Show Notes
This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to hear about his journey from spiteful hacker to successful founder. HD walks through the history of Metasploit, the motivation behind their coding decisions, his opinions on open source software, and the excitement of exploration and discovery.
Timecoded Guide:
[04:57] Catching up with HD’s career from his hacking exploits in the ‘90s through his founding of Metasploit to his recent activities with Rumble
[11:41] Getting personal with the feelings and takeaways from a project as successful and impactful on the cyber industry as Metasploit
[18:52] Explaining HD’s personal philosophies around accessible education and the risk of sharing vulnerable information publicly
[25:39] Diving deep into the technical stories of HD’s path of discovery and exploration during his time at Metasploit
[31:14] Giving advice for future founders and hackers looking to make a legendary impact on the cybersecurity community
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What were some of the trials, tribulations, and successes of Metasploit?
Although Metasploit has had a lasting impact on the cyber world, HD Moore is not afraid to admit that part of Metasploit existed out of spite for critics, employers, and gatekeepers in the cybersecurity industry. In terms of trials and tribulations, HD saw a great deal of criticism come from his peers and from professionals ahead of him in the industry, often displaying rudeness towards the quality of the exploits and Metasploit’s audience of young hackers. Later, HD says that a surprising and amusing side effect of his success with the project was watching employers and peers go from criticizing to lifting up his work with Metasploit and attributing success of many hacking professionals to its creation.
“When we started the Metasploit project, we really wanted to open up to everybody. We wanted to make sure that, even if you barely knew how to program, you can still contribute something to Metasploit. So, we did our best to make it really easy for folks to get in touch with us, to submit code.”
Where does your philosophy land today on giving information freely?
HD has heard the same opinions many professionals that teach and give information freely have heard: “You’re making it easier for people to use this information the wrong way.” Instead of considering the worst possible outcomes of making hacking accessible, HD chooses to acknowledge the importance of accessible education and publicly provided information. According to HD, if someone is creating and teaching content to the next generation of red teamers, that content is theirs to use. Whether they’re a physical pen tester teaching lock picking or a hacker disclosing a vulnerability, what they choose to share with others has to be based on personal moral code and what others do with that information is up to them.
“It comes down to: You do the work, you own the result. If you're teaching people how to do stuff, great, they can do what they want. You can decide to do that, you can decide not to do that, but it's your decision to spend your time training people or not training them.”
Is it possible to be a CEO, or a co-founder, and stay technical?
The downside of success in the cybersecurity industry is often stereotyped as losing the opportunity to be a hands-on hacker. However, for HD, his success has allowed him to do the exact opposite and instead prioritize his time to be technical. HD believes strongly in the ability to make this happen through proper delegation of duties, incorporating new leaders and managers in your company or project, and acknowledging when you may need the help to bring what you’re working on to the next level. HD is proud of his success with Metasploit and Rumble, and is happy that he was able to hand off certain duties to other professionals that he knew would do better if they had a chance in the founder’s shoes.
“Don't let the growth of your company change what you enjoy about your work. That's really the big thing there, and there's lots of ways you can get there. You can hire folks to help out, you can promote your co-founder to CEO. You can bring on program managers or project managers to help with all the day to day stuff."
What advice do you have for people looking to follow a similar cyber career path?
Content is the name of the game, especially when you’re looking to get more eyes on what you do. HD is the first to admit that putting himself out there in a blog post, on a podcast, or at a stage show is not always a walk in the park, taking him out of his comfort zone and often away from the tech that he spends his time on. However, publicly displaying himself and his work has brought attention to Rumble and Metasploit, and HD knows he would not have achieved this level of success without putting his content out into the world, hearing feedback from his peers, and even receiving his fair share of criticism from industry professionals.
“Not all of it is the most fun thing to do all the time, but it is crucially important, not just for growing yourself and getting out there and getting feedback from your peers, but for learning because you learn so much from the feedback you get from that effort.”
-----------
Links:
Stay in touch with HD Moore on LinkedIn, Twitter, and his website.
Learn more about Rumble, Inc on LinkedIn and the Rumble website.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn
Catch up with Chris Cochran on Twitter and LinkedIn
Continue the conversation by joining our Discord
Recent Episodes
Hacking Trust with AI and Deepfakes featuring Iain Jackson
What happens when cutting-edge AI meets the art of deception? In this episode, Iain Jackson, Academy Hive Leader at CovertSwarm, takes us through the uncanny potential and risks of synthetic ...
Championing the Human in Cybersecurity with Julie Haney
What happens when cybersecurity puts people first? Julie Haney, Human-Centered Cybersecurity Program Lead at NIST, shares how designing security with humans at the center leads to greater ...
Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid ...
Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how ...
Transforming SOC Operations with AI featuring Roy Halevi
Cybersecurity is evolving fast, and AI is at the center. Roy Halevi, Co-Founder and CTO of Intezer, explains how AI automates SOC operations, improving speed and accuracy while freeing up teams ...
From Shadow IT to Full Asset Visibility with Wes Wright
Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take ...
Building Opportunities for Women and Minorities in Cybersecurity ...
How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in ...
Rethinking Cybersecurity Hiring with Naomi Buckwalter
Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, ...
AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter
In a world filled with AI-generated deceptions, how do we discern what’s real? Ron sits down with Perry Carpenter, author of FAIK: A Practical Guide to Living in a World of Deepfakes, ...
How to Become a True Security Leader with Nathan Case
How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact. In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey ...
AI and the Future of Cyber Defense with John Hubbard
How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.