audit, it is exactly like having a third party come in like a consultant, look at your code, tell you what's wrong. You make the changes and you implement them.

Sounds good and dandy if we had better numbers behind it. But when I tell you 90% of exploit contracts underwent this audit, it becomes a little bit problematic there, right? Like those numbers aren't in the builder's favor, aren't in the CEO of the company that's trying to deploy on China's favor. When if I get one audit, not necessarily bulletproof if I get two.

And then let's just dial it back a little bit to the cost. Like people are paying anywhere from 25K to 250K for each audit and they're having to undergo multiple. And still it's not foolproof. Some companies were getting 10 plus audits and still losing money.

So a human, as we know, can only find so much. And there's always going to be something smarter or a layered approach when it comes to security that needs to be embedded. In 2022, a lot of security companies actually saw this problem. Like a lot is getting hacked when you do something.

No one except Olympics said, let's solve it by giving security tools to developers and embedding security first. Majority of companies either did like some type of like architecture, chaos engineering tool that they sell directly to the business or through doubt, or they did on-chain monitoring, which was probably the most popular, which is like, hey, inevitably, everyone's going to get hacked. Let's alert you when you do. And then you can do something about it and hopefully we can mitigate the losses, which again is so important and critical part of the stack.

But what if we could just bring that number down altogether, that experience to hack? And so our North Star from an engineering standpoint is what percent of historically was done by humans can we automate? Not to say we're going to replace this human, but why does the human need to be finding everything? Why can't we find 90% and we leave that 10% for the human and then lower the stakes and lower the chances that you actually get exploited in the first place?

So yeah, that's a long-wind answer to like what Olympics does in our genesis. Are we mainly talking about public, private, or permission chains? What is the biggest customer that you see the engagement with? Who's our biggest customer?

Circle. Where are they launching on Solidity? We're seeing the most, I think it's like 90% of development is on Solidity. We're seeing a bit of a move towards Solana, which is Rust, but historically it's been primarily like EVM compatible chains where majority of the liquidity is on and like wherever there's money, there's hackers and wherever there's hacker security needs to be the first step in development.

Okay. And I think that answers my following question, which is what type of assets are we protecting? Because with blockchain, you can not only store the currency assets or assets that can translate into the currencies, we can also talk about data storage. That's what blockchain is good for is just to store lots of data.

But it sounds like the specific use case that we are addressing here is the asset protection. Yeah, I think there's something interesting here. So like in traditional Web 2, security is mandated by regulatory, meaning whatever we're told we have to do, we do. Not necessarily because we care about security.

The Web 3 ecosystem, there's no one telling you have to do something besides like maybe one audit by a good audit firm and people will do that. But anything additional or any additional layer, there's no really incentive to implement unless you have a large amount of liquidity at stake that could be compromised. And that's where we see majority of our customers coming from. So once they hit, you know, about like 5 million in volume within their protocol or moving through their protocol, they start to engage with us.

You know, we have companies that are moving tens of billions every day. And then we have companies that are as small as, you know, 5, 20 million. That to be said, like, it's just as important that security is implemented in the small teams and the big teams, because as soon as one exploit happens to a small team that's very vulnerable, like their company's gone under. And those first couple of years of starting a company are the most critical to get everything right.

And no one believes in you or whatever. So like they finally get the traction. And we've seen this happen so many times, like these teams finally get the traction and then they get exploited because obviously bad actors see like, okay, a lot of money's here. And this contract, which is on chain in public, is vulnerable.

Let me go after that. And then like there goes the six, seven years of hard work that these founders put in. So it's really, really crazy. Yeah, there's a lot at stake.

And like, these are people's dreams. People are putting everything that they've got behind these companies trying to do the zero to one thing. I have all the respect in the world for that. Right.

And like, forget the founders, even it's also about everyone globally who's distributing their capital here. So in America, we're so used to this luxury of trusting our dollar and putting our money in the bank. And we're not worried anything's going to happen to it. Right.

Everyone has their thoughts on politics and the general economy. Push comes to shove. No one's worried that they're not going to get their 4% back or their money isn't safe in the bank. In Venezuela and Brazil, this isn't the case at all.

And they rely on these decentralized modes of trading, staking, borrowing, lending. Like if one of these protocols fail, that could be their life savings. And by the flip side, if they're working and they have good security infrastructure, that could allow them financial autonomy. There's two sides to the story and they play out very differently depending on how security is embedded into the development of these crypto companies.

Yeah. So let's pretend I'm a crypto founder for a second. I'm doing some on-chain stuff and I've got like a smart contract out there and I'm listening to this. I'm thinking to myself, wow, maybe I could take a closer look at this even before I get big.

Can I go to olympics. ai? Yeah, you can go to our website. It's not self-service.

We have a free tool that about 30% of Solidity developers use. That automates about, I'd say like 20% of what historically was found by external audits, where we see like the mover that gets you more to like 60 or 80% of our paid tools. So we have different tiering there, but you can always just reach out directly on our website or to us on LinkedIn and we onboard. Well, that's incredible.

You have 30% market penetration into the smart contract space. Without a dollar, yeah, spent on any advertising. Congratulations. That's huge.

And I see that you've been doing this for just over three years now. Yeah, just about three. Did something happen? You did your own on-chain adventure and you were a founder and it looks like you started the 10, 000 Hearts NFT.

Was there a moment where you were like, aha? So I think it was like a rabbit hole. So first of all, I was just living in Miami because I worked directly for a founder of late stage cybersecurity company and I didn't know many people there. So I was just, I was anyways working nine to nine, but you need something to do 9 p.

m. to 1 a. m. And I don't personally like TV.

So, and I didn't know anyone really there. So I was like, I'll just work on a side project. Like a lot of smart people I know are moving full-time into the Web3 ecosystem. I don't know much about it.

And I personally learned best by doing so. I'm like, let me just launch a project. Like everyone's launching it. I'm feebly fun.

Grab some interns, worked on that. I'll preface it with it was just like a night project, side project. In doing so again is when I realized the differentiation and attack surface. And like I said, I've always been so drawn to the type of attack surface that has such high stakes more because I just like to see what people are building and how you solve for that to make the technology accessible despite the high stakes.

And that's such an interesting security question. And like, I always wanted to start a medical device security company because of that reason. But just from a business perspective, it's a very hard thing to actually implement and scale given regulatory, given hardware. There's so many pieces there, like all models are so different.

So it never made sense for me to pursue that dream, but like it kind of paralleled in the sense of like high stakes attack surface, really interesting problem. And then as I began, like I said, crawling down that robin hole, like I just want to see what people were building. Why can't I try building something? And it was hard for me definitely because I really loved my job at the time.

So it's not that I wanted to leave my job at all. It was more that this problem was right in my face. I thought how incredible if I get this opportunity to try and solve it. And you know, each day I feel grateful because as we begin to unlock like how to solve it and how that actually looks, it's like we're the ones doing this.

It's so interesting. We're building symbolic execution machines, buzzers, like we're automating formal verification, something historically that was so hard, so manual and so easy to get wrong. Every day it's so fascinating to like climb down this to solve for each of these hard technological problems. Is Web3 security any different than Web2 security and how?

Yeah. So like I said, there are three reasons. Web2 security comes down to like what is regulatory pushing? So three big differentiators in terms of attack surface, like I highlighted.

So one is in Web2, you consistently are patching, redeploying, patching, redeploying. Like you have that freedom to consistently build, change, build, change, ship, ship, ship, ship, ship. In Web3, because the systems are so subject to error and things can go so wrong, you have to be so careful and so aggressive with the testing before deploying. So that's like the first differentiator.

The second differentiator is the transparent nature. So when you deploy on chain, you're looking at anyone being able to see it. So like there's beauty to that and that's part of this ecosystem is like everything's transparent. On the flip side, any bad actor can go and see any hole or flaw in your code.

Whereas in the Web2 ecosystem, we have so many layers and fortresses of protection sitting in front of us. Like there's so much more going on before someone can even access the source code. With Web3, it's just source or bytecode in a flash. We can have it.

And the third thing is, again, like I said, probably the biggest is direct text like liquidity versus data. On Web2, you're always compromising your data. Of course, regulatory comes down. Of course, reputation.

There are components that are huge and that fuels a 300 billion plus industry of companies that operate there. But it's not the same as losing 12 million, 27 million, 197 million in one shot. I just say the tax surface, if I was to boil it down to two things, tax surface is larger and the stakes are higher. Did you say the biggest risk with Web3 security is the intricacies of the contract that you define and then you essentially publish on the chain and everyone can use that contract?

And there is very little room for making errors in the definition of the contract because then it becomes public and you can exploit the contract itself. I think what you're referring to is like contract logic, that it meets the logic that it's supposed to. And I think that's a component of Web3 security and smart contract security. But it's not the only piece.

There's also like you miss a re-entrancy guard. You have a certain pattern within your code that could lead to major funds being drained. And like that doesn't necessarily break the logic. It's just if someone changes one thing from five to zero, all of a sudden an external caller can drain.

So like I think it's part of it. But I think the larger thing is just that the general tax surface is so much greater and that requires a greater amount of spend, a greater amount of testing. And people are still adapting to that reality that like it can't look like, for example, the spend for the same size Web2 startup is not going to be comparable at all to someone deploying on chain because they don't have the same risk. I think that's where I was leading.

The Web3 in general is a fairly new mass product. It's not a new technology, but it recently has seen mass adoption. But there is not enough expertise in Web3 and understanding how Web3 works in order to secure it. And so you have this disbalance of security talent on Web2 versus understanding how to secure Web3.

Yeah, I think that's absolutely right. And I think people underscore how much going back to the spend needs to be allocated for deploying on chain. For example, like there's a very notorious hack that happened this year, the Bybit hack. It's well over a billion dollars.

And it was actually classical like Web2 exploit. Just they happen to operate on chain. So like part of their responsibility is securing both the Web2 and the Web3 stack because they deployed both. However, like they can actually get the consequences of the on chain component, meaning like liquidity being drained via Web2 so people can come in this way.

So there's like a lot more when you think of a tax surface, right, just refers to the amount of space that's vulnerable. There's just so much more vulnerable space and the solutions need to be so much more layered and you're responsible for exponentially in turn. And so like you have to both have a Web2 security expert and a Web3 security expert. And you need to understand where they overlap and where you're vulnerable and where like those holes are that someone can weave from like Web2, you know, interface into your Web3 stack.

Yep. So it sounds like the problem statement is still the same. How do I protect? And you have to answer questions of what am I protecting and against who?

And then you go into standard logical flow of identifying the attack surface, which you have mentioned many times. Then you answer the questions and you still have to protect infrastructure. You still have to protect the Web2 infrastructure and some of the logic. And then you have to think in depth about securing the Web3 component of that stack.

So just additional layer. So I love your story. You built this nights and weekends and you had your job at the same time and you're kind of like probably burning both ends of the wick, so to speak. And you're in Miami.

And then you mentioned that you had a couple of interns and you just built and you just threw yourself into this hard problem and you took a stab at this and you built this up. Sorry, sorry. I want to clarify it. The intern project that's worked on was the NFT project.

I didn't actually start Olympics full time until I left security scorecard. So that was just like a side project. Yeah. So you you've been in security and your passion is clearly security.

I love that. I love that you're tackling hard problems. So thank you. Thank you for that.

That helps make the security community better. That helps make our futures more secure, whether they go on chain or in traditional space. It's a win across the board for the community. And I'm super curious, like when you were you're grinding and your head's down and you're focused and you're building this up.

Did it ever crash your mind to maybe think about having a co-founder? I have a technical background and no problem building out the first version. Of course, you always hire people smarter and better than you and push yourself out of as many roles as you can, except for the roles you extremely excel at. So I was very quick to hire and scale the engineering team after.

And our team is mostly engineers. But at the time, I didn't have someone that I wanted to tackle this problem with. And since then and since validating our idea, we've brought on key employees. They own significant equity stakes.

They operate as business partners. But ultimately, like I founded the company. So I'd say it's not that I was like opposed or for or whatever. There just wasn't someone.

It wasn't in the cards. The cards didn't play and I was doing it with or without someone with or without funding. Like there was nothing stopping me from solving this problem. Along the way, you find the pieces and the people.

Did you raise money? We did. We raised a seed round. Where do you see the next level of adoption of Web3 technology across all of the industries that are ripe for the adoption of Web3?

You know, it's so hard to say because I'm constantly in awe of the solutions that my customers are providing. I say like I have the most unsexy, like obviously to me, it's like the sexiest thing in the world. Like security and the problem we're solving is so cool. It's so interesting.

So novel every day. It's like the hardest problem. However, to most people, like they do not care. But the ideas our customers come up with and the amount of people that come behind it and begin deploying on chain and begin interacting with their apps is crazy.

I actually just got off the phone earlier today with a company and their belief is like you shouldn't think of Web3 versus Web2. You should like developers because vibe coding and the convergence of AI is becoming so widespread. You should think of everyone as a developer. And in the future, if everyone can develop and we've been able to create like a platform where everyone can deploy on chain, the market size is huge.

So it's really hard for me to say like obviously gaming's right. Obviously, you're seeing like these bigger moves of Stripe acquiring multiple Web3 companies, of Circle going public. There's the payment side. Like every major bank is moving RWAs, real world assets.

Like I wish I could like point to one thing and be like, this is the biggest mover. And probably if you read a VC's website every couple months, they'll cite something else. But ultimately, I'd say across the board, it's a matter of 10 years that everything is on chain. What do you think drives this adoption?

Is it the efficiency that chain allows you to have? What is the main driver? For like mass developers, it's usability from like an economic standpoint. Of course, it's efficiency and money saved.

It's like, why does it need to cost $100 when it could cost $1 to move money? There's a lot of different applications there. We would think it's like silly applications, but they make a lot of sense. Like I know a company and it's for wine collectors.

Apparently, that's a huge market. They've created NFTs of every single line. So you can validate that this is like a true, real, legitimate bottle. And I guess there's a huge market for fakes out there.

Like by the same token, art, right? Like people are tokenizing art a lot. And like these aren't markets where I think would move on chain and just wouldn't come to mind first. However, people are operating, building there.

There's huge markets and a lot of people behind it. So like, it's hard for me to say like, if we're at a point to one, of course, like the financial industry as a whole, just moving and offboarding trillions of dollars into the ecosystem. But like, it's so much more than the eye can see. The use cases are beyond what you can imagine.

Like I met an entrepreneur who is tokenizing meditation. Like I guess some companies like to create this benefits and want to incentivize their employees to meditate. And so like they do that by when you meditate, you receive tokens. And I'm just like, that's an interesting idea.

Seems kind of hard to execute right in my head. And she's like, I have X thousand users already and X thousand companies on board. And I'm like, wow, I would have never thought like this application would be on chain. So I guess what I'm saying is like, why it's so compelling to me is like the problems that people are solving and like using our technology as the underlying barrier to like get there are beyond my wildest imagination.

So like there's so many ideas and like me, the three of us cannot even fathom what people are thinking up right now. Like I was so, again, like I told you in awe of this company I was speaking to this morning where they're just like, the future is a conversion. There's not developer, regular person, there's vibe coding for all. And like, if we can make it easy for them to deploy on chain and they have thousands of users every month, people who are not technical deploying on chain, who would have thought, right?

Especially even a year ago, especially two years ago when FTX collapsed, everyone thought it was done. So I could tell you with a very strong conviction in the next 10, 15 years, everything's going to be on chain. I look forward to it. I look forward to it being just as secure as ever with folks like yourself thinking through all of the tough security problems too.

So who knows what's going to be in the future? And vibe coding is now changing things and opening up possibilities for folks that it was out of reach and is changing the way engineering is working. I'm super curious. You started in Miami and for the benefit of all of our listeners, I think you're in New York now.

That's New York City behind you. Right. Yeah. So I was working part-time in Miami to work directly with my boss.

I do believe it. In-person work is the best work, but I've been in New York for over 10 years. And so I always kept my apartment here and moved very quickly back. I don't think Miami is the place to start a company.

Where did you grow up? In California, in San Francisco. Oh, you grew up in San Francisco. Wow.

You're a San Francisco native. Yeah, as well. But New York is just very crypto-centric. And so to start a crypto company in New York is best.

And like, I've been kind of hunkered down here for a long time. So it made sense for me. And it's also, you have to think about like where you're bringing key employees and you want to bring them to a major city they're excited about. And New York happens to be a city that people get very excited about and love to live in.

Very exciting city. Lots happening. Well, congratulations on hitting your escape velocity from San Francisco. That takes skill.

What's been the proudest day so far on your entrepreneurial journey? I think the goalpost always moves there. First, it's taking the risk to start a company. Then it's you get people behind you.

Then your product works. Then it gains adoption. Then you're selling. Then you can't even take on the scale of the people that want it.

And then people who used to laugh at you are trying to copy you. That goalpost moves every day for me. You want it to keep moving, right? Like when I think about like, what's the next thing I'm proud of it?

Like I want it to be, we onboard the next 10 million users and they're able to deploy contracts securely and quickly and cheaply and efficiently because of us. I definitely can't point to one moment. I could say like every day, if you ask me or if like I look forward to it, it changes. I think that's very exciting.

Sounds like every day is the proudest day. Every day something great happens, right? Like some days suck. Some days suck.

I mean, speaking of days that suck, I know being a founder can be filled with super high highs and then super low lows. Those are very vulnerable moments for founders. You see people's true colors like in those days. Have you had a most difficult day on your journey?

You know, this question is really hard to answer because I feel like they happen at such a regular cadence. And when you look back, it's like in retrospect, that wasn't that bad. Like I learned this and this thing doesn't feel like such a big deal anymore to me. And like if this happened to me today, it wouldn't be a big deal.

So I think Elon Musk famously says it's like starting a company is like consistently chewing glass. And I think that's very apt. They happen very regularly and like I couldn't point to one day. But like I will say when you look back at the ones that you thought were like chewing glass, like now it's like eating paper for me.

Like I could do that kind of day any day now. And so I guess by the same token, I was like proudest moments like the goalpost keeps moving for like how hard or how sucky they can get. They always suck, but they always like in retrospect, like become easier as you continuously go through the hard times. That's good and bad.

It's like you said highs and lows all the time. I think one of the most incredible pieces about being a founder specifically in the security community is like you have the superpower to be able to look into the future and you see something different. You see something that most people don't see. And I'm curious if you look into the future, what do you see in terms of maybe the greatest security challenge that we're going to face as a community?

Like the way things are going, the way things are changing, on-chain AI. I mean, obviously, I think it's what we're building. Here's what the world looks like today. A lot of people are trying to deploy on-chain.

The current solution is broken. 90% of exploit contracts are audited. That's the current solution. And yet there's still 90% fail right there.

If I see the future as everyone's going to be on-chain in the next 10 to 15 years, it will not happen unless our solution becomes like a mass scale opportunity for people to deploy securely on-chain, which means we have to be able to build something that automates what historically was done manually better, not just better, like 5, 10x better, and gives people the freedom to deploy on-chain. And so it onboards the next 10 million users. Like I generally think the problem we're solving is the hardest problem, but I'm not exposed to the other problems of other industries. So it's kind of, it's a very biased answer, right?

Like I'm sure if I sat down and like looked at other like deep tech security companies, their problem is also very inherently hard and difficult, and I might have the same sentiment. But because I'm biased and facing this every day, I do think it's obviously so important to me, so critical, and the ecosystem and world will not scale without it. Let's play out that game, right? Like we're going to get hundreds of thousands of auditors, and they're all going to have a 100% success rate as humans.

No, that's not feasible. So like you believe in a future where everything's on-chain, there needs to be an automated security infrastructure approach. And inevitably, we're the only people positioned to do it right now because we're the only people betting on that, and we're the only company with major adoption there. Do you feel like it's just crazy that the AWSs of the world and the Google GCPs of the world, the Azores, and maybe even the central banking system is not taking this more seriously, this change that's coming?

I think you'd be surprised. I think Coinbase came out with a report a couple quarters ago that the average Fortune 500 has at least a $50 to $100 million budget for on-chain initiatives. I think, again, that's all experimentation, and that's very small in comparison to like their overall budget for every other initiative they have. But like no one's really thinking it's a joke.

And I think Stripes acquisitions recently just went to show like people are beginning to delve here, whether it's this year, next year. I mean, MasterCard's about to deploy something on-chain, Goldman, JP Morgan. I'd say like the top 50, top 500 companies definitely have budget and resources going towards on-chain initiatives. They're not blind to it.

But like, of course, yeah, it'll speed up and become exponentially larger as time goes by. And the decentralization of compute, of storage, and of money, that's going to disrupt the way that we think about those things, right? Everything, yeah. Yeah.

But I mean, like if you think about any like other disruptive technology, chat GPT was the thing that kind of spun off everyone's crazy obsession with AI, all these AI companies. I don't even think like I know that was the moment, but there were, of course, early believers like OpenAI started eight years before that huge boom and rush of users. And so with anything, like people kind of push it off or like kind of semi-acknowledge it, but they don't realize the scale until it happens. And that's that like escape velocity moment.

And I think right now we're like three, four years before like that initial wave of escape velocity, five, six years before like mass, mass adoption. So I think it's coming sooner than you think. But as a token, we're also still in the early days. So early.

We haven't even seen like early adoption yet. I think Coinbase just joined the S&P 500. These crypto companies are growing faster than you think. It's a good thing.

It's going to help bring positive change. Right. 100%, especially globally. Have you thought about what legacy you want to leave?

I know you're still very young. And so it's like maybe a silly question. You're just getting started, really. I guess that I never shrunk myself to what people think should be the status quo or should go around.

Like, obviously, I think that just plays like being able to see something and chase after it, despite how many obstacles, no, as rejections come after you. It's an important quality. But I guess it's like in terms of legacy, I think the most important thing to me is what I bring and pull out of others. I think it's also like one of my best qualities is that I'm able to find the best people and then I'm able to extract and push them to their highest level of greatness and things they might not have been themselves aware that they were capable of.

So I think that's probably most important to me because I feel really great when I'm able to do that. I think it's really impactful. And then by the same token, the products that we create as a team or deploy, it also touches the customer. Like, who does it make the customer become?

Now this customer is security first. They're a security engineer. They went from developer to security engineer because they have all these tools. Like, we're able to, again, like extract the next level from that.

So whether it be like me being there personally and extracting that level from people and demanding greatness so they build these great things or the products themselves transforming individuals into their next level that they never knew they would have access to, I think that's probably the most powerful thing you can do. And just to play off that a little bit more, what is your most memorable day on the journey so far with Olympics? Just to scope it down a little bit. I think memorable comes back down to like that question about what was your biggest success?

I think that goalpost keeps moving. But I think like the first memorable moment was when someone collected a bug bounty using our tool. I thought that was really cool. Like our tool was able to get the money because like people had security flaws.

So that told us how powerful our tool was. It's replacing some security researcher and is able to find holes. And then recently, one of the top audit firms, one of our customers underwent an audit from the top audit firm and our tool automated 100% of the findings that the audit firm found. So that just again validates to us.

You know, when you start a company, you kind of think like I have an 80% shot that this will work or 70, like even kind of 60 is enough conviction to start. And that conviction grows as you begin to deploy product and adoption or whatever. Like when those technical milestones hit, I think for me, like right now, I'm at like 95, 97% conviction that could work, which means like I should be moving faster. Like when you get to that, it's kind of crazy.

Like it's almost, that's maybe when you're too late. And like, it's good because we started early and like, it'd be very hard to catch up with us now. But it's funny because I also think about the future when I think about memorable, like I envision what will happen in the future. And like, it feels like it's already happened.

It sounds silly, but I think you envision it so much that it's like becomes a memory of like you seeing something as true. And I think you have to be like that psychotic to like do something like this where you see something as true and it needs to have this change in order to be true. And that drives you to build it every single day. You have to be crazy to be a founder.

There's no way around that one. Yeah. You have to really, really believe that, that what you're going to do is going to change the world. Otherwise, why would you be investing your time and resources?

I guess if you're really young, then like maybe it's just like a fun experiment for you. But like, I think at a certain age, when you have a family, when you have kids, like you're making no money and you're really sacrificing on a lot of levels. You're sacrificing time with family, you're sacrificing so much that you would be doing with anything, but you have to believe the trade-off is worth it. And I believe the trade-off is worth it a million fold.

And I believe we can execute on this a million fold. And so with that being true, like no other reality exists to me besides building Olympics with full conviction, full energy with 100% of me in it. Going back in time a little bit, if you had an opportunity to meet your younger self, would you take that opportunity? And if you would, what sort of advice would you have for your younger self?

I think I would just say, trust your gut. I think when I look back at anything that I feel like was a regret, or I would even say like I moved too slowly because usually I get there, but sometimes I move too slowly or historically. And like probably the biggest lessons I've learned as a founder and as a human is like, just move faster and trust your gut. And usually you're right.

Sometimes you're wrong. Like when you're wrong, it's okay. Just move quickly and get there. So I'd probably just say, trust your gut.

I love that. Intuition and it works. It's right there. I think you know a lot more than you think you know.

Yeah. And by the same time, like so does everyone. As everyone who works at Olympics, I often defer to them. Like, what does your gut tell you?

Oftentimes they know better than me because they're sitting and sunk into this problem. And when you push that question, usually the answer ends up being something meaningful. I love that. You know, we have a lot of entrepreneurs, aspiring entrepreneurs, folks running small companies, folks thinking about their next idea who listen to the show.

And so this is a little bit of a leading question. Always super fun to ask, but is there just one tool or service that you wish someone would just go out there and build already because you've bumped into this problem over and over and it's not your area of expertise. So you don't have time to solve it. And you just wish this problem would just go away and you'd be willing to pay money to have this thing solved.

Does it have to be security related? No, no, it could be anything. I would love for there to be a good swimwear shapewear. I think that would be amazing.

No one's built like a nice looking swimwear that's shapewear. And I don't, I feel like it's the most simple in your face thing. And it's very easy to execute on from a consumer perspective. Everyone knows how to build good shapewear at this point.

Everyone knows how to build swimwear. Like you just need to layer the two and like create a good line. And I think that the revenue opportunity would be huge there. I think that's like that, that would be a huge consumer facing company, but I have no experience with consumer.

All I do is like deep tech, but like as a girl, I would love that. I think that would be awesome. I mean, major businesses are built off that, right? Like Spank shapewear, skim shapewear.

I don't know if you've read that book, but like the whole thing is like, there's nothing for a woman, like buying a new pair of shoes. Like there's the emotional and psychological piece of clothing that plays into like female psychology that I think is very powerful and that can drive a lot of revenue. And I think if you could build gorgeously executed shapewear swim brand, people would enjoy that and make them feel good and make a lot of money. Thank you so much for sharing.

This has been an absolutely spectacular, very educational episode on Web 3. 0 Security Olympics. It sounds like you're making incredible strides, helping build a more secure future for all of us. I'm one of the hosts, John McLaughlin, who's joined with our other host, Sasha Sinkovich.

And for all of our listeners, Honey Greenwall, the founder and CEO of Olympics. Thank you so much, John and Sasha. And thank you, both of you and to all of our listeners for tuning in to another episode of the Security Podcast of Silicon Valley. This has been a Y Security production.

Please stay tuned for the next show. And if you feel so compelled, please give us a rating, drop some comments and share on your socials.

‹ 86. Ex-FBI Agent: The Biggest Security Threat is the Human Behind the Keyboard

84. What gets missed when nobody reviews the code (with Jack Cable, Corridor) ›