Special Guest Expert - Ted Harrington: Video automatically transcribed by Sonix

Special Guest Expert - Ted Harrington: this mp4 video file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.

Brigitta Hoeferle:
Here's the big question. How is it that most entrepreneurs hustle and are always busy and struggle to take just one step forward, only to fall two steps back? They're dedicated, determined and driven, but only a few finally break through and win. This show uncovers those quantum leap patterns of highly successful people so you can simply model what they do and apply to your future success. That's the question. And the answers are right here. My name is Brigitta Hoeferle and this is the Success Patterns Show. Happy Tuesday. Here is the Golden Nugget success patterns or more valuable than ideas. Let me explain. Ideas, while powerful, require trial and error and a lot of time to put into action. Think about manufacturing. First you have an idea, a new idea. Then you go into proof of concept working, prototype, small business production badges, small production badges, and then finally a full scale production. It takes months, maybe even years. You may have met some people that are collectors of great ideas, but they do little else. Forget everything you heard about ideas. You're not looking for ideas. You're looking for success patterns. You're at the right place at the right time. Success patterns are different. Success patterns are better. Why? Success patterns are proven. Have a logical sense of steps to follow. Have an action bias and deliver consistent results. In this content rich program, the Success pattern show. You'll learn these valuable success patterns. And we have a special guest today. We have a hacker in the house. You heard it right. But let me tell you, he's a hacker for good. Ted Harrington is the number one best selling author of Hackable How to Do Application Security. Right. And he's the executive partner at Independent Security Evaluators, the Company of Ethical Hackers framing famous for hacking cars, medical devices, web applications, password managers and many more. He's helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, Netflix. Guys, you think he knows a thing or two about security. He's been featured in over 100 media outlets Wall Street Journal, Financial Times, Forbes, TED Stages. That's where I know him from. He's founded and organized Iot Villages, an event whose hacking contest is a three time DEFCON Black Badge winner. He hosts a tech done different podcast. I have here with me Ted Harrington. So glad that you are here with me today. How are you?

Ted Harrington:
I'm good. It's good to see you again. Yeah.

Brigitta Hoeferle:
Good to see you. Last time I saw you was in Germany.

Ted Harrington:
That's right. That's right.

Brigitta Hoeferle:
So a hacker in the house, huh?

Ted Harrington:
I guess so. Well, I think we're all hackers, as you've.

Brigitta Hoeferle:
Heard me.

Ted Harrington:
Evangelize. I think there's a hacker in everyone. I mean, it depends. A lot of people don't know what a hacker is, and we can talk about explaining that. But. But, yes, I believe you are a hacker. I am. I think everyone is just a matter of do we let our hacker out?

Brigitta Hoeferle:
Oh, do we let our hacker out? Okay, so do me a not just me, but all of our listeners and viewers. Do us a favor. Define hacker.

Ted Harrington:
Sure. So a hacker is a creative problem solver. A hacker is someone who looks at a situation and explores whether they can approach that situation differently than the way most people normally might approach this situation. So there's no moral grounding to that. A hacker is neither good nor bad. But what most people say when they're saying hackers, like if you see a news article that says hackers compromised such and such company, that is true that some hackers are bad, they're motivated by profit or personal gain, geopolitical advantage, competitive advantage. There's all kinds of reasons that bad types of hackers might be motivated, but there are also good types of hackers, and good types of hackers are motivated to improve the security of a system. And that's the world that I come from. But hackers, without adding whether it's an ethical hacker like I am or a more malicious hacker like the attackers are, a hacker on its own is just someone who looks at a situation and tries to solve problems creatively and try to approach the situation differently.

Brigitta Hoeferle:
So it's interesting and thank you for that clarification because we have put society put somewhat of a negative connotation to hacking or to hackers. And I'm grateful that you have kind of cleared up that space now. First of all. What made you become a hacker? What made you become what? What made you do what you are doing today? Did you just one day wake up and go, Oh, I'm really good at this. I should do this for a living?

Ted Harrington:
Hmm. It actually took me a while to even allow myself to consider myself a hacker because I compare myself to the people that I get to lead who are, you know, behind a terminal. They're writing code. You know, that's not really what I do. I'm more of a leader. And so for the longest time, I was like, No, they're hackers and I'm just a leader of hackers. And then I realized this idea of what is hacking. Hacking is like a mindset, right? It's do you look at a situation differently? Do you try to deconstruct it? Do you explore new avenues to approach your situation? And in that sense, I believe that I am a hacker. But your question, I think, was really what drew me to this field of ethical hacking that most people don't even know exists as a profession like you do bad guy stuff, but you don't go to jail like this exists. And that's I get to do that. And for me, when I knew that I wanted to dedicate my life to this was about 11 years ago. And I was I was running a company that was in a completely different field in water, water conservation. And I got connected with this guy who has become now my business partner, and he's a PhD in computer science, or he was in the PhD program pursuing that when he decided to start a company that is the company we do together now, that is essentially this, like companies out there need to understand how will hackers, the bad kind, how will attackers attack them, and then how do we make sure those weaknesses are fixed? And so when he and I were talking about the business model around that, I saw so many things that resonated with me as a as a human being, not even just as an entrepreneur, but as a human. You know, it's like the security community is about doing hard things that matter, getting better every day, serving others. And those principles really drew me in. And once I identified that is what exists in the security community. That was it. I knew that this is where I wanted to spend the rest of my career.

Brigitta Hoeferle:
You know, thinking like an hacker. First of all, you said we're all hackers. And then thinking like a hacker is, I think, really beneficial. And when we met in Frankfurt, I realized because you made me aware of something on my phone that you have paid attention to that I have never, ever paid attention to. And it's those little it's a it's a little thing, but it can turn into something really, really big, probably within a nanosecond if someone really wants to do you harm. Right.

Ted Harrington:
What was it? I don't remember. What was this thing?

Brigitta Hoeferle:
It was something on my phone. I can't remember what it was, but you fixed it for me. And I'm really grateful. I will never forget that. I will never forget that. You. You. You are making people aware, not just individuals. You go into large organizations and make them aware that there are. Ways that someone can find their way in and really do damage, not just damage in terms of, you know, all of all of the data of your of your customers is going to be shared with everyone. But there's there's. At life or at death kind of harm out there. Tell us about you told a story when when I saw you in Frankfurt about the medical health industry and what hacking can do there.

Ted Harrington:
Sure. So here's the thing that's kind of interesting about the field that is ethical hacking is that it's sort of like, have you ever seen The Matrix? You've seen the movie. So I imagine most your listeners have. If they haven't, I can describe the premise a little bit and how it relates, and I'm probably going to spoil it if you haven't seen it yet. But at this point it's like 20 something years old. But in The Matrix, right, there's these people that are in the simulation and they want to have this freedom or whatever, so they figure out a way to like disconnect from the simulation. But the problem is, once they disconnect from the simulation, they're now free. But they see all the ugliness in the world. And so it's all about, is that better or worse? So there's a lot of spirituality in what the movie is about. But that moment of like once you unplug from the Matrix, you see the world for what it is. And it's even when you go back into the Matrix, you still see it for the darkness that exists in the world. And that's what ethical hacking is like, because once you start to see where the problems exist in the world, you start to see them everywhere. It's just the way your brain is wired. So, I mean, I almost every situation that I'm in, I think about like, how would I defeat that if I wanted to defeat it? How would I defeat it? And, you know, lines I told a story about, like standing in line, How do you defeat a line? The story you're referring to about medical devices. It was like we were exploring this thought exercise of how how could an attacker hurt a patient by attacking a medical device and exploring that hypothesis? Is it possible? If possible, How so? And that's a really creative process of thinking about, well, it's a thing is supposed to be built in a certain way. It's supposed to do a certain thing. Can it do something else that it's not supposed to do? And if so, what bad thing happens? And now how do we prevent that? And I find that to be so incredibly stimulating from just a purely creative standpoint. And that's sort of what it's like being a hacker every day.

Brigitta Hoeferle:
Wow. The. The depth of being a hacker. And the almost want to say is simplicity, because if we if we compare hacking into a system and hacking into our own life, hacking into our own thinking, you said something and I rewatched it today, and I want to quote you on this. You said, Help me think about my situation differently. That will lead to new pathways to achieve my goals. And this does not just apply to hacking.

Ted Harrington:
Correct? Yeah, what you just described. I mean, that's the that is the thesis statement of my entire talk, right? This idea that if if anyone and this is not directed at security people, it's not directed even at people in tech, it's directed at literally everybody like it's it's thought of from the perspective of why should my parents care, watch my grandparents care kind of thing. And if anyone can apply the mindset traits that hackers utilize, both the good kind and the bad kind that makes you think differently about the situation, and it's that process of thinking differently that helps us realize the way that we can achieve our goals differently because we can so easily get caught up in the momentum of like, Well, I'm supposed to do it in this way. And what's really cool is it was interesting hearing you talk about the premise of this show and even the title of it, right? It's all about patterns and pattern recognition. And you follow these patterns, you follow these patterns. These are going to lead to success. And I think that's a wonderful model that people should should follow. But what's even interesting about what you're doing is that even though you're laying out patterns itself is pattern interruption, because what you're saying to people is, hey, stop being whatever the inertia is in your life, you have to change that. Because if you want to look and feel like these other successful people, you have to act like them. And that is different than the way that most people think and behave. And that really is what thinking like a hacker is about. Is it saying, looking at your life and saying, okay, well, I'm trying to get a promotion at work. And maybe that's the you're talking about entrepreneurs here. So let me use a different metaphor. So I'm trying to raise money for my venture, and here's how people raise money for ventures, right? You get your pitch deck, you go out to Silicon Valley and you get a bunch of meetings, you pitch it, and hopefully one of them gives you money. But what if there's another way? What? What if instead that's not the best way to raise money? What if it's to go within your own personal network? What if it's to go to a bank? What if I don't know all the different ways that you might think about it differently, But whatever the whatever the situation is, if you have assumptions about how it's supposed to work, what if it was the opposite? What if the way that you think you're supposed to do it is not available to you? How would you then do it? And that's what thinking like a hacker is about. And it reveals these amazing new ways to approach whatever it is you're trying to achieve.

Brigitta Hoeferle:
So can someone then with that strategy, would that pattern that you have described, can someone hack their own mind?

Ted Harrington:
I mean. I think so, yeah. I think that now I'm not a a biologist or a evolutionary scientist, but I do know that much of what we do as human beings is optimized for survival. And by optimizing for survival, what we're trying to do is we're trying to reduce the amount of brain power that we spend doing anything so that we can leave brain power available to identify risks to our survival and deal with those risks. I mean, that goes back to the days when people were literally out hunting for food. And when you're hunting for food, you might die in the hunt. But we no longer have to go hunt for our food. And but those instincts are still there. And so the idea of how do we optimize our available brand bandwidth in our brain, it's through falling into habits. And when we get into these habits, the habits are a good thing. But what they do is they enable us to turn the brain off a little bit. Mm hmm. And hacking our brain isn't some, like, big, crazy scientific thing. It's just how do we interrupt that way of thinking so that we can execute differently? And that's why smart people, successful people, the kind of people that you have on this show and who listen to this show are the kind of people who get mentors and who get coaches and who hire consultants to challenge their thinking, to say, like, I know you think you should do it that way, but what if you did it this other way? And that's a form of what we're trying to do.

Brigitta Hoeferle:
So you're seeing the box or you're seeing the. Yeah, let's just call it the box or the the the laws. And then you also see what's outside the box, what's outside the laws and how to break it or how to break it down.

Ted Harrington:
Or play differently with within the game. So here's let's use I'm a metaphor guy, so let's use a metaphor. So if we think about soccer or as the rest of the world might call it, football, breaking the rules would be touching if you're not the goalie for everyone else, touching the ball with your hands, that's breaking the rules. And as soon as you break the rules, what happens? It's a penalty. So breaking the rules actually doesn't advance, getting a competitive advantage. But what if you can manipulate the rules? What if you can nudge your opponent in a way where the opponent, the opponent accidentally touches the ball? You actually haven't broken any rules, but you have used the rules to help you gain a competitive advantage. And that's really what this idea of thinking like a hacker is about is first, understanding the game that you're playing and then understanding the rules within the game and then determining how can you now manipulate the way you interact with those rules in order to gain an advantage?

Brigitta Hoeferle:
So is hacking then per say, a thing of security or is it a thing of. Thinking different.

Ted Harrington:
Hacking is problem solving. Really. So, so so what we do every day, maybe to make it material for the listener. So what an ethical hacker does every day is says, here's a solution, here's a system, piece of software, whatever, and it's supposed to perform in a certain way and it protects certain types of information, and you shouldn't be able to have access to that. So our problem is, well, how do I get access to that? Depending on what different type of access I might already have, can I escalate the privilege that I have so I have more privilege and have more access? Can I access something without any privilege at all? And that's a problem to solve. So that's the way that an ethical hacker thinks. That's the way that a malicious hacker thinks to is they're saying, Well, I want that thing because I'm going to benefit from it. So how do I get it? How does everyone else think who's listening to a show like this, who isn't trying to attack a system? They're thinking about their business. They're building. In a sense, you are attacking a system, right? So your marketplace is your system. I think that the principles of hacking they apply directly to how do you defend against disruption? How do you defend against changes in the political environment or the regulatory environment? How do you defend against poaching of your your top talent? And in order to solve those problems, it requires you to really think about the problem and not just operate in that sort of default mode where you're in inertia.

Brigitta Hoeferle:
So you're questioning the status quo.

Ted Harrington:
I think everyone should question the status quo at all times.

Brigitta Hoeferle:
Well, I think the same. But let's be honest, who does? It's a very small amount of people that actually take the time to question the status quo because it's so much easier to follow the, you know, the beaten path.

Ted Harrington:
Yep.

Brigitta Hoeferle:
You're not the follower of the beaten path. You are creating new paths.

Ted Harrington:
Yes. And that's what I'm trying to advocate for people with. The idea that came out of my TEDTalk and the book that I wrote, and even the nature of what our consulting business is, right, is helping people think differently about. In those cases, it's specific to the approach to software. But what the TED Talk is like, no, everybody. You should take these same principles. And you're exactly right. The reason that most people follow the path rather than blaze a new path is new paths are hard. I mean, literally visualize a path in the woods right now. What's easier walking down the path or cutting through the underbrush. Right. And and that goes back to this idea of we have to do what's easier wherever we can. And that's that's actually not a critique. Laziness is actually optimization in the human existence. Right? Laziness.

Brigitta Hoeferle:
That again. Hold on. Say that again.

Ted Harrington:
Laziness. I don't exactly remember how I said it, but laziness is an optimization of the human experience. Right? It's. It exists to help us say, how do I not waste time on something I don't have to waste time on? And so, like this show, perfect example. Here are the patterns of how you arrive at success. Follow these patterns and you're going to win. You're going to win faster. You don't have to recreate it yourself. That's awesome. That's exactly what people need when it comes to repeating a success pattern. But the problem is that most people aren't following success patterns. They're following patterns that are not optimized for success. And that's where the challenging status quo needs to come up.

Brigitta Hoeferle:
Do you think as humans, we. We have gotten so used to just doing the same old same whole to to even if it might not be comfortable. But it keeps us in our I'm going to call it comfort zone, also known as the known zone. Maybe the zone zone is better than the comfort zone because often the comfort zone is not comfortable. And I would say, does that translate to organizations that don't want to hire a specialist like you? They they say, you know what, We're fine. We've never had anything happen to us. Nothing will happen to us in the future. It's going to be okay. I mean, that's just silly. But I know of companies that do exactly that. They don't want to spend the money to put in quotation marks to go that route. What would you have to say about that?

Ted Harrington:
It's like you've been sitting in meetings with me or something. I mean, we have that. That happens all the time. And there is in fact a psychological construct, a bias, a cognitive bias that exists that drives that. There's a few. So one is called recency bias. Recency bias basically says the things that happened most recently are the things that have the heaviest weight. And if the thing that happened most recently was I didn't get hacked, I must be doing it right. And then the second one that plays into that, I actually forget what the name of it is, but it's a bias where people overestimate their competency. True for all humans. But you, you, you have a hard time seeing it yourself. You can see it in other people pretty easily. But a lot of people think like, well, it must be working. And so why do I want to invest in a thing? And that's where my job and people who are trying to do what I'm trying to do with sort of evangelizing about this becomes difficult. Because what isn't fun, this is not fun is to just try to scare people and be like and there are people out there who are like, Oh, we're all going to get hacked, everyone's going to die. The world sucks. And I'm like, Oh, that's I don't really want I want to be more like, Well, it's pretty good. How do we how do we solve problems? How do we achieve excellence? How do we tap into those things that we all as as humans want to do? We want to I think all humans want to do a good job no matter what the job is that they're doing. And that's really what we should we should tap into. But yeah, that happens all the time where companies are like, We're not going to invest because I don't have a strong enough motivation to. I don't understand it. I don't it's easier to like not focus on the scary dark thing and just be like, let's just not worry about that. But a little bit of proactive effort heads off substantial costs and effort down the road.

Brigitta Hoeferle:
So do I hear that you want to be proactive and that's where you come in and talk to these organizations. But I would assume that people come knocking on your door heavily or running through your phone line almost when there was some sort of breach or some sort of attempt to get hacked. What? Yeah, what's the ratio?

Ted Harrington:
People do come to us after. But that is a specific type of service that isn't. I mean, we do that for existing customers because we want to understand how their tech works. We don't generally do that for people we haven't met yet because that's a scary moment, right? You've already been hacked and it's like the attacker is in right now. I need someone to like here this afternoon and you have to build a company in a specific way to service that. My company is built to be preventative, to be proactive. So where people the door to us is usually a few motivating factors. But one factor and this is the one that surprises a lot of people and it even surprised me. I had to when I was writing my book, I literally was asking myself the question, Why do my customers hire me? Because I wanted to make sure that that motivation, that I understood it and it properly was reflected in the stories that I told. And. I'm an optimistic guy and I wanted to be like, Oh, of course everyone hires me because security is the right thing to do. Unfortunately, that's not a compelling business case. And while I do believe that all of my customers do security because they believe it's the right thing to do, there's an additional motivation that gets them to spend money. And that is to gain a competitive advantage. Companies who invest in security and do it the right way. Once they have actually secured their systems or at least improve the security of their system, they now get this really wonderful, magical thing. And it's this competitive advantage over their competition because the buyer. That these companies are trying to sell their wares to the buyer, cares about security, and the buyer puts them through a procurement process. And in that procurement process, questions about security arise and it happens 100 times out of 100 that a company who has not gone through that procurement process and has not done properly invested in security, when they get to the security questions, they're lost. They don't know what to say. They don't know how to talk about security. They don't know how to be persuasive and what winds up happening.

Ted Harrington:
It slows down procurement. They've now not only have they not gotten an advantage, they've actually got a disadvantage because their competitors have already been through this. They've already invested in security. They're the ones in that conversation or smooth sailing to getting procurement done. So it's a competitive advantage. And when you think about it that way, a lot of people think about security as how do I remove a bad thing? Like how do I not get hacked? And that is a valid way to think about security. But I think there's a much better way to think about it, which is not only how do I get rid of a bad thing, but how do I obtain a good thing? And that competitive advantage, the closing more deals, faster earning trust with your customer. Saving time in the procurement process. Those are those are incredibly powerful business benefits.

Brigitta Hoeferle:
So I, I see one of the factors that a hacker has or an unethical hacker hacker has is they're consistent like they're so they are like they're not just consistent. They're dedicated. Like, I'm going to go through this until I am in.

Ted Harrington:
Yep.

Brigitta Hoeferle:
And you have that as well for the good.

Ted Harrington:
Mm hmm. Yeah. I mean, we think exactly the same way and do all the same tools, use all the same tools, use the same techniques and approaches as the bad guys do. Just the difference is, once we get to that vulnerability rather than exploiting it, we now remedy it and we say, Here's how you fix it, and the goal is to improve it. But yeah, it's the exact same thing you have to be. That's one of the points that I actually made in the TED Talk was that hackers are committed. Hackers are going to invest the time and the effort, the money and the resources to pursue that mission, whatever the mission is, whether it's a good one or a bad one.

Brigitta Hoeferle:
Whatever it takes. And I think that's a lesson that entrepreneurs and business people all together can learn to to have the the tenacity, to have the grit, to continue to do the right for their company, to keep it safe, to keep it secure, but also to do all the other great, incredible steps to get them to the success that they desire doing. And a lot of people eventually give up because it's hard. Have you ever come to a place, Ted, where you're like, This is too hard. I'm not going to do this?

Ted Harrington:
Well, there is a practical limit for us, which is that the customer is only willing to pay for a certain level of effort. And I actually write about this conundrum in my book, and it's if you can imagine an S-curve. So an S-curve looks like it's a little bit flat and then it's steep and then it's flat again. And so that's what S-curve looks like. And what you want to do is you want to have the level of effort that is that S-curve B, right in the middle where it's sort of the steep part, because what some companies do is they invest too little there on that bottom flat part. And it's like you're just in it, almost like you almost shouldn't invest in anything because you didn't get any return. And then very few companies. But it does happen. They invest too much. And that's the top of the S-curve where it's diminishing returns and additional investment doesn't actually produce improved results. It's the middle part. It's the Goldilocks perfect scenario where you're investing the appropriate amount of effort that enables you to actually find meaningful results that help you to improve the security of a system. And I think that S-curve, that Goldilocks idea is true of really anything in life. We want to make sure that we're not investing too little, that it was just like, why do we even try? And we don't want to go so far that we're seeing diminishing returns, but we want to get that that great return. I think this is the way that most entrepreneurs are thinking, like if something's 80% as good as it could be, if I invested ten times the effort, I'm going to take the 80% because then I can allocate effort to something else. It doesn't need to be the the perfect diminishing returns level. I mean, if you're an elite athlete, yes, you're spending because those micro advantages. But for running a business, you have so many different competing demands of your time and energy, but that's how you do it. So, yes, we've run into that because it's like, well, this customer just doesn't have enough budget or the product is too big or whatever the issues are. So we have some practical limitations. But in terms of running in quitting on something because it is too hard, I mean, I guess that probably has happened to everyone doing who has ever done anything. So at some point you're like, this just isn't worth it and we're not getting anywhere. Let's move on to something else.

Brigitta Hoeferle:
So you've got to make a you got to make an I call it an ecological consideration. Do I want to move on? Is it worth my time, effort, energy, or is it is this ready to abort? And I think nowadays a lot of people are just you know, they're they're ready to abort at a at a very early stage. So to close out for today, you are the hacker evangelist. Clearly, you have a book that you have a book hackable. Think like a hacker. How do people get in touch? Because I know I had like I don't know how many people are saying, Oh my God, what an amazing service, said Harrington, an ethical hacker that protects us from unethical hackers. Thank you. Out of the box. Problem solver. I mean, the list just goes on and on of what people are saying here. How do people get in touch with you?

Ted Harrington:
Yeah, the simplest thing is just go to Ted Harrington. So whatever you need, if you want information about my book, you want to watch my TED talk that has just dropped. If you want to learn about our services, you want to just figure out where to follow me on social media. Linkedin is where I'm most active. Ted Harrington dot com. All that stuff's there. You can contact me directly and yeah love to hear from you.

Brigitta Hoeferle:
Yeah. Super get with Ted Harrington he's also on LinkedIn so LinkedIn SLI slash security Ted you want to be connected with Ted on on LinkedIn. He has great content. I watch his content on LinkedIn. I want to say daily and make sure it's official, not official. Make sure that you are also watching his TED talk on exactly that topic. Ted, thank you for taking the time to be here today.

Ted Harrington:
Thank you so much for having me. It was great seeing you again.

Brigitta Hoeferle:
All right. Good seeing you. And guys, for everyone else, make sure that you are locked in again for next week, same time, same place for the Success Patterns Show with another great guest expert. Until then. Thank you for tuning in to the success pattern show at www.TheSuccessPatternsShow.com My name is Brigitta Hoeferle.

Sonix is the world’s most advanced automated transcription, translation, and subtitling platform. Fast, accurate, and affordable.

Automatically convert your mp4 files to text (txt file), Microsoft Word (docx file), and SubRip Subtitle (srt file) in minutes.

Sonix has many features that you'd love including advanced search, transcribe multiple languages, automatic transcription software, enterprise-grade admin tools, and easily transcribe your Zoom meetings. Try Sonix for free today.