[00:00:00] Speaker A: People think about hacking often the way that Hollywood presents it, Right. So when you think about how's hacking presented in a movie, there's the hacker in the hoodie, like you said. They're hunched over the computer in the dark room and they like click, click, click, click, click, click, click on the computer, on the keyboard and then it's a tense moment and then they're like, I'm in.
[00:00:19] Speaker B: Yes.
[00:00:20] Speaker A: It was like, it was like eight seconds.
Maybe in a dramatic series. It's like, we'll come back to the hacker later and like later in the episode they're in.
[00:00:28] Speaker B: Yeah.
[00:00:28] Speaker A: No. Hacking is like doing the same thing over and over and over and over again. For weeks. These statements have not been evaluated by the fda. And Omega XL is not intended to.
[00:00:37] Speaker C: Diagnose, treat, cure or prevent any disease. Hi, John Walsh, crimefighter, here for Omega xl. Let me ask, do you suffer from muscle soreness or everyday aches and pains due to overuse? Do you feel it in your back, your neck, knees or joints? Have you tried other supplements that didn't work? Find relief with Omega xl. Made by nature, backed by science, Omega XL is a natural supplement that can help relieve occasional joint pain and muscle soreness. It delivers results you can feel. It's a proprietary oil extract made from the green lipped mussels. No fishy aftertaste, small and easy to swallow, Omega XL has been trusted by millions of people for over two decades, has over 20,000 five star reviews, and is backed by 35 years of clinical research. Put the cuffs on occasional joint pain and take back your life. Get a special offer when you call 8003512020 or visit omegaxl.com Walsh 800-351-2020. That's 800351 2020.
[00:01:43] Speaker B: Welcome to 3564, a podcast for the Middle. Today I have the pleasure of interviewing Ted Harrington. He is such a rad guy. Not only is he really, really engaging, interesting to listen to, he has such a unique perspective on how us middle agers can approach life. And it's going to be different than what you think. So. Ted is the executive partner at Independent Security Evaluators, the company of ethical hackers famous for hacking cars, medical devices and password managers. He's helped hundreds of companies such as Google, Amazon, Microsoft and Netflix with tens of thousands of security vulnerabilities. Ted has been featured in more than 100 media outlets, including Wall Street Journal, Financial Times and Forbes. And his team founded and organizes IoT Village, an event whose hacking contest has produced three DEFCON black badges. Ted also has a bestseller and has a TED Talk. So much goodness, he's just about to dive into.
Welcome to the show, Ted. It is so good to have you here.
[00:03:12] Speaker A: I'm excited to be here. Thanks for having me.
[00:03:14] Speaker B: Yeah, well, I always get excited when I can speak with any author or anyone who has been on a TED Talk. And you're like a triple whammy here. Two TED Talks in a book.
[00:03:26] Speaker A: Yeah, I was accepted for two, but I actually only was able to give one. And that's kind of a fascinating, like, moment, because I've been wanting to give a TED Talk, like, for my whole life. I've been having this. I was just like, a bucket list item forever. And, like, over the years, I kept getting close, kept being finalists, kept being invited to come, you know, maybe not audition, but, like, what their version of that is, basically. And I just kept not getting selected. And then I turned my attention to writing a book. I wrote a book. Few years later, I find myself redirecting that attention back to this goal of giving a TED Talk. And all of a sudden I got accepted for two, and I was in this, like, bewildering situation where it's like, now I ha. I have to decline one of them. Cause you can only do one in a year.
[00:04:16] Speaker B: Oh.
[00:04:16] Speaker A: Oh. And so I here I am now turning down a TED Talk. And that, to me was like, wow. Becoming an author definitely changes a few things.
[00:04:26] Speaker B: So, wow. Wow. I love that. That's such a cool story. I actually have your book right here for those of you who are watching on YouTube. It's a number one bestseller. Hackable. Tell me, what is this book about?
[00:04:40] Speaker A: Yeah, so I wrote that book to help people build better, more secure systems. So by way of context, I come from the world of ethical hacking. So people are probably familiar with the idea of malicious hackers, right? The entities who attack companies and governments and schools and hospitals and probably your loved ones. And, you know, all of us were, like, being victimized every day. And everyone's kind of familiar with that idea of hackers, which are bad, but that's just one type of hacker. That's the bad type of hackers. And most people don't realize that there's this opposing force that is the counterbalance to the bad types of hackers. And those are called ethical hackers. And ethical hackers use all the same tools and techniques and approaches and methods as the bad guys do, but do so in order to improve the security of systems rather than to exploit Them. And that's the world that I come from. I come from the world of ethical hacking, and I lead a company of ethical hackers. And we've done all kinds of cool stuff, which I'm sure we can talk about if you want to, throughout the course of our time together today. But as we've been running this company and publishing research along the way, I recognized that everyone kind of has the same problems when it comes to how do you deal with security. Now, not everyone necessarily used all the same words, but I could sort of group them into these same categories. Like, everyone had these same problems. And I thought that was really fascinating. So then I started exploring, how do you solve those problems? And that was the moment that said, I have to write this book, the book that's in your hand. Because I realized that these common problems that everyone has, the solutions to them that everyone talks about, are wrong.
[00:06:23] Speaker B: Okay?
[00:06:24] Speaker A: And I was like, I gotta change that. And so I sat down to write this book. Each chapter of the book addresses a common misconception that people have things like how much money should you spend? How should you share information with the companies that you hire to do security testing? What's even the benefit of security? All these kinds of things. And so I wrote a book to address those misconceptions and tell stories from the front lines of ethical hacking. Like, what are companies doing that they get it right? And what are they doing that they're getting it wrong? And that became the book that is hackable.
[00:06:58] Speaker B: Okay, well, first I'm going to rewind and say, if you say hacker, immediately, the image that comes into my mind is the hoodie. Can't see the face, dark screens, bad things happening. So it's so unique when you say that there's something called ethical hacking. Is this what someone might call like a white hacker or white hat hacker? Is there something around those phrases? A lot of our audience is not technical. So what do all these phrases mean?
[00:07:31] Speaker A: Yeah, so if you've ever seen a classic western movie, like a black and white movie, or more recently, if you saw the hit show on HBO called Westworld, okay, in these western movies, this is literally how they differentiated the good guys from the bad guys visually, in the movie was the good guys would wear white cowboy hats and the bad guys wore black cowboy hats.
[00:08:00] Speaker B: No kidding.
[00:08:01] Speaker A: And, yeah, and so that has become now adopted, you know, decades later, to refer to the difference between the good type and the bad type of hackers. So that's the distinction between this idea of white hat and black hat. And you're right that most people, when they hear hacker, they think bad. And there's a few reasons for that. The first reason is that the media, like any news story you hear about any security breach, it doesn't talk about attackers, it doesn't talk about malicious hackers. It just says hackers. And so we become conditioned that hackers are criminals. And that's actually not entirely true. Hacker is not good or bad. A hacker is a hacker. So a hacker is really four things. It's more than four things, but there are four predominant traits that define a hacker, and they are that hackers are curious, they're nonconforming, they're committed, and they're creative.
[00:08:57] Speaker B: Hmm.
[00:08:58] Speaker A: And you'll notice none of those have anything to do with either computers or intent. They don't have to. That doesn't have to do with whether you're malicious or you're helpful. So all hackers, or most hackers are those things. Most hackers are that combination of attributes. And then the difference between good hackers and bad hackers is their motivation. So bad hackers, they want to obtain some sort of gain. They want to deliver harm, and good hackers want to improve systems and fix things and make things better. But both are hackers. Now, unfortunately, you don't hear a lot of news stories about people, like, from my corner of the world being like, these ethical hackers, you know, they. They stopped this attack because you just. You don't know about it. It's happening all day, every day. And bad news sells newspapers, unfortunately.
[00:09:43] Speaker B: Yeah, yeah. So if somebody brings your team in to find security flaws, what does that look like? Can you tell us a story of a flaw that you've uncovered before? And I'm sure it saved the day. Ultimately.
[00:10:01] Speaker A: Yeah, it's a pretty cool profession when you think about it. So my business partner, one of my dearest friends, he loves to talk about what we do in this context. He says. I was sitting with him one time and someone asked. Someone else asked, I can't remember who it was, asked him, like, why do you love doing this? And his answer was so perfect. He's like, I get to do bad guy stuff. I get paid really well for it. I help companies and make things better, and I don't go to jail. He's like, this is like the best possible combination.
And I mean, really, that's like the ethos of what our profession is. And so our customers. I mean, I can't necessarily name our customers for confidentiality reasons, but I can tell certainly some stories and One example of a recent story. Maybe I can name some names if we talk about research. So maybe I'll tell a story from research. So we did some research recently that looked at password managers, and password managers are things that anyone listening to this might be familiar with. You should definitely use password managers, even despite the story I'm about to tell you. I want to reiterate that use a password manager, there's such a good mechanism for security. But we were looking at them, and we wanted to see, could you actually. Actually, you know, did they deliver on their promise, which is to keep your secrets secret? And the short version of a very long study was that we found ways you could actually extract the passwords out of even a locked password manager. Now, the technical details of that are very fascinating to technical people, but for people who aren't technical, the thing that I think is fascinating about a story like that is that here are security products.
[00:11:41] Speaker B: Yeah.
[00:11:41] Speaker A: Developed by security professionals to deliver a security benefit and yet still have security flaws. And so what does that tell us? And the cynical people would look at something like that and say, well, what's even the point? If security products have security problems, why secure anything?
[00:11:56] Speaker B: Yeah.
[00:11:56] Speaker A: And that would be the wrong way to think about it, because the way that. The right way to think about it is. It is because of research like that. Like, we wrote the expose on this research in the Washington Post.
[00:12:07] Speaker B: Okay.
[00:12:07] Speaker A: And so Washington Post obviously has worldwide reach. So because that research was so significant, impacted people all over the planet. I mean, it was like 60 million users were impacted by this thing across a whole number of different apps. It now it made things better. And that's the whole point. That's why we do this, because we're able to identify the problems. And because we've identified the problem and then told the company about it so they can fix it. It's no longer exploitable.
[00:12:35] Speaker B: Yes.
[00:12:36] Speaker A: It's no longer something that a bad guy can come in and take advantage of. And that, to me personally, is really fulfilling in terms of, like, purpose, career purpose, like, doing something that matters, making your life actually contribute something valuable. Like, that's. That, to me, is really meaningful. And I look at stories like that, and whenever I hear stories about researchers finding security flaws, I see so much positive in it because the thing is now better. And then all the competitors in that same space are like, oh, well, we should probably look at that type of issue too. And just everyone gets better as a result of these things.
[00:13:09] Speaker B: Yeah. That's interesting. Ted, I heard you at a keynote recently in San Diego. And one of my favorite stories from that keynote is some of the hacking, I believe, that you, your team, or another team did into some dating apps. Can you tell us that story? I love it.
[00:13:31] Speaker A: What's funny to me about the dating app story is it's like, as if people didn't think dating was a mess enough. Like, let's add this onto the pile, right?
Yeah, we got. We got really interested in looking at dating apps because of the central role they play in society. Right? I mean, this is how people find love today. And you were in the room when I pulled the audience. I was like, show of hands, who here is using dating apps or has dating apps? Like, no one raised their hands. I'm like, guys, like, come on. And everyone laughed because they all knew, like, all right, you're right. Like, I've been using it. Everyone knew. And we just thought that was really interesting to think about. If, like, this is how people find love and companionship, and yet technology is the center of it, that begets a really important question, like, can dating be hacked? And so we wanted to explore that question. And the short version of the research was that we discovered some really significant problems with the dating apps that we looked at. For example, one problem was that a user could change another user's vote. So, for instance, person A gets paired with person B, and person A is like, I don't really want person B, but person B is like, I really want person A. Person B could just go change their vote and be like, no, you actually said, yes, we would match.
[00:14:49] Speaker B: Wow. Like a swipe, right?
[00:14:51] Speaker A: Yeah, you could change the swipe. Exactly. And so that's called the vote data. You could change the vote data. Whoa.
[00:14:56] Speaker B: That's, like, massive. That's, like, why you use the app. Wow. Okay. All right. So vote data could be changed. So vote data could be changed now, obviously. Wow. Wow. That's just that mind. That's mind blowing to me. It really is.
[00:15:10] Speaker A: It's scary in a way, right, because that the sovereignty of your choice is, like, that's important to us as humans, as Americans, right? And, like, we choose things and we want it to be that thing. Now, of course, there's a mitigating factor there, right? It's like, if the person didn't want to meet with the other person, it doesn't matter if the app is like, you guys are mad. They're going to be like, I'm still not going to talk to you or go on a date with you. But still, the sovereignty of that choice is really Important. But I think perhaps the most. The scariest thing that we found in that research, as problematic as what I just described, was we discovered that an attacker could actually geo locate other users.
[00:15:46] Speaker B: No.
[00:15:46] Speaker A: Now think about that. Sort of like desperate stalker type who's like, oh, the hottie ghosted me. We were chatting. It seemed really good. And then the other person stopped talking. Let me just go to their house. I know they're going to love me so much, you know.
[00:15:58] Speaker B: Oh, my God.
[00:15:59] Speaker A: That's, like, pretty scary.
[00:16:01] Speaker B: That is. And that's like a mainstream app that most of us have heard of or many of us have used.
[00:16:06] Speaker A: Oh, yeah, that. That one in particular. It went. That app actually went public, like, right after we did the research.
[00:16:12] Speaker B: Oh, my God.
[00:16:13] Speaker A: Multibillion dollar evaluation. It was. It was wild. Yeah.
[00:16:16] Speaker B: W. Do you then publish that research and give it to them? Like, how do you tell a company we found a flaw? And here it is.
[00:16:24] Speaker A: Yeah, that's. That's a great question. Security researchers go through a process. It's called responsible disclosure.
[00:16:30] Speaker B: Okay.
[00:16:30] Speaker A: And those two words are important. Disclosure is disclosing the findings, and responsible is doing it in a way that doesn't just give the bad guy the attack blueprint. So now imagine if I found this problem and that problem is like, let's use the geolocating. And, okay, here's how you can geolocate other users. And then you post it on the Internet. The attackers are going to be like, great, thank you for that step by step guide. I didn't have to put in the effort. I'll go do it. That would be very irresponsible. So responsible disclosure is where you approach the company first. You give them confidentially the information. You say, here's the problem, here's how we discovered it. We don't know how the tech works necessarily, because it's not like you gave us access to source code. But we think these might be some attempts you might want to make to mitigate, but ultimately it's up to you. And then we give them a timeframe and we say, you know, we're going to publish in 60 days or 90 days or whatever. And then in some cases, the companies play ball and they're like, great, thank you. We're going to. Let's, let's. We're working with you to fix it. Not like they're hiring us. That's not the point. We're not like, here's a thing, pay me. It's more like if they have clarifying questions or something, then they fix it. We might verify that it actually was fixed, then we can publish the details, because the details no longer results in an exploit. Now, if the company doesn't engage with us or doesn't or chooses not to fix it, which is remarkably common, they're like, they pretend like it doesn't exist, or I have a really funny story I could tell about a company who just like, just completely ignored it. But in the common cases where those things happen, then we publish it, but without all the details in it. So that again, we don't want to give the attack blueprint to the bad guys.
[00:18:16] Speaker B: Wow, that's so interesting. And I go back to your earlier comment. It's really heroic. Some of these things that you're finding that can really change a life if they're exposed or however that exploit works. It's really fascinating that you're able to make such a change.
[00:18:38] Speaker A: I'd like to say. So I think heroic, that I'm gonna pass that on to the team. I'd be like, you guys were described as heroic today.
[00:18:45] Speaker B: I think so. I think every single listener would agree with that. If they're using a dating app and it no longer can be hacked so people know where they live, that's heroic too. I mean, there's thousands of scenarios here, but I certainly think that that's the case. So, Ted, have you always been like a techie, nerd guy? I mean, this seems like super heavy tech. You know, you started coding when you were two kind of thing.
[00:19:13] Speaker A: No, I wasn't always. I mean, I was always interested in technology. I mean, even since I was like, a little kid. But I don't have a degree in computer science. As an example. A lot of our. A lot of people, that's how they find their way into this profession is okay, they get a degree in computer science or some sort of engineering degree. There's plenty also who don't have degrees at all. All of them. Maybe not all. You shouldn't use general statements like that. But many people who wind up in this field, they were tinkerers, like, so many of them have a story about. When I tell a perfect example, so many people have a story like this. There's a guy who works for us, and he was telling me about this story about when he was a kid and he. All he wanted for Christmas was a computer.
[00:20:00] Speaker B: Okay.
[00:20:00] Speaker A: His parents were like, no, it's too expensive. It's too distracting. It's too. It's. There's. There's a million reasons why, no, you can't have a computer. But this kid is relentless, and, you know, as hackers are relentless. And even as a kid, he had that trait. And so he just, like, persisted and asked and asked and asked and asked. And eventually Christmas morning rolls around and there's this massive box under the tree. And sure enough, his parents got him this computer. And he's so excited, and he's like, oh, mom, dad, can I go set it up right now? And of course, you know, who can deny the joy of a child on Christmas morning? And they're like, go set it up. So he goes to his room, sets it up. They're, you know, having a relaxing morning, and maybe an hour or two later, they go to his room to go see how's it going, and they walk in his room and they're horrified because they see this expensive, brand new computer is in, like, a million pieces all over his bedroom because he had taken it apart. Every single screw, every single ribbon, every single single piece. He disassembled it because he wanted to see how it worked.
And that is the way that a lot of hackers think is that they. They want to know how something works. And my path into security wasn't through the traditional, like, I like learning how to code, getting a computer science degree, but definitely having that. That mindset of, like, every single thing that I am around. I'm like, how does that work? Why does it work that way? Can it work a different way? Can it be abused in a way that gives me some, like, is there, like, an overlooked opportunity here if I use it differently? So ultimately, I got into security actually through entrepreneurship, and I teamed up to run the company that we're running now with my business partner who I mentioned before. And we since started a second company. And I just learned it. I learned it. I learned the security part along the way. I believe, and many hackers will say this as well, that hacking isn't about technology and it isn't about computers. It's about life. Hacking is about how can you look at something and say, can I approach it differently? Can I find an overlooked pathway? Can I identify an assumption that is wrong?
[00:22:10] Speaker B: Yeah.
[00:22:10] Speaker A: And based on that assumption, can I do something differently?
[00:22:13] Speaker B: Yeah. I think a lot of us are getting used to, you know, a life hack or health hack or cooking hack. I see. See a lot of those all the time, but you've really honed in on these four characteristics of what a hacker is and how they can be applied to somebody's life. I'd love to dive into those a little bit with you, Ted. The first One I want to talk about relentless. Is that a characteristic that we often see out there in the world?
[00:22:48] Speaker A: Yeah. So I think each one of these traits, if you take each individual trait, I don't think on its own, it's unique to hackers. Like, are hackers the only people who are tenacious? Like, of course not. There's relentless. I mean, you're a relentless person. Like, there's relentless people everywhere you look. Definitely amongst high performers.
[00:23:05] Speaker B: Yeah.
[00:23:06] Speaker A: But one of the things that's so fascinating is that, yeah, hackers, truly, they're committed, Right. Hackers are willing to invest the time and the effort and the money and the resources and the love and the passion in order to pursue their targets. And that's actually where a lot of companies get it wrong. They. They underinvest in security because they think they underestimate how committed the attacker is. They're like, oh, the attacker is going to just like, run this automated script. So I'll run an automated script that defends. It's like, no, it doesn't. It doesn't work that way. People think about hacking often the way that Hollywood presents it, Right. So when you think about how's hacking presented in a movie, there's the hacker in the hoodie, like you said. They're hunched over the computer in the dark room and they like, click, click, click, click, click, click, click on the computer, on the keyboard. And then it's a tense moment and then they're like, I'm in.
[00:23:58] Speaker B: Yes.
[00:23:59] Speaker A: It was like. It was like eight seconds, maybe in a dramatic series. It's like, we'll come back to the hacker later. And like, later in the episode they're in. Yeah, no, hacking is like doing the same thing over and over and over and over again for weeks, until eventually it's like, aha, there it is. And all these little. These little things that. These dead ends, these roadblocks, these things that on their surface are failures like that, that action did not produce the outcome you wanted. They actually are these little guidelines, these little guideposts that direct the hacker to the winning path. And so it's like, well, I know that door is closed, so let me try the one next to it. That door is closed to try the next one to. It seems like this hallway is closed. Let me go to the next hall. You know, and it's that willingness to kind of do the same thing over and over. And I see that attribute is similar to, like, professional athletes. They talk about what separates an Olympian from someone who didn't make the team. Is the Olympian is willing to do the tedious thing. They're willing to eat the bland chicken every single day, five meals a day for 10 years. And most people aren't willing to do that.
[00:25:06] Speaker B: Yeah, yeah, yeah. That sounds torturous.
That sounds so torturous. That's so interesting. I love that analogy, though, because I do go back to a movie scene and I imagine this password, and you see the numbers running and multiple variations, and within minutes you got the we're in. And you're saying that most of these scenarios are weeks, months, years of somebody trying to find a way.
[00:25:39] Speaker A: Yeah. I mean, it does happen, right? Where people find something, like immediately. These stories happen for us all the time, where it's like, within an hour, we found a problem. Wow. But it's not way that it's dramaticized in the movies. It takes effort. And what's definitely one thing that is different over time is that. And this is one of the things that I still like, even all the years I've been doing this, it still blows my mind, the intuition that hackers have, right. They'll sit down, they'll look at a system that they've never seen before, and they'll be like, I think the weakness, the exploitable weakness, there might be one in this part of the system. And then that's where they go, start looking, and they find something, like, right away, like within the first day. And that to me is like, how do they know? Are they clairvoyant? And it's, you just, you know, intuition has become something developed over time. Right. It's, I think, maybe similar to, like, you're high in emotional intelligence, and that's probably part nature, but also part just learned over time. Right. Like, you honed that ability by being interested in other people. That's why you're really good at being a podcast host. And that's sort of what it's like for hackers. They, like, they start with a little bit of innate ability. Once you hack enough systems, you realize, like, I've seen enough systems that are kind of like this idea, like, I'm going to look over there.
[00:26:56] Speaker B: Yeah, yeah. Ted, do most hackers work alone or do they work in groups?
[00:27:03] Speaker A: I love that question. Because there is a very common misconception that hackers are these just lone wolf operators.
[00:27:11] Speaker B: Yeah.
[00:27:12] Speaker A: Living in their mom's basement.
[00:27:14] Speaker B: I was going to say that. I literally was going to say the same thing. Okay.
[00:27:19] Speaker A: Some of them are. I mean, there's. There's no, no doubt to that, that there's a lot of a lot of introverts, certainly in this field. And some people just prefer to be alone. And you can't paint a whole community with the same brush. But one of the things I think that surprises people is that hackers actually are highly collaborative. Highly, highly collaborative.
[00:27:42] Speaker B: Okay.
[00:27:42] Speaker A: And this misperception that they're like these, like, I think people. I think it's because what people want to think of hackers. I think people want to think of hackers as they are losers. Like, why else would you attack a school? You're a loser. I don't know necessarily where that comes from, but that's not really. Hackers don't operate alone in all cases. Actually, in most cases, I see them to be highly collaborative. I mean, hackers go to conventions together. I go to hacker conventions. I go on vacation with hackers. Hackers are my friends, you know, and one of the things I think is so cool that I get to witness as running a company that is ethical hackers is like, I'll walk through the hallways of our office building and you'll see all over the, all over our office space, people huddled up talking about something, and they're always asking each other questions, like, I'm trying this new technique and I'm running into this dead end, like, what am I missing? And someone else will be like, oh, well, have you tried this? And they're just, they really like this collaborative problem solving, even if it's not their own problem, like helping someone else through their problem. And it's super, super fascinating to see this collaborative nature to hackers.
[00:28:47] Speaker B: Yeah, well, some of these other characteristics that, that you've seen, they all are going to be contained in a book of yours coming out next year. Is that correct?
[00:28:58] Speaker A: Yes. So my next book is called Inner Hacker. It's going to come out next summer. Summer of 2025. Yeah. Where the name comes from is this belief that I have that there's a hacker inside all of us, inside of you, inside of me, inside our friends and family. Everyone has a hacker inside them. And what I want to do with this book is help bring that hacker out. So I talk about the. What are the attributes of how hackers think? And then how can you apply that to your life? So how can, how can you be more curious or more creative or more committed or especially more nonconforming? And that's the one that I think probably most people will have the hardest time with, because nonconformity is scary. We've been sort of taught and trained our whole lives to like you Know, follow the rules, listen to your teacher, sit down, be quiet. And here I am saying that, well, there's this whole group of people who are so successful, and I'm talking about hackers because they're willing to deviate from norms, reject norms, to challenge assumptions and all that stuff. So this book will talk about all those ideas. It'll tell stories from, like, what we've been talking about today, like hacking stories. But then it also tell a bunch of stories that are not hacking stories. So, like a story about someone who got a promotion. And here's how they demonstrated the hacker mindset. They didn't realize that's what they were doing, but this is the hacker mindset on display. You can use it for everything. For raising capital, for getting a job, getting a promotion, starting a. A company, raising money for charity. Like, whatever it is you want to do, you can apply this mindset to it. And that's what I want to do with this book, is I want to take this. This real subculture that I live in. I want to, first of all, honor it. I love the work that hackers get to do and use the word heroic, and I think that's such a beautiful way to say it, and I want to share that with the world in a way that then helps people change their own lives.
[00:30:56] Speaker B: Yeah. Well, our podcast is really geared towards middle agers, so those between the ages of 35 and 64. And as I'm absorbing all those four qualities, I'm trying to think which one us middle agers could do better with. And the interesting thing is, I think the older we get, the easier it is to be nonconforming. I was just reading an article about fashion and how fashion has become so boring, you know, globally, because there are no regional differences anymore. Everyone is wearing the same thing because it's all the same stuff on Instagram. And they did all these studies of how different fashion used to be when there wasn't one source of, you know, go to, if you will. But I do think as we get older, we get a little bit more comfortable breaking out of the mold of what everyone else does. But some of the other pieces that I was thinking through the curiosity, I think I'm going to venture to say that as people get older, if curiosity dies, their age becomes more prevalent. When you stop learning, when you stop asking questions, you stop growing. And I love. I love the thought of being a more curious person. I consider myself actually so curious that people get annoyed because I just ask questions so much. Which one of these qualities Ted, do you struggle with the most? What are you working on?
[00:32:41] Speaker A: What am I working on? That's a good question. Of these four, I mean, how I got to these four writing this book. I wasn't writing a book to reflect my own experience. I was writing a book to reflect what I observe from the hacker community. And I. So I got to this through observing the people work for us, of course, observing my friends and then interviewing people. And so it's been really, really rewarding getting to talk to all these people. And then as the byproduct of that, I now, you know, come up with these things and I see myself reflected in all of them.
[00:33:11] Speaker B: Yeah.
[00:33:12] Speaker A: And I wouldn't say that there's one of them that I may be working on or need to work on more than one or the other. But I can maybe speak to how I think some of these do change over time, like as you age. And I think the big thing that changes as you age is, and this is a good thing or a bad thing, depending on how you approach it, but is becoming an expert. So most people that are in middle age, they're now in middle or upper management, maybe executive, maybe even the CEO positions. And that can be sort of like reinforcing of, I'm the expert in this thing. And eventually you might get to a point where it's like, well, I don't want to do that other thing over there, because I'm an expert here, and I'm not an expert over there. I'll be a beginner over there. And that is true. You develop expertise in one area, you're a beginner in almost every other area of life. But the question is whether we want to step into that other area to feel like a beginner. And that is one of the things that I definitely consciously have to tell myself to do is like, go be the expert. Go learn how to be an expert in that area. And for me, I think a perfect example that's timely right now is AI. So, you know, AI becomes the total hype machine over the last maybe one or two years. Everyone's talking about AI. You go to any security conference, any technology conference, any conference, just period, everyone's talking about AI. And I find myself being like, I'm not yet an expert in AI. There's AI experts, they know a lot more about it than I do. I know the security elements of AI, but there's a whole lot about AI I don't know. And I vividly, I had this literal thought and I had to, like, stop what I was doing and be like, Ted. And I remember thinking, like, I don't want have to learn that.
[00:35:05] Speaker B: Yeah, yeah.
[00:35:07] Speaker A: And then because I said that to myself, I was like, that's the reason. I've got to go learn that. I've got to go be a beginner. I've got to go understand how these systems work. Just because it's like, you got to put yourself in that novice position. So that would be the big thing, I think that people listening to a show like this might want to think about is not becoming so cemented in your area of expertise that you close off new opportunities that actually might help you grow in your area of expertise.
[00:35:32] Speaker B: Yeah. What a good story. I love that whole comment. It made me think about myself and starting this podcast. Ted, I knew nothing about audio visual equipment, and I knew really nothing about the podcast world as far as the background of, how do you get something out there? What does it take? What does it look like? I loved consuming the information from podcasts, but I didn't know what it looked like behind the scenes. And boy, oh, boy, have I eaten the humble pie over and over again as, like, a 101 level. Okay, the plug goes here. And all the things I have had to be the beginner. And that sometimes is actually hard when you feel like such an expert elsewhere. So I do think that's really good advice for you middle agers out there. If you aren't growing or trying something new that you're not good at, then change what you're doing and throw something new into the mix. I love that advice, Ted. It's really, really good.
[00:36:44] Speaker A: Yeah. Get scared, right? If you're. If we're not scared, then we're not really growing. We're in our comfort zone, and.
[00:36:51] Speaker B: Yeah, yeah, yeah. Ted, how old are you?
[00:36:55] Speaker A: I'm 42.
[00:36:57] Speaker B: 42. How old do you feel?
[00:36:58] Speaker A: Yeah, that's a good frame because I'm biologically 42, but my joy de vivre is about 25.
[00:37:05] Speaker B: Really?
[00:37:06] Speaker A: Yeah.
[00:37:07] Speaker B: I love that. That's so great.
[00:37:09] Speaker A: I think I just, like. And it's. It's interesting you asked that question, because I think about that question a lot. And at 42, I look at even, like, just some of my peers, like people I went to high school with or college with, and I look at some of them, and I'm like. They say about themselves things like, I'm old, so I got a blank. Or I'm old, I can't blank. And I'm like, I'm going to a rave right now. What Are you talking about, like, we're the same age?
It's just a choice now, obviously, like, things in life age people in different ways in terms of, like, responsibilities or commitments that you might have. Life is. Life is hard. Life is filled with loss and pain. And, like. And I get it that, you know, that's difficult for a lot of people. But I. I don't know. I just, like, I just want to hang on to the fun that is being 25.
[00:37:56] Speaker B: So, yeah, yeah, I just interviewed 50 middle agers and asked them the same questions over and over to try to get, like, a baseline of where they are. And interestingly, 75% of middle agers feel about a decade younger than their actual age. And I thought that was really inspirational, especially for all those young folks out there who think it's just terrible to get those numbers adding up. I think when my parents. I'm 45, and when my parents were 45, I would have said they're ancient, like, this is it. And now I feel like it's just beginning.
But I loved that most of the folks that I interviewed, and they were really a broad SC spectrum of all types of people from all walks of life, most felt at least a decade younger than they are.
[00:38:51] Speaker A: I love that.
[00:38:52] Speaker B: Yeah, that's great. Yeah, I think so. I think so. So, Ted, if you were to give some practical advice about these qualities that you see in hackers, what are some of the things that people can start doing today to think like a hacker?
[00:39:12] Speaker A: The table of contents of this book. I've been really intentional with the way I'm writing the book. Like, I want the book to both be entertaining, like, having stories and all this stuff, but also make it so that it is just packed with things to go do. Like, go try this. Here's a tactic. Here's a tactic. Go try this. And eventually, like, some of that stuff will stick. And so if you, like, ripped the table of contents out of the book, you'd be like, here's my action plan.
[00:39:36] Speaker B: Oh, so.
[00:39:37] Speaker A: So some of the. Every chapter title is an action, and some of the ones that come to mind that I would have people start with, one would be Challenge Assumptions. So challenging assumptions is about the idea that we have to first identify assumptions. So we have to. Assumptions are the beliefs that we hold or that other people hold about how we will interact with something or how someone will respond or whatever. And those assumptions. What's fascinating about assumptions, I'm making this number up, but let's just say that's largely true. Let's Say assumptions are accurate like 90 or even 95% of the time. So that's good that our assumptions largely are correct. But what's fascinating is that 5 or 10% of the time when the assumption is wrong and it's those flawed assumptions that hackers find new ways to do things. And so by challenging assumptions, we can say, all right, I assume I need this expertise to do this thing, do I? I assume I need a certain level of education or money to do this thing, do I? And by looking at those assumptions and challenging them, we now find these new pathways. Right?
[00:40:46] Speaker B: Yeah.
[00:40:46] Speaker A: So that would be one that would definitely start with the second one that I'm really, really excited about. Like, this chapter alone, I'm like, I want to write a whole book about this is we should break the rules. So rules are really important. Rules govern how a system works. They govern how society operates.
They largely are meant to ensure fairness, though in a lot of cases, they actually kind of do the opposite.
[00:41:10] Speaker B: Yep.
[00:41:10] Speaker A: But what we have to do with about rules is we have to realize we have to be able to differentiate the rules that are good and just and valid and make sense and keep things operating smoothly. And maybe even most rules are that. But there's a bunch of rules that are dumb and are bloated and are meant to control the outliers who are, you know, the criminals or the deviants anyway, and not everyone else. We got to look at these, the rules, and we got to figure out which ones we can break. And some rules not only should we break, we must break. And it is in the breaking of rules. That's how things evolve. I mean, look at any organized sport. The rules today are different than they were 20 years ago or 100 years ago. And it's because the rules evolved. Look the way that laws evolve or social norms evolve. I mean, law is a wonderful example of why we have to break rules. Like, the Underground Railroad is a perfect. It's probably the most beautiful example of where you had this group of people in the Civil War era America smuggling freed slaves from the south to the north, and they were absolutely breaking the law because the law at the time said that was illegal. Yeah, but what they were doing was right. It was just. And it advanced society. And so that's what we have to think about, that rules, like, we shouldn't blindly follow rules. And so those are just two examples. The challenge assumptions and break rules that are kind of in the hacker mindset that help us apply some of these techniques and strategies to find new ways to achieve Our goals.
[00:42:46] Speaker B: Yeah. You know, when you say break the rules, I know people just get anxiety right away because some people are by the book and anything that veers off is stressful to them. I maybe I would probably call myself more of a rule breaker or pusher.
And I love thinking of different ways to approach something. I was just talking with a friend I know we were speaking about dating earlier in this episode, and he was very interested in somebody that he just started dating.
And he really wanted to bring this person around their family for the holidays. We just experienced Thanksgiving, we're coming up on Christmas. And he said, you know, the rules are kind of like, you should be dating for at least three months before you do this. And the first thing that came out of my mouth was, who cares about the rules? Who made that rule? It doesn't make sense. Are you kidding me? So I think I 100% agree left and right. There are norms, boundaries, and things that need to be challenged because they just don't work anymore. They just don't make sense.
[00:44:10] Speaker A: Yeah. Yeah. And there's a better way to do it. And yes, we should break rules, bypass, bend them, whatever we need to do, Challenge assumptions. And Those are only two of 11 chapters that this book will. Wow, there's a lot that people can learn.
[00:44:26] Speaker B: Definitely. I can't wait to get my hands on this book in the summer of 2025.
Ted, you do so many different types of events, speaking engagements. You're all over the world. What are some of the ways that our audience can connect with you, can meet you? What's the best way to do that?
[00:44:47] Speaker A: Yeah, the simplest is just go to my website, Ted harrington.com everything you could need to know. Information on my books, information on talks, information about our security services, our security products, all that kind of good stuff. It's all right there. Ted harrington.com Perfect.
[00:45:05] Speaker B: Perfect. And we mentioned a bunch of different pieces during the podcast. I'm going to load up the show notes with links to a lot of these references, links to the TED Talk link to your book so they can purchase it. And I'll also drop in the link to your website so people can easily reach you. Is there any last parting words that you'd like to say to our audience about being a hacker?
[00:45:32] Speaker A: It's a beautiful thing. It's an honor and a privilege that we can give ourselves if we allow ourselves to think differently. Like one of the most beautiful things that I see that hackers do, and this touches on what we were talking about before, like what should middle aged people be thinking about as you take away from this, and it's, hackers give themselves permission to do this. Hackers aren't sitting here saying, I hope that someone lets me decide to try to see if I can bypass authentication. It's like they just go do it. And it's that the brave act of giving yourself permission to think differently, that changes lives. And that's my hope that someone takes away from this idea, is that they say, here's a way that I can maybe think a little bit differently. And I'm going to give myself permission to go do that.
[00:46:21] Speaker B: Yeah. That's so great. I love it. Ted, I'm so glad I met you. I'm so glad you came into my life. I've learned so much. Every single conversation I have with you, I spark new ideas, something gets excited to try something different. I hope, I hope that we can get you in front of even more people because you have so many different and new ideas that are not things that we're hearing out there all the time. This is a really different approach, and I think it's going to be really well received. So can't wait for this book to come out in the summer.
[00:46:57] Speaker A: Thank you so much. I really appreciate your support and likewise, it's been so fun all these times getting to hang out with you.
[00:47:04] Speaker B: All right, Ted, thank you so much for coming. I hope to have you on again in the summer so we can do a deep dive into your upcoming book, Inner Hacker. And hey, I hope you have a great holiday.
[00:47:16] Speaker A: You too. Thanks so much.
[00:47:19] Speaker B: And that brings us to the end of another episode. I hope you enjoyed the conversation as much as I did. Okay, so if you haven't already, make sure to hit that subscribe button so you never miss another episode if you're loving what you hear. I would be incredibly grateful if you took just a moment to rate and review this show on your favorite podcast platform. It helps others discover us and it's a great place to share your thoughts, suggestions, and ideas for future episodes. For even more exclusive content and detailed show notes, check out our
[email protected] and that's spelled out 3564.com. As always, a huge, huge thank you for spending time with me today during this episode. I appreciate that you tuned in. I'm going to leave you the same way I do every episode. Remember, it's not too late, you're not too old, and you're definitely not dead. Okay, until next time, friends.
Today's episode is brought to you by Dana Kreeth Lighting where artisanal craftsmanship meets innovative design. Are you searching for lighting that stands out from the rest? You've got to check out Dana Kreeth Lighting. Handcrafted in Southern California, each piece exudes attention to detail and commitment to quality. Say goodbye to replacements and hello to long lasting beauty. Visit danacrith.com that's D A N A C R E A T H.com to view their stunning collections or stop by their showroom at 1822 Newport Boulevard in Costa Mesa, California. Dana Creith Lighting where elegance meets innovation.
