From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi

Today I'm sitting here with Jonathan Jacobi. He is only 24 years old, but already has a very incredible career. He is a very successful CTF player. He's a founding member of Perfect Blue and also played with Preston, and he has worked as a vulnerability researcher with Checkpoint. And he was even one of the youngest, maybe even the youngest Microsoft employee and then even later did vulnerability research in the military. And now he joined the cybersecurity startup Dash IO as part of the CTO team. So hello, Jonathan. Welcome. Yeah, it's my pleasure to be here. So I first wanted to talk about how we met because we met first, I believe at CCC because you gave a talk. You're going to tell us about the last 12 months and what you have done. So your talk is called From zero to Zero day. Yeah, it was 2018. It was 35th CCC. Um, The title of the talk was From zero to Zero day. And the idea was to I was just freshly 18 back then, and I wanted to kind of walk through people. How I got from being just a random teenager to a point where I found a critical vulnerability in back in the day was Microsoft Edge, and what was the process and how I got from being such a young, uh, enthusiast in computer science and cybersecurity into doing something with actual real world impact. And the reason why I noticed you with this talk is because you referenced, um, a tweet of mine, uh, a great tweet by Liveoverflow, which also should be in the audience or in the, in the conference and basically says what I really believe in, which is move away from the basics as soon as possible and expose yourself to harder things which you don't understand. This will make you understand things that you thought you understood, but you actually didn't. And also it's important to learn from different resources. This way you learn different tricks and different ways to approach, uh, problem solving. And it's very important in my opinion. So yeah, Liveoverflow also has a great YouTube channel, which I also watch, and he talks about vulnerability and security research, and I really recommend watching his videos as well. And that's kind of how like our contact kind of started to establish. And now you're sitting here. And so I wanted to start with, you know, where were you born? What was life like as very, very young Jonathan jacobi what were the first memories? That's a good question. So I grew up, uh, in a small, uh, not so small, but a city next to Tel Aviv. Uh, And essentially the main thing I remember for myself in a young age is I always, uh, I always had some crazy passion to computers. So people were playing, I don't know, soccer and judo and many, many things. And I tried them out and I even enjoyed them. But I was always waiting for the time on the computer and to play and to do all those kind of things. Um, Was this, um, were you most interested in games? Just computer games or what? What were you doing on the computer? So it was it started with games. Uh, But then it evolved. Do you remember when you got your first computer, or when did you have access to your first computer? I think it was when I was like nine or 10 or 8, something pretty young. Did they already work in tech? Like, did they show you anything, you know? No. Like, for example, my father, he worked at Hewlett-Packard, and he had like a little bit of, um, very, very small programming and Linux experience. So he, uh, couldn't really show me. He wasn't, like, super deep in tech, but I feel like that sparked me. But you just out of nowhere, you were just, like, interested in that machine. Yeah. So I think the first initial kind of thing, uh, that triggered me was, was games. My cousins, my cousins were super interested in computers. They're kind of a few years older than me, and they always played. And they even got like their private server and a few games which as a young, as a young guy, as a young kid really interested me. Like, how did they even create the private server of something that's actually commercial? Um, How does it work? How do they change things? text in the in the game? How does that even work? And that kind of started the way of curiosity rolling as a snowball. So if maybe you started like introduced you to your first computer with like nine, then a few years later like 11 or 12 or so, if I would have asked like 12 year old Jonathan jacobi what he might want to be later, would that person already have said like something with computer? Or where did you have different ideas back then? Other dreams? I think specifically when I was 12, it wasn't I didn't know, like, this is going to go this way. Um, When I was 13, though, I started doing my college degree. Um, And that was kind of, uh, a point where I kind of took it to the next level. Okay, wait, wait. So when you say college, it depends on different, like, countries have different versions of school.

Like, can you explain like what to me, college is like what is that usually, is that later like with 18 or something or the degree like does it mean you took it very early this degree? I took it very early. I started when I was 13, uh, in eighth grade, uh, in I finished my computer science degree when I was 18. Can you compare that? Like, is it so this is not the regular school time. So this is so can you, can you explain what would be the regular school time and, and what was your school time. So the regular school time was normal school like history, math, English, all the classic classes. Um, And there was a special kind of program for, for kids interested in mostly, uh, like pick kids in computer science and math. Um, Like, we didn't study computer science in school back then, but we did study math. And, uh, you'd pick, like the program picked a few kids and gave them the opportunity to take it up a notch and kind of go for a degree full on degree in computer science. So in parallel to regular school, like other kids would be like in regular school, and you would already work on like a bachelor's degree, or is that like. Yeah. So my classmates like, I you can break into to like my, my school classmates and my, my college classmates and my college classmates were it was composed of people my age, like everyone was a young, a year older than me, uh, but somewhat my age. Um, And my, my normal school were just kids doing kids stuff, you know? How did you hear about this kind of program? Was this like, were you just at a very good school that has had these kind of opportunities, and you knew about them? Uh, Were you interested in kind of going for that? Was this a teacher approaching you? Like, how did that happen? That's a good question. Um, To be honest, it was kind of random, I guess. Um, This is an interesting point to think and wonder about life having random points in time that really change the course of your life. Um, So I think it was random because, like, it had an impact that I was pretty good in math and I was really interested in it and so on. But, um, I got an, like, a letter in the mail, and I might have I could have also missed it and ignored it, but the letter was based on like, uh, math, uh, grades and, and I guess somewhat, uh, like a teacher. A teacher might have suggested, uh, that I was, uh, maybe a good, a good suit for that. Um, But also kind of random because easily could have been, like, ignored, you know. What did, um, your parents think your, um. Did they encourage you early enough to do that? Um, Did they notice that you had an interest? And were they supportive of that, or did they have a different idea in mind for what you should do, or were they open to anything? So the point was that they didn't really know much about it. So it was like they were curious about it as much as I was. And, um, we just wanted to try it out. And being curious was important because that kind of started the whole thing. Um, So I went into the like introduction day and it was super fascinating. I was like, okay, studying about how computers work and taking it up a few levels, um, higher. Um, So it was like, of course, let's go, let's do it. And I started the first semester was like one course we learned Java, and I remember I was 13 years old and during the day learning about, I don't know, basic, uh, basic things in school. And then during the evenings, like coding in Java with a bunch of adults that are doing it as part of their computer science degree. Um, So it sounds like, um, uh, your parents never had to, like, I, I think my parents struggled a bit more like I was struggling with, like, uh, languages in English, and so. So they had to sit down with me and study, and they maybe were worried about, like, how I end up, like how I would do in school some, some classes I was not very good at. But, uh, were you just only just very good and your parents just supported you in what, what you were doing, like you were doing great already or did they had any concerns? Uh, Um, it was kind of neutral. It was. We're not sure what this is going to go like. It was a big question mark. Uh, But they were supportive of the attempt. Um, I don't, I don't know, like, I, I truly believe, um, like an interesting thing about my story, in my opinion, is that I don't think I'm, like, smarter than everyone else. I think that I, I did some cool, good decisions throughout the way. Uh, And it's interesting to see what got me in position where I can get those decisions and what made me take my decisions

uh, which is the process itself, which I think is important and can be, uh, very, very valuable to learn from. Um, Yeah. So this is, I think, an interesting point. Yeah. I when I feel like when I was 13, I had lots of different interests and computers were definitely one of them. But I also had other interests. I was playing tennis, um, and interest very quickly changed. I think I started karate uh, sometime, but then also stopped like after a year. Um, It's kind of interesting, of course, that you like, had an interesting topic but committed to it in kind of like school degree wise already this early. So you start doing that then at 13. And so that took I guess a couple of years. How long did it take you? Until you got, like, a degree. Like when? When was it done? It was done when I was done with high school. So I finished my bachelor's degree in computer science when I finished high school. And so it took like five years. Okay. So 18. Then you finished with that? Um, And throughout the time, computer were always like kept up the interest to you. Like you never like there was never you wanted. Oh, I think I want to do, like, biology or maybe something else, like, um, there was a, there was a phase, a physics phase. Uh, But it kind of, uh, pivoted away back to computer science, but it was pretty consistent. I was pretty consistent with my interest in computers. I think the fact that I did that and in college also made it easier to love, um, because you are exposed to the depths and many intricacies and a lot of that. And, uh, yeah, it was I was pretty consistent with loving computers. Okay. And then, uh, so I assume the first thought of it would be, um, to become like a developer or an engineer in that kind of area or, or when, when started security to kind of, like, come into that, that world. Oh, that's a great question. Um, So I think, I think the very first initial kind of interaction with, with computer security was even before I started my degree, and it was my, my cousins, those, the same ones that got me into playing MapleStory and all those games, uh, kind of like they, they were really into like game hacking and understanding, uh, how Cheat Engine works and understanding and doing all that, that things and building your own MapleStory private server back in the day was a common thing to do. Um, And this was the very first initial thing that I would consider my interaction with hacking and the fact that I think nowadays the definition of a hacker in my perspective is much, much more deep than, um, simply doing computer stuff. It's kind of the essence of being able to look at things and understand how they work, and getting them to do whatever you want them to do. Um, And if we look at the very first interaction, uh, that kind of matches this description is game hacking fits that and building your own private servers for computer games. And this is where it started. Now it wasn't where I started doing that myself. And that turned out to be quite a few years after. And it was um, when I was introduced to capture the flag contests. What? How old were you when you learned about that? I think I was 15. 15 or 16 or something around that age. Yeah, but to me it's interesting because for my most of career, I was doing, uh, computer science, and I was looking forward to become a developer. In fact, I still feel like if security. Doesn't work out, maybe I do be an engineer or something, but so for you, it sounds like even though you were in computer science in parallel, there was already like a security and hacking interest and then very early with 15. So you just barely kind of started with your school program and you got into Ctfs. Um, So how was your first CTF experience? Do you remember the kind of CTF it was? I don't remember which exact one it was. Um, But um, I remember that it was quite a while that I really, really sucked at it, like really badly. And I could barely solve anything. And I just go on to the scoreboard afterwards and see the CTF time. And everyone were like, super successful and I was very behind. Were you playing alone or with your classmates? Yeah. When I started, I played alone. Yeah. So, so. And do you remember how you heard of Ctfs? Like, how did that. even get into. I think, um, I don't remember exactly which which, uh, which thing triggered it. I was really into, like, Twitter. Um, Like being in a Twitter scene of computers, like security. Um, So I read about, like, incidents and I read about what's happening and, and kind of stayed up to date. And, you know, the Twitter scene is pretty strong with that.

And I think, like spending your network in that direction, expanding your exposure to security stuff definitely gets you to capture the flags. Uh, So this is the first initial like, uh, friction I had. Um, But then again, I really sucked at it, and it took me quite a while to get to a position where I don't suck at it as much, but what was it that kept you then, with Capture the Flag? Because when you sucked at it, maybe you know it's boring or you don't like it, but you apparently stuck with it. Was it the competitive aspect? Was it like the fact that it's like short and you can, like, go deep for just a few hours. Basically, um, was it looking the thrill at the scoreboard? Like, like what was the for you? What do you think was the deep drive there? Yeah, the deep drive was um, I think, um, I think the fact that I knew where this can get me like this, like the ability to do such crazy things, the ability to get computers to do even remotely on another person's computer. Not like, not necessarily in an offensive way, but just the thought of it kind of blew my mind. And I knew, like, I captured a flag contest. Definitely gets you there. Uh, Like, yeah, you suck at it first. But if you like, switch your mind and start, like, working hard and not giving up, you can get to a position where you are successful at this, and can get computers to do whatever you want them to do. Um, So just the thought of being able to do it and like the fact that it was possible was kind of what drove me there. I knew there's no way I'm not. If I'm putting my time and my effort and every everything I have into getting there, I will get there. Just have to work hard enough. Do you remember your first buffer overflow? Yeah, I failed, like I found a vulnerability with, like, an SDR copy or something. So it was an actual vulnerable or was it a CTF? It was a CTF and it was like the simplest, like classic book level, like buffer overflow. You have an SDR copy to the stack and super simple thing, no mitigations, no anything. And um, I knew the theory behind it, but I tried to implement it and kind of failed. But, um, where do you know the theory from? Did you research buffer overflows before or because of the CTF challenge? Do you remember how you kind of like so the exposure was the similar like the similar way I got exposed to CTF in the first place? It was Twitter. You read about things, you read articles, people post things and you kind of get involved. Um, So this was the initial kind of interaction. Uh, And I knew the theory from there. Uh, And I read, like, smashing the stack for fun and profit and all the classic things. Uh, But I it was my first time trying to implement it. And at that time, you were still, like, doing this alone, or did you already have, like, friends that were kind of interested in that as well? Did you have classmates that were interested in Ctfs too, or were you like more the only one in your class that was interested in kind of hacking and security? I was kind of doing it by myself. Like, it was really much a really, uh, a hobby for me. It was. I read about it on Twitter on my free time. I kind of am interested about how it works. And then I have this platform where like a kind of way to express and kind of practice, uh, my, my skills and improve. Um, So I did this myself, and I think, like, the first time, like I succeeded. I remember succeeding, like, successfully exploiting a vulnerability in a capture the flag contest and that was crazy. I just remember being so happy about it. I remember like talking to my friends and they were like, cool, but okay. They weren't like as hyped about it as I was. And this was kind of the first step of understanding, okay, this is possible. Just got to work hard and explore more and research more and I'll get there. When was the first time you were able to actually share that passion with other people? Like kind of maybe, maybe was the first CTF team with other people, or was it actually like applying to a job or when suddenly became like solo Jonathan Hacking to like a thing of, you know, you are interacting with other people or get to know people? Were these online friends at first or. Great question. Um, So there were I think there are two, two kind of separate occasions. Uh, One Is a friend from my college degree. Um, We went to a conference, like a local conference that had a capture the flag contest, And I kind of asked, like, uh, the people there, how it like how to sign up for it works and so on. So we kind of played together and me and him, uh, even did pretty well. Um, But it was a local contest. Nothing too serious, nothing really. Like no real competitors, like no big teams. Or it was like people come to a conference and you have a bunch of challenges. So this was the first time I think I was having a proper interaction with, um, a friend. Like, we were pretty young, too, uh, with like

a real life friend working on, on a capture the flag contest. And I think another, uh, point in time, which was pretty significant, is how we built Perfect Blue. Um, So this kind of was the a lot of, a lot of how, how I met people with such great passion to. At what age did you start? Um, Like, when was Perfect Blue created? So essentially perfect blue was composed like built was built from two to different parts. Um, And one like two different subteams I would call it. And we were all pretty, uh, like two small teams. And the way our, our like, uh, small team was formed was because I went on to like a IRC after it captured the flag. Um, Yeah. That's maybe important to know. Part of the, the cool thing about Capture the flag competitions uh, with um, that just run a weekend is always the discussions afterwards. I found them extremely educational. Always. Um, So I had fun during the CTF, but I was always extremely looking forward to IRC afterwards. Um, Nowadays, it's probably not so much IRC anymore. Uh, Many have, uh, discord, uh, nowadays. But these discussions are still happening. And that is a big difference to I think, uh, because lots of people nowadays, I think, uh, learn through platforms like Tryhackme or Hackthebox and they also have communities. But of course I think they are more careful about like spoilers and, um, because these are still active challenges and leaderboards and points that are ongoing, like war game style. But with Ctfs, everything is kind of like open afterwards. And I found this extremely educational. All the write ups, um, people very helpful as well. For me, that was always a very educational spot. So I just want to explain the context. So it was very typical. After Ctfs you would join these channels and just observe and maybe participate and share your own solutions. And so yeah, you were saying so exactly what, what you said, I totally agree, I really look forward to afterwards. And if we like, remember what I said in the beginning, I think that evidently I wasn't the best back then and, but I was really passionate and I knew that I have a goal and I want to get there. And specifically in that very specific CTF, uh, thing was CTF. Um, I wanted to know how to solve a few things I didn't manage to solve. So I just went on IRC and talked to a few people asked, I think. I think I asked some in the public chat who managed to solve this challenge and just talked in a direct message with someone under that name that, that someone's name is jazzy. Um, And we were talking and he told me what hit it, and I told him what I did, and we kind of like, uh, got there was a click there, and we moved to talk, uh, and Twitter, and we kept talking and we understood that we kind of soloed it, uh, soloed our way. And so we said, okay, why don't we just play together? And so we did. And he brought a friend friend. Like, we were like a four team of four. What was the name of that team? It was called Dank Squad. We started playing together and that was incredible. Like, we even qualified for a final in, in Paris. Uh, It was, uh, Louis Duke, I think it was called, um, and that was crazy because that was the first time I felt I found some people with as great passion, um, towards ctfs as me, like, of course. And in the meantime, I also met with, like, there were local friends that I met that were also super passionate. Um, But I felt like the clique with with, uh, with the team, with the squad back then, uh, and the kind of, uh, passion towards, towards it and they kind of will to, to work hard was kind of the same. Um, Even though at the time I also found local friends that had passion and wanted to, to kind of devote more time into it. Um, But I felt like, uh, the team, the squad was really special. Also, we were all kind of the same age. We were all like 17, uh, ish back then, and I worked out pretty well. We played together, qualified for one final. Um, Really did kind of well compared to A44 people per person team. Was this an international team or local? Yeah. So jazzy. Uh, Is from Canada. Um, There was one person from, uh, the US and somebody from the US and levitating lion from Germany. Um, And we were like an international team, uh, each one from a different kind of, uh, culture. And it was pretty cool to, to exhibit this. Um, And it was pretty random, like talking to jazzy on, on IRC was random.

And the fact that Jazzy and Sam knew each other from the CTF scene and that was random and like, there's a lot of random in life, but you have to, like, kind of capture the moment and like, not like you have opportunity, just need to be able to take the opportunities and use them. Um, So yeah, that's kind of how, uh, the team started forming. And then, uh, what happened was, I think for Defcon 2018, for the qualifiers, we, um, so jazzy, uh, had, uh, jazzy and sympathy. I think both of them had, uh, friends from, uh, like, they met in another capture the flag contest that had another team. And so we merged for perfect for to be perfect blue. This is how Perfect Blue was formed. And, uh, they were like, I think I'm not precisely sure about how many, but we're like eight people. Um, So the merger of the two teams and we started playing together, we almost qualified for Defcon. We got like one below the qualifying number to the finals. Um, Yeah, that was pretty sad. But, uh, like, I loved every single one of them. They were super smart. Like, not where they're still super smart. And it was crazy to be able to work with such a talented team and to get to know an international team and to be one of the founding members of of what came to be one of the most successful CTF teams. So all this happened in parallel to you doing, uh, your, uh, high school and college. Was it also called? Yeah. And, um, so in parallel, you did your degree. Um, I don't know, like, for me, degree, like, exams are very stressful and so forth, but you had the time like it was easy for you or. Oh, that wasn't easy. And I think it definitely had its impacts. Um, I was like, when I started my degree, I was a year younger than everyone else in, in the, in the class. And like for in the last year they, they were like not in high school anymore. And I was still in high school and I had, um, high school, I had a college degree, which was extra intense because everyone else didn't have high school. Um, I worked back then. I started an internship at Checkpoint, and this was not a mandatory internship because sometimes in university, maybe you as a. So for me, for example, um, we had to work at a company, um, in school, I think in 10th grade or so. It's like mandatory to do, like an internship. This was nothing school related. It was like your own motivation. You wanted to do that? Yeah. And this is like the part of the story that I think is interesting. So I went to before even, uh, before even getting to my last year, um, finals, like before finishing my degree, I went to a year before conference called Cybertech. And this is where I think it emphasizes kind of, um, how I did what I an interesting thing I did, uh, that can be learned from is I went to this conference and this kind of, uh, main manager of the conference was intrigued by a young person coming to a conference where everyone is old and doing, uh, serious cybersecurity stuff. And I kind of, uh, talked to him and reached out to him and wasn't really ashamed of doing that. And I, I just thought it was an interesting opportunity to talk to one of the most influential people in cybersecurity. His name is Yossi Vardi. He was like one of the investors, uh, in ICQ, one of the biggest exits in the world. Like earliest He's considered, uh, one of the godfathers of cybersecurity startups. Not cybersecurity, just startups. And I was, like, just blown away by how talented he is and how influential he is, and just reached out to him and reached out to him. And when I reached out to him, he put me on, on an interview, uh, like before, like in front of many, many people. And I was pretty young and this kind of specific point in time, I think the ability to not be afraid. And again, I think there are people smarter than me. Um, But I was just not afraid. And I was just I thought, this is a great opportunity. And I talked to him. And later on, um, I participated in the Capture the flag contest with my friend. I told earlier the local capture the flag and because we did very well, they offered us an internship. And then I talked to him and I told him about this because he was kind of a somewhat of a mentor back then. But what kind of internship was this offered? So we had, um, like Checkpoint like it was a Checkpoint. Checkpoint is a big cybersecurity company. Um, And we were it was pretty dynamic. We were like, weren't really aimed at specific places, but I really wanted to do security research and malware or vulnerability research because I was, as I was saying, I was really into Twitter scene and really interested. Um, So I talked to this Yossi Vardi and he was really happy to help, and he kind of like, uh, helped me trying to

navigate to the right place. I want an organization and get an interview there. And so that happened, and I got an interview and successfully passed it, which was crazy, crazy experience for me. And I think an interesting thing to take here is, uh, it's not just about, um, like living in a vacuum. Sometimes you have opportunities. You have things you can, um, use. Like, not necessarily in a bad way, like in a kind of exploiting people. It's like literally you have cards in your hands. And this was an opportunity that I was like, had a relationship with someone that was like, I really looked up to, and I know I knew that he might be able to help me. And so I kind of captured like the opportunity. And I think this one definitely was one of the most influential moments in my career. Uh, Because I was just both not afraid and, um, like, I knew what I, what I'm aiming for. But, uh, was he then working at Checkpoint two? No, no, he was like, uh, he was a he's a businessman. He's like super unknown. He just helped me navigate and get the right place and organization so I can. So you just told him, like, I have this internship opportunity in interview. You told him about it and then he just gave you some advice about navigating. That kind of gave me some advice and even, like, connected me to the right people, which because he was connected to Checkpoint people or. Yep. Um, And like an interesting thing to take from here is that, um, in my opinion, it's not just random opportunities in life where opportunities do fall sometimes and they're like amazing. But sometimes you just have to create those opportunities, uh, to navigate towards where you want them to, to be. Um, And whether it be at, uh, building a team with, again, perfect blue. Uh, I hope you're watching this. But like, everyone there is, like, super smart, uh, really. And whether it be at that, like being a part of the founding member there and whether it be it navigating through a large organization like Checkpoint and many other things that happened, uh, after, I think it's not necessarily just being the best and getting an opportunity. Uh, It's also building those opportunities. Uh, This you can build these opportunities, of course, uh, through connections to maybe influential people or just people that help you along the way. Um. Uh, This there's one person you just mentioned, um, was apparently one of these people in your life were there before that, also, like teachers or parent or other people that were had kind of like similar influential, like, uh, steps for you. Wow, that's a great question. Um, I love the question. And I think they definitely were. Uh, So another interesting story about creating opportunities and being able to kind of progress and create more, uh, progress in, uh, in life. Um, So I really loved Capture the Flags when I started and as I said, I was really bad. Um, So and so I saw this team called Boston, and they were, like, super crazy, like every CTF they were playing back in the day. They won and CCC and Google and whatever. And they were super crazy. And I was like their local from the same like Israel to. And I was like, I want to learn from them. I want to maybe throw me a bone, let me go and some direction so I can learn and maybe one day become like you and again capturing the opportunities. So I searched LinkedIn for every person with name in her, in their bio, and for every single person. As a 16 year old, I was pretty young. I texted them on LinkedIn and I was like, hey, I saw that you were part of this crazy team. I would love to be able to learn and just go this similar way to you guys. Just give me something. And there were a few people like, one of which really did have a lot of passion towards helping me, and he really pointed me in the right directions and really did an amazing job at not like giving me the answers, but giving me the, the way. Um, So his name is Martin and he really did. He really did have a lot of impact in that sense, too. And also kind of thanks to him and many different people along the way that did help me and paved the way. I kind of have kind of a rule for myself that if someone reaches out to me and asks me about how to get to certain places and, and how to learn and so on, I will do my best to try to help them because I know, like I got there thanks to people doing this for me. And I think there are two like there's been two more instances of a similar thing. Um, Like not necessarily, uh, like the same, uh, way that, that this one happened, one of which is uh, turned out to be like my boss at Microsoft, and he's also my kind of boss right now. He's his name is Tomer. And, um, and the other one is Assaf Rapaport. He was, uh, like, he's the general. He was the general manager at Microsoft and

in Israel and also is the CEO at Wize. And, um, so both of them really did have a similar kind of, uh, door opening, uh, kind of experiences with me. Um, So the way I got to Microsoft was kind of similar to the way I got to Checkpoint. Okay, so, so timeline wise, uh, so you were having an internship. How long was the internship at Checkpoint? Yeah. So the internship at Checkpoint was, um, I think about 8 to 9 months. Uh, And the reason that the paid internship or was it was. Yeah, it was. I saved some money, you know, I got to, to save some money as a young, as a young student, it was pretty cool. Yeah. And then that ended. And then were you looking for other opportunities like you wanted to work more? Did it like, was the internship plan to just be this long or did something else come up and you quit, like. Yeah. So actually, I left Checkpoint and that was, uh, after, like, uh, I think the 8 or 9 months or so, I, it was like the, the end of, of my, my college degree and the end of my high school. And there were days I used I literally finished school, went to college and like finished it. Like, I don't know, seven, eight, nine went to work and it was just too much for, for like a 17 year old. And I was okay, maybe we need to take some time to, to like, you know, put focus on things that cannot go back like high school or college that I didn't want to give up on. And so, um, it was the time I stopped working at, at Checkpoint, uh, you stopped working at Checkpoint at the end of your degree or. No. No, it was it in the middle still a little a little, uh, still throughout my degree. And then. And then you were focusing just on your degree for now. First. And now, I guess you were also thinking about what to do after your degree. Sure. Um, And at that is that when Microsoft kind of, like, came into the view, or is this something that happened after you got your degree or like, what were you thinking about? Like what I'm going to do with this degree or what is coming next? Uh, I left Checkpoint and I kept going with, um, with like, ctfs and doing that. And I didn't really want to like, stop with it because it was super important for me and I didn't want to just give up on it. Um, And so I kept doing that. And, uh, one of the things that took place in a similar like around the same time was, uh, a conference, another one in Israel called Blue Hat. Um, And I went to the conference and I was like, you get accepted only to one of the two days, so it's always two days and you get accepted to only two. One of them is like a participant. You have to, like, apply for it. Does it cost money or was it like or. No, it doesn't cost money. It's a Microsoft kind of, uh, sponsored, uh, like built by Microsoft. But that's also why you kind of need to apply. And maybe you get only like a one day, like. Yeah, exactly. Um, So I got accepted to the first day and I really wanted to go to the second day. Um, So I kind of, uh, I, my aunt drove me there and she told me. Yeah, maybe you should talk to to, um, talk to someone. Get that. Get that going. Maybe you should. You should be able to get another day and so on. And then I saw they're like, uh, Assaf Rappaport, who was the manager, like the general manager of Microsoft Israel and she told me, yeah, go talk to him, ask him, tell him that you want to go another day and so on. And so I did and I did go to him after like a few hours of debating whether I should or not, because who am I next to him? Like a young boy knowing nothing. And he just like, manages a lot of people. And I was like super nervous. Um, And after like, debating with myself and my aunt and my mom, like I just said, yeah, okay, you know what? Why not? Um, So I did that, and he was like, of course, of course you can come. And. And then the second day, um, he also kind of, uh, introduced me to a few, like, uh, like this the second day he introduced me to, to to many different people, one of which was Tomer that I talked about earlier. And he was, um, like, like helping build, uh, the, the, the Blue Hat conference back then and a few more interesting people. And I actually want to, uh, I think the situation is very interesting about, uh, your aunt, like, giving you advice how to approach this, um, because, like, for, for a lot of things and catching opportunities. You seem like to be have you seem to have, like, a very strategic mind already, like approaching things, opportunities and, um, maybe having the confidence to, to go for it. Um, So it sounds interesting that you talked about these kind of thoughts. I would like to go to a second day with your, uh, with your aunt that I presume, has nothing to do with security or something. Yeah. Um, Did you often get, like, or were

seeking out advice from example family and you were updating them on what you were doing? Um, And or was this just a coincidence that one day you told your aunt and you just. And she just told you to do that? I was really open about it, both with my parents, like my parents, my aunts and whatever. And I think it's also interesting thing because people can give you advice, even they're not even if they're not from the field. Um, Actually, my aunt, like it's part of the story, but kind of like already knew kind of we had a connection to to ISSF, uh, through her. Like she knew his mother, uh, which was random. Uh, And he, she told me that maybe, uh, like, she can help with that. And I just reached out to him, and it worked by myself. Like it worked out after I reached out to him and told him. Yeah, I also, I do like computer science degree, and I worked at Checkpoint. It was like, yeah, of course you can come. And I also told him I threw in that my aunt knows his mother and he was like, this is random, but okay. Um, Sounds like you had also a good support network, uh, behind you. Like, I mean, at least listening and being interested in your what, what crazy things you are, uh, doing. And, uh, um, like, I, I guess some, some parents, like, um, don't, like, have different ideas for their children what to do. Um, Or so. But you seem you said you were very open about, like, everything you are doing with your family. And so they were very supportive and in general. Yeah. And I think they like, um, I think that being open really helped me make decisions, uh, in a like, in a way that I might have not been able to as a young, as a young person for, for these big life decisions like, uh, you know, starting maybe this degree program you did or taking on this internship or maybe looking for a job. Um, Are these decisions you take by yourself? Like, are you always listening to yourself? Or are you talking to other people? Is it friends or family? Um, How would you say that? The very difficult decision. The big decision. Do you. Are you set on a goal like you know already? Like this decision is easy or. Good question. Are there people involved for you? Wow, that's a hard question. Um, I think there are things that I, I am confident with myself that I know I'm making the right decision. And at least that was back in the day. But now, like back in the day also, I was pretty young and making big decisions was hard. So obviously I consulted. But I think now as more of an adult and being able to to analyze situations and take decisions based on logic and uh, and like thinking them through is much, much more. I have much more uh, like the decision is much more in my hands and I'm taking him like, but I obviously am consulting and I want to hear people's opinions. And sometimes I'm not being blocked by my own thoughts. I'm just I'm always open. And I think it's important to be open because, um, you don't know, like, you should know that there are things that you know, you don't know, and you should know that there are definitely things that you don't know that can change your mind. Mind, like I'm sure there are. And if you are not aware of this fact, then you're already with a disadvantage because, um, you're like lacking information. So I think the ability to know that you don't know things that can change your mind, uh, is important. And this is like the root of being able to take advice from people. All right. So we went to the second day of the conference. Uh, You talked to some people. So how did that turn into did that directly turn into a job at Microsoft? No, no. That didn't um, so I think it's the same motive. It's the same, uh, like it's the same thing that happened like simply previously that is that I thought this was an opportunity. interesting opportunity and I tried to see if I can, like, use it. Um, And so I talked to to him again, and I talked to my aunt and I tried to see if there's possibility after like after I finish my degree to like, take an internship at Microsoft, maybe. And so I did this exploration and, um, which wasn't kind of trivial because Microsoft really didn't like, Checkpoint had like a specific, uh, internship for like, young kind of kids, like, not kids, but like 16 or 17 year olds. And I was that age back then. Um, But Microsoft didn't really have that. Um, They were like a company hiring like adults, and it's an adult job, and it's like, not there aren't kids roaming around the campus. So the initial kind of instinct was not, like the most positive one. And so I kind of aimed for two just to sit with him and to talk to him and to Uscirf and maybe something could go, can come out of it. Um, And when I sat with him and I remember this

day till this day, I remember where it was. I remember, like, what the weather was. I remember what I was wearing. I remember this whole scene. Um, And I think what got me in this position was like, kind of like, I don't know if it's, uh, it's like not giving up, but it's all it's. This is one of the things. But it's also like trying to, um, like trying to take the opportunities you have. And so I kind of sat with him over coffee in a small coffee place in Tel Aviv, and he said, you know what? We're building a team right now. Why not? You seem like you like this kind of job. You like vulnerability research. Also, the person leading it was someone you already met on the second day of the conference, which was pretty crazy. It was Tomer and we also kept in touch. Between those kind of situations, we met at meetups of Blue Hat and he also gave me missions. He gave me like challenges to try and like he told me, okay, read about Execve, try to see what you understand about the syscall. And he really likes Linux. So which is funny because he worked at Microsoft. But but he really gave me some, some challenges and so he already knew what I was doing at Checkpoint. And he gave me some challenges. And when staff connected us to us, that was a crazy like it wasn't as much of an interview as much as was as it was like, I know you, I know you can take this on your shoulders. Are we doing it or not? Um, And that moment, I think, I think like most of life is, is continuous kind of thing. And there aren't many specific moments in life that change you. Um, But I think the fact that I really insisted on, on this kind of opportunity. And, um, the fact that, again, I think there are many people who I truly believe that could have done it could have been in my position and do not like, do great like as much as I did. And even better, uh, in Microsoft. And I think what like, stood out was the fact that I just didn't give up on the opportunity. And was this then a real job or was this an internship? Again? It was an internship. It was paying like as much as, uh, a real job does. Like I was working there full time. Uh, And this was after your degree. You finished? Yeah, it was like I finished. I just had to, like, I just had time off between the military, uh, and high school and college. So that was it. So, uh, yeah, that's very important to know. Like there's mandatory military service in Israel. Yeah. Which you at what age do you have to do it, or do you, can you shift it around like so you have to do it at 18. But it depends on like where you get drafted or like what unit and so on. So based on that, you, um, kind of kind of, uh, the timing changes. You finished your degree? I think around 18. So. But, uh, so now the time you were, you knew that the time for the mandatory military service would come up. Uh, So in that time in between, you took that internship? Um, So I took it. Yeah, I was 17 or 18 and at Microsoft, uh, I finished my degree. I'm so sorry. You finished the degree while you were at Microsoft, or you finished the degree and afterwards? Before. Yeah, I finished it before. Um, You don't get a diploma until, like, a year after. But I finished everything I just waited for to get the physical diploma. Um, But, yeah, I was. I was, like, between, like, uh, 17 to 18. Just got the birthday in between, um, and between the process of being, uh, like, high school student to and that get drafted to Microsoft. And. And so how long were you then at Microsoft? I was like eight months. Okay, okay. Yeah. So like, from, like, uh, yeah, I was like eight, nine months. I'm not sure exactly on the timing, but it was like somewhere around that. And this is also the time of your talk, right at Microsoft. And it's also an interesting story about, uh, that. Remember that the interview I told you just about with Tomer, uh, who already knew me and gave me the challenges in the interview. He was like, how is your English? And I was like, okay, it's pretty good. He was like, okay, we might be able to submit to some conference. And I was in my mind, I was like, I am like, who am I to submit to some conference? I did like, okay, I went to Checkpoint. Okay, but what? No, there's no way this is gonna happen. He said, let's see the timing. Maybe we can submit the CCC. And in my mind this is like he is delusional. There's no way this happens. And he literally said it out loud. And fast forward like a few months after I worked on some projects, I was at Msrc and Microsoft and me and my teammate were like three, three person team, uh, and like two person and a team lead. And me and my, my team member, we both submitted to CCC and we both got accepted.

And in my mind it was crazy because again, I don't like I, I think I'm smart, but I again, I do think there are many smarter people than me. How did that happen? It's I think what pinpointing at it. It was being able like to set your mind to something and to understand that you have to use many different cards, whether it be it, uh, people that you meet, whether it be network, whether it be it working very hard sometimes it's also like your like IQ or something, I don't know, but you have to use your whole deck, your whole deck of cards to, to get you where you want to get. And I truly, truly want people to take this from this interview, that you have a deck of cards and you want to get somewhere, you need to be able to use your deck of cards. Um, And in here, I think the cards that I use is like working hard, being super passionate about what I do and like also being a people's person, talking to people and, and like using the opportunities you have and help, like people like wanted to help. So I really want people to take this from this interview, because life is much more complicated than just being the strongest technical person or just being the person who does all the networking or just one kind of vector. I think this is like a set of things you can use. Okay. So now you had this internship, um, at Microsoft, which also was I guess, time limited because you knew the mandatory military service was coming up. Yeah. Um, I can also tell you, for example, in Germany, when I was 18, there was still also mandatory military service. Um, And actually, I was like, I think maybe the last generation or maybe there were two more generations and now it became a voluntary thing. But at that time it was still mandatory. And I hated the thought of it because I really, really want like I was at that time. I was so driven. I really wanted to study computer science. I had the chance to do to dual study program. Like I got into a very like for, for me, that was a more prestigious, like a dual study program at IBM. There was like assessment center and like it's pretty cool. Lots of interviews. Like I was very, very proud getting that. And I hated the thought of that interrupting it and that getting into the way, uh, this mandatory military service. And so for me, I just hated the thought, like, I was so driven. I just wanted to, like, go to a company and show them what I can do, like that I know so much and that I'm motivated. And I just wanted to show the world that I'm like in computer science, not doing good stuff. I wasn't in security at the time. It was just like computer science, but I hated the thought of it. And so, um, I actually like I, I also was a voluntary firefighter, and that was an alternative you could do. So I had the, the so if I was, would have gotten drafted. Um, After the, uh, after the medical check, I would have gone. I would have declined and gone to the firefighters because I could do that in parallel to the military. And the military service would have been, uh, full time. I feel like I explained it in a weird way anyway. Luckily, uh, I got kicked out due to medical reasons because, uh, at that time I was, uh, a bit more underweight, and the doctor with a Russian accent was laughing at me. Um, That I cannot even hold a fire hose because, like, I'm so weak and thin. Uh, So I was not, uh, fit for military. And so I actually, because of that. Because when you get kicked out for medical reasons, there's no mandatory thing. So I was very, very happy about that. Anyway, long story short, for me the military was like a an interruption I very, very much wanted to avoid. So how was it for you when you knew the military was coming up, did you felt like it was, um, an issue for your career? Like it gets interrupted or because you knew it was coming? You were, like, already, like, mentally prepared for it to happen. Like, what was that time like? Yeah. Um. Crazy story, by the way, that you just said. Um, So I think I was very much mentally ready for it. Uh, I knew the mandatory service was coming. Everyone around me did this, and it was pretty obvious that I'm going this way. I was also very, um, like, hyped about it because I got accepted to something that I really wanted to do, which was security. Like security stuff. Okay, so I guess that's the difference in Germany, the mandatory service, it's really like the one you have to do is actually like the combat training stuff. But, uh, so you had the option to do, like, actual, like, um, like go into security to do something that is actually relevant or interesting, uh, to you, maybe that also plays a factor in there. Yeah. And yeah, I was I didn't know anything about it. I just knew I got accepted to something that was considered to be very prestigious. And I worked like a lot back then at, like, like cyber security stuff. And I was really hyped about it.

So I think this was a key part as to why I wasn't sad, quote unquote. Um. Um, Yeah, I think this, this was the main reason, but also so I really enjoyed what I'm doing, and I was hoping that I could continue enjoying what I'm doing later. So. So you would you consider it as an another opportunity for you, uh, being able to go into that, um, education program because it was still security and so forth. Like, did you see it as an opportunity, a good, good step for you? Yeah, definitely. Definitely saw it this way. And I definitely kind of I was really enjoying what I'm doing, what I was doing. I was like, I felt like my job is my hobby. I was doing trying to solve riddles and trying to think of like doing vulnerability research in my mind, was trying to think to outsmart the developer and trying to be clever and doing all that. And it's for like, riddle solving. And I was hoping I can continue solving riddles in the future, too. Um, And so what motivated me was, uh, both looking at it as a step in my career. And also, I just hope to enjoy what I'm going to do. As simple as that. Nothing too fancy. What I think is interesting is that you have a lot of changing, uh, environments around you, like the context you're in. So you are in school, you have you meet new people there. Um, You get an internship at Checkpoint, which probably exposes you to new people. You go to conferences, a new set of people. Again, you work at Microsoft, new people around you again. Um, I think. I think something that you did very well, maybe accidentally, is getting exposed to lots of different places and people. And, you know, you mentioned it already. Like once in a while you met this one person that helped you, like open the door to another place. And I guess military again exposes you to a new crowd again, like new people that are with you in there. Um, New bosses that could, like, help you in some way. Um, So I just find this an interesting fact that you had lots of changing environments, but that everywhere, you know, there were key pieces that would help you along the way. Yeah, there were a lot of, uh, changing environments. That's true. And also kind of my goal is also changed. Uh, I think I was very much, um, my, my old, like, the first part, I guess the, the part of where I was very into vulnerability research and this was like everything of, like interest in my life was super oriented, um, super oriented, uh, in and around, uh, um, like solving challenges, be like looking at the challenges, uh, the problems as challenges and trying to do the hardest ones and, and the most difficult ones that no one can, uh, can be able to do so. And I always push myself more and more, whether it be at, um, at CCC or giving a talk and what the next was like the military, it was always pushing myself, uh, to the next intellectual challenge. And I think the moving, uh, environment also changed my kind of goals. So throughout my, my service, um, I understood that I, I really enjoy the challenges, the technical challenges in the depth of them. But I also wanted to try another one, another, another kind of challenge. And I got the opportunity to, to be a commander and in a course in a cybersecurity course. And I managed to like for how many years was this military service? So it was about five and a half years. Oh, wow. Compared to your other internships, uh, is much longer. You know, like, was this. Did you get bored, uh, quickly, or was this, like, a good opportunity and maybe also a changing environment? You know, maybe the trainings are changing or, like, how was that experience? Because now that's a very long time compared to, you know, the shorter things you did before. So in terms of bored, it wasn't bored per se. I think it was like I got in like I had a like some sort of, um, a training that took about nine months, which is pretty like a lot, pretty much a lot of time on its own. And then I did about three years of like, proper work, technical work, research and all that thing, all that things. Um, And I really enjoyed that. And I don't think I, I encountered kind of boredom. It was always like what I always was, aiming at in a bigger challenge. So? So always there were always more challenges. Difficult difficulty went up and so there was no real boredom that was present. And I think this is what kept me going is the fact that always I always encountered, encountered a more difficult and more difficult, uh, challenges. But after a certain point of doing research for a long time, I was all right. Maybe I'm missing something.

Maybe there's another thing I can do that I would be interested in. And maybe I don't like. Maybe this kind of like, mind goal that I put myself to be very good at this specific kind of, uh, job position of being researcher and being so good at it. Maybe there's other things I can do that would interest me. Did you feel like you reach the research goal you want to reach and you feel like you, you know, you checked it off, if you reach that. And so now new thing or did you feel like the goal changed, like you never reached that and now you realize that you are motivated to do other things? Wow. I don't think I reached it per se, because I do think that I got very, very high. Uh, Like in terms of difficulty and everything, but I think there's always a more difficult, more like, difficult challenge you can face and you can always push it further. I just felt like the type of things that the type of challenges that I'm seeing are like, um, I've seen similar to them and they're super hard, but how much can you say about them? Can you make some examples or just imagine, like solving a riddle, uh, and then getting like a, an, like a more difficult one and more difficult one, more difficult one. But then you can you kind of see that. Okay, I get the gist of riddles, but maybe there's another type of challenges I can do that are not riddles. Maybe. And when you say riddles, that's vulnerability research you were doing or something like that? Yeah. Or reverse. Uh, Like, I don't know. Yeah. So yeah, research is, uh, type of thing that, uh, that could be, uh, I would say compared to, uh, like. Yeah. Okay. You say it in a weird way. So I try to imagine what it could be, but yeah, it's. Yeah, but I think, I think the, the essence is that, um, you have, uh, you have this type of projects you, you work on, and you understand that as long as time progresses, you see more, uh, you see that, you understand you've seen more and more, uh, more and more of them, and you kind of naturally wonder if there's other types of things that you're missing on. Um, This is what happened to me at least. Maybe other people don't experience that. And maybe you did get bored. I don't think I call it bored. It was just like a thought of. Hmm. Maybe there's more, because I could continue doing that. But I was like, hold up, maybe. Remember, like I said in the earlier like part is that you should know that there's there are things that you don't know that can change your mind. This is the kind of moment that I was like, are there things that would change my mind? Uh, In terms of what's the most interesting thing to me? And was there something happening, um, that triggered that thought, or was it a slow evolution? Like over the time? It was a it was an evolution. Um, But there was also a certain point in time which, um, I was offered to go and be a commander in a course that I did earlier. Uh, That was, uh, like a singular moment of, okay, here's an opportunity. You want to take it or not? It was just that I knew that this type of work is going to be different, um, and very different. So I kind of went on it, um, and just started to go for it. And it was one of the most, um, kind of non-trivial decisions, like the ones that you wouldn't expect me to take if you were a third observer, but I'm super proud and happy I did that because it definitely was what I was saying. It definitely was kind of the moments that you don't know something and it changes your mind. And it was definitely something I didn't know and it changed my mind. Um, And what happened is I realized there's a lot of interest in, in building things and building a building people to, to to, like, progress them and make them, uh, like, study better, like be more resilient to things or building a team, like being a part of a team that builds a course together that really has to function as, as one, one uh, um, like as one, basically. So, um, this whole kind of, uh, human kind of interaction of building people to, to be better and being there to, to try to, uh, help your friends, your, your teammates to through difficult times or like this whole part, this whole project of of the human kind of experience, uh, in, in the course was amazing to me. And, and looking back, I think this is something that is super important in life to be able to know that you might miss something and to have like to be hesitant to understand that you might be you might not have enough details to make, uh, to make a bold decision that something is bad. And what was this big change? Can you explain a bit more? Is it like the fact you say, like building teams and because you were part of teams you built like a CTF team, basically you organized and like there

was already like team structures you were part of. But, um, like as a teacher position, I guess, uh, is that just very different? Like, did you find, like a new kind of like, um, it's more than a cheap teacher. I think it was had responsibility for people. I had to help, whether it be people I directly was um, a boss of um, but it was also we were a team and the situations were more than like just, um, like working together in a CTF. It was we have to deliver this by tomorrow, otherwise the course doesn't run properly. And so, like, the situation got you in very, very stressful, um, kind of situations with your teammates and with the, the like other people and the like other courses and so on. And it was pretty fascinating to, to to experience the, the stress and the ability to work under stress and to perform very well help people, even though you have plenty of other things you have to do. But what is the difference to like? I'm sure in the technical work you've done, there was also stress and maybe deadlines and so forth. So, um, was it just like, did it feel differently because people were more relying on you. It's not. Yeah. It was totally your responsibility and you had to take care of things. Otherwise they don't happen. If you're like in a big organization, like a corporate, for example, and you like miss on a deadline or something, then people can cover up for you or something or like there's like systems to be able to not like let a single mistake screw the whole thing up. But when you're in a position where you're like in charge of the thing, then screwing something, something up is much easier. So, so was it the in charge of thing? Kind of like a now, now you are not just like an equal team member, like in a team, like a CTF team, or you are just an employee now you are more, I guess, like a senior, like boss level. You have responsibility, at least over people. It's not necessarily that you are the boss of the students. Maybe, but you are definitely, um, responsible for them. Like you're responsible for humans. Um, Is that, um, this being in charge, uh, over a team that you can, that you are in control for the success, but also the failure of that group of people. Is that like the difference or the new thing that happened? Yeah, I think so. I think that the fact that you're responsible for something, um, for other people was a big major difference that had an impact. And you know that if you screw up, you might screw someone, like, directly, like there's someone who has difficulties in A, B, and C, if you don't help them, they're gonna have their difficulties. And you have responsibility to deliver something by tomorrow. There's no one else to cover out for you. It's you. And like, unless you know your teammates and ask them and so on. But it's really a team effort and you have a huge chunk of it. And building a CTF team was definitely something that had its responsibilities, but it was like more structured. You have a challenge and a few people working the challenge and so on, and it's very limited in that time and it's not as much a responsibility per like on people as it is in this case. Yeah. And I guess you're equal. It's different when you are the responsible people. You are like equal teammates. Sure. So I guess then through this new job, um, being in this kind of position, new goals emerged, new ideas of what you might want to do. Um, But was it something you were imagining yourself to do for a longer time, or did you know? Okay, this is interesting. I learned something and this sparked something new. And you want to do, like now a goal change. And you knew, like you had a new goal in mind that you wanted to reach or like, how did then you transition away from. Yeah. That job true that that is a good question. And I think, uh, as I said before, this is a really a moment of, of like changing perspective. And I always knew what I wanted to do in life is to do something big and to have impact on a lot of people. And that was something that like, even in the days that I was wondering whether I should do computer science or physics, what kind of, uh, the reason I was wondering about this question was, hey, physics is something that affects billions of people. Maybe I should pivot to that. And I always had this thought in mind. I want to make like a, like, be a part of a huge thing. Um, And in my mind, the best way to get there was, um, through being the most technically strong person and, like, being like. And that's why I was training. Like what training? I was working very hard on CTF challenges and getting better and better, and being able to find zero day vulnerabilities in the most, like, kind of difficult targets, because I was sure this is the way to go. I was sure that being the strongest technically is the way to make the biggest impact. Um, And, uh, I was also like, I was kind

of questioning my way there. Like, I had moments of, like, an imposter syndrome. Uh, Remember I told you I texted everyone in Boston, and I've seen on LinkedIn? I was kind of like questioning whether this is makes this makes me like, not as strong technically person because, hey, you're kind of cheating. It's not a technical thing to do. You're not like, hey, I solved the most challenges. They noticed me. It was like, hey, I thought of something. Remember I told you about the cards? I was kind of, um, like, discrediting myself for this, like, act and maybe even ashamed of it. But what I realized during that time as a commander was that, hey, you have goals is to make the greatest kind of like a big thing that, like, affects a lot of people and does good and so on. Um, Maybe you can use more cards. Maybe you're not supposed to only use this technically strength, the technical strength you have. Maybe you can use your network like the ability to create a good network and to be like friends with other people. Um, and like, maybe you can use the fact that you were, like, very you set your mind to something and it, you know, you were, like, working very hard and like, can, like, uh, put a lot of time into it. Maybe it's like a it's like playing a deck of cards. That's the point that I understood there, and I understood that I really enjoy working with people, like helping out people and, um, helping people like, get, get over like, difficulties they have and even like my team members being able to push them forward when they're down and the other way around. I loved being that like they're like mutual kind of relationship. Um, And I realized how much I love working with people, building things with people. And not just, you know, as a technical person who does all the technical, uh, job. Um, So this was kind of what changed. And it kind of unlocked a new dimension for me. And was that then the decision? I mean, it could be that you now found your place as a teacher in that course. You know, that could have been something you could have pursued further. So, um, but I know you left, uh, that position. So were you actively then looking for new positions, maybe like managing positions, um, in other places. Or was your next step, again a random thing? Were you actively looking for something or how did your next step happen? It triggered kind of a thought that, um, that I like working with people and I like building something with people, and I like, like using the whole deck of cards and not just the single card I have, and not just maximizing on a single card. Um, And, um, this was what got me to do what I'm doing here today. Not here specifically, but here in life today. Um, And I was kind of thinking, uh, how can I experience, put myself in a position that helps me or, like, allows me more precisely to work with great people, uh, with great vision, be able to kind of touch many parts of the puzzle. Um, And that would also align with future goals that I have in life that like building something big and doing something that's, that's that has a lot of impact and like really aim for the moon and not only the stars. Um, And I kind of I was like trying to search what, what I want to do. Um, Like what I'm what I'm going to do. And I talked to many people. One of them like, a lot of job offers and so on. And, like, I decided to go with the team that I know that are like, winners. I, I know my like the team that are like, managing dads today are like, uh, two of them work with me at Microsoft and I know one of them was my boss at Microsoft. He was the one that interviewed me and told me that we're going to lecture at CCC. Um, And I know that he knows how to build things. And he also was a co-founder in another startup. And our CEO was another like very she's very successful and she managed a lot of people. And first thing that popped into my mind After experiencing what I experienced in a commanding kind of, uh, kind of job was people are important, uh, in, like, super important. So this was like my number one priority, um, to work with people that I know that I can trust them and they can, like, I can learn from them, and I can give a lot of value to them. Um, And the trust, like the mutual trust between the people and that they've seen some they've seen they've experienced things. Um, So this was one thing. And another thing I wanted to, to do was, which was important, um, was, uh, kind of experiencing the, the same kind of mentality that we experience in the course, which was like, you have a lot of responsibility. You have to build something that literally, uh, you have to deliver for customers, you have to do a very good job. And you have like things on your shoulders. Uh, You have, uh, kind of responsibility on your shoulders. So this was kind of another thing that motivated me, um, to, to be part of

something that has a lot of responsibility and tries to build something that's not trivial. And I think this really got I'm really satisfied with where I am today because I feel like it touches every, every single point. But how did you find that place like where you then started to actively look like maybe were you specifically looking for a startup because you knew, like, this is where I have lots of responsibility, I can build and shape stuff? Or were you just feeling, oh, this is something I would like to do. And oh, I knew these people that are making something. Let me see if they have a job or like, how did it happen? Yeah, I think it was like more the second thing it was like, I know that those are like crazy good people. And there was another, another option that really sparked me and, um, like another great team. But I decided to go for this for Das because of the size of the company. The size, like the company like, was slightly less than 100 people. And, uh, like, I know that I would be very close to, to to decision to be able to, to like make decisions that actually shape the company and actually learn from the making decisions, which is obviously true. Like sometimes you make good decisions to make bad decisions and learn from that and have the responsibility. But startup was an obvious choice for me that I know that I want to, to be part of a startup that's like growing and growing fast, and the team is insanely good, and I love their vision and all that connected the people, the vision, the, the position in the company of being able to like what I'm doing with it right now is like kind of between a between the like, uh, like the, the market and the product. Right. I'm trying to understand what people actually need, uh, and then like, trying to propagate that into, uh, how we shape our, like, product strategy and like, how what we build, basically. And the other way around, how we can use the product to give maximum value to customers. So this kind of position touches both people understanding people, which is I understood that it's very hard in the commanding job. So understanding people, trying to like derive actions from what they want and what they need and how they want it. Sometimes they say they want something, but they actually mean something else. So position that touches both tech, both people and like all that kind of, uh, that kind of things. Um, So that definitely like, what you said is, is exactly what got me there. And, um, where were you then reaching out to them? Um, Do you have, like, a, like you are working on an exciting startup I would like to join. Or do you see an open position or, um, how like how did you find actually that position? Um, So honestly, there was like, uh, we kind of talked and, like, people know that you're like, uh, gonna search for a job soon and they reach out to you, but they're also like friends. So we kind of they knew that this was gonna happen, and it was more a natural thing to get to make sense. Um, Would you say, like, if your early story was from zero to zero day that it's now from computer to humans or from, I don't know, I. Yeah, well that's a good comparison. I think it's from computers to, to using your cards. Um, Because like a wider thing, like it's not limited on computers. It's now. Now it's expanding. Definitely. And I think it also actually it's pretty interesting that remember we talked about the fact that hacking is not only computers. It's the mindset of getting some system to do whatever you want it to do, not necessarily a computer system. And I think this realization, this difference between the two is pretty similar in this case too, because you understand that you want to get to a position that like in my eyes, it's making a big impact and building something that has a big impact. Then you need to use your cards. Um, Sometimes the most effective way to get there would be to like, solve the most difficult kind of technical problem. Sometimes it would be to to, I don't know. Do another thing. But in my case, I understand that this holistic view of of having an impact, uh, using your whole deck of cards, using, uh, building, uh, experience building, uh, tech knowledge, like experience with people, building like experience with product, like the whole kind of thing, like working with people that you love. Like working with the people that I really enjoy working with. And you have to use your whole, uh, your whole deck of cards. And this is what I think, like the evolution that changed me, um, like being in positions that you first focus and optimize on the tech world and then getting exposed pretty randomly, though, to, to something that changed your mind even though you didn't know it's going to change. And being open enough, like having an open mind, uh, that is, uh, like an open enough mind to change your mindset and understand that there's more things in life, um, is kind of what happened. And, um, yeah, I think this is an important take for I really want viewers to take that sometimes it's it all

depends on what you want to do. Uh, If the most important thing to you is, is like, I want to. I love like, I love problem solving, and I want to be able to solve the most difficult and influential problems myself. Um, Then it's a one way to optimize there. Um, If you want to have, uh, do something with people, maybe like it all depends on what your goal is. And using that you can derive, uh, how which deck of cards you can use, the perspectives you have today is, I guess, like, you know, this broader set of, uh, cards. It's not just a computer and, like, deep technical stuff anymore. Now it's involves more humans and product and markets and, like, business and stuff like this. It's much broader. Um, If you now look back like at young, um, Jonathan with like 13 that decision to go to that school. Do you feel like, um, uh, it would have been cool to have that kind of goal early on, or do you think like, uh, these this technical path that you took this deep dive into research, like, is so incredibly important, uh, to go to be able to land here. Like, did you feel like this was a detour and now you arrived at something you really want to do, and you realized, like, this was not the super right path? Or do you think like this was necessary path to take? Um. Good question. I think I have a good answer too. Um, I think that there's a huge part of life that is purely random. Like, you cannot expect how like events going to turn and change your life. And I think that the reason that I took the technical hardcore and by the way, I still like, do capture the flags. And we were just at Defcon finals and got second. And so all that. I still have the passion for that. But, um, I think that if I would have my gut feeling, I don't know, because I wasn't in this reality. But my gut feeling is that this kind of path I took is what built this realization eventually. And I'm not sure how the turn of events would have happened if I took another path, if I would have met the people I met today, if I would have got into position like positions I had and all that kind of thing that I did so far, I don't know. I don't know if it would. I would have reached that, and if not, then what I would have. Um, So my gut feel is I'm really happy with what I am today and the path I took. And yet I'm not scared of knowledge like I don't like my gut feeling also tells me I don't want to be scared of telling my younger self something that I truly think is true. Um, So it's kind of like a mix between the two. I believe that I took a good path. Um, But I also, and I don't know how things would have changed, but I don't think it would. It might have been a bad change if I had the knowledge. So whether I would have changed it? Not sure, because I'm happy right now. Um, Whether, uh, if you put a gun to my head and had to and told me that, uh, I either change it or not, I have to change it or I die. I think I would have changed it because I trust myself to be logical enough. Um, But I truly believe in the way I look. And I'm like, yeah, you learn things, you go through life, you know? Yeah. I would now try to summarize a little bit, which I feel like the patterns that I'm seeing now, like in what you were saying, it feels like you had always very strong, like conviction or goals, like you were always striving to, to something. Um, Initially it was like become maybe really, really good, like vulnerability researcher, really crazy hacker. And now it kind of changed. But you always had goals to strive towards. But that was not the only thing like the working hard and striving towards that goal. gold. It always seems like you combine that very well with even early on already a human aspect of the connections you were um, forming and being bold, uh, writing, um, past ten members on, on LinkedIn or building up the, the courage to, uh, talk to, you know, um, very important person that you felt like maybe not bothering or so, but you built up that courage. So it felt like you, um, always had this, uh, reaching out part of humans that ultimately were also very important, maybe impossible to get the steps in your career without these humans. It was always combined with your, um, your strong goal and work ethics to build the skills, but to be able to then actually use them and be able to like, show them and apply them in reality, you always needed some human connections that got you then in, uh, different positions. Would you say, say that it's like a fair summary, something missing, something 100% change, like a mixture between like the goals, setting the goals and being very how do you call it, uh, convicted or convict driven? Driven towards your goals and using like, uh, the human aspect? I think this is a perfect definition. All right. Thanks so much for talking to me, Jonathan.

And I hope, um, you can also learn something from this for your career. As you can see, as Jonathan said it multiple times there, there are randomness factors that just happen. But you are also in control of creating, um, play the deck of cards, right? And try to increase the amount of cards in your hand. Uh, Reach out to people, make connections. Um, But also work on the technical skills because in the end, you need to prove it in interviews. You need maybe to make a name for yourself as well. So both things are important. Um, And I think if one of them is missing is probably, um, you will have a harder time. So, uh, the technical part as well as the, the human aspect is very important, and neither one should be forgotten. Um, Yeah. Thanks so much for sharing this very personal story, uh, with all of us. And yeah, curious to see, uh, where you will end up being in another like ten years from now. I'm curious too. Yeah. All right. Thank you so much for having me. And, yeah, I hope this was useful. Uh, People, just like. I hope you take something interesting. Uh, Don't be afraid and follow, like, your beliefs and and. Yeah, uh, use your deck of cards. If you want to learn more about hacking, check out our online training platform, hextree. io. We are still in early access, so there are still lots of content that we need to create. But I am still very proud of what we created so far. So come and check out our courses on hextree. io.