 Well, it's good to have you here as we continue our series of CUBE conversations and the AWS startup showcase. Today, our focus is on Hacker One and the CEO of Hacker One, Martin Mikos joins us. Martin, thanks for being with us. We appreciate the time. Good to see you here on theCUBE today. Thanks for inviting me, John. Yeah, let's talk about Hacker One. Global digital security leader. You are taking care of everybody's worst digital nightmares these days. And so congratulations on that front, but I know you've got your hands full. Let's go back for those who are watching that don't know a lot about your history and just tell us about the origination, about how you gathered this stable of hackers, if you will, for good, ethical hacking, we might call that and how that began and where that path has led you. Yes, thank you, John. You mentioned it already. You said the worst nightmare. The worst nightmare we all now have is that we get hacked. We all have to worry as consumers, companies, governments that criminals will break into our system. And then when you start thinking rationally, think, okay, if the worst nightmare is a cyber crime and getting breached, what is then a medication potent enough to rise to that same level? What can stop your software vulnerabilities from being exploited by criminals? And the world has built a lot of testing software, procedures, scanners, all kinds of things to get there, but none have risen to the level of true criminal activity. But then this movement of ethical hacking has people with the same skill and same passion and same ability to come from the outside and break in, except one difference, they have good intent. So we have a collection, a community of all the ethical hackers in the world, over a million of them who are all ready to go in and in a way think the bad and do the good. So they approach your system as if they were attacking you and when they find a hole, they tell you and you can fix it. And it turns out that there's no other way of finding all the ways in which a bad guy could break in. You can do all the other things and you should do all the testing and scanning and whatnot, but it won't rise to that same level. It won't find all the vulnerabilities. It won't think as expansively as a criminal will think, but the ethical hackers do and they're unstoppable. And there are many more ethical hackers than there are bad hackers in the world. We have 1.2 million in our community. That's more than there are black hats or criminal hackers in the whole world. Yeah, that's an incredible number. I mean, 1.2 million. And growing hackers. How did you go about building that community and vetting that community, right? Because there has to be some kind of credential that you bring to the table, some kind of expertise. So how do you know that everybody in that 1.2 million, which again, just a phenomenal number, is of the same cloth, if you will, of good intent and willing to help? They would never sign up if they didn't have good intent because we know about them. We can see where they came from. So if you're a criminal, you would never voluntarily give away such information about yourself. So we know their intent. They're of course varying in terms of skill and drive and passion and abilities. So we have a ranking system where we can learn about their skills and we test them so we can out of that giant community find the ones who are truly outstanding. Because like in any endeavor in life, some are just natural talent. Some work hard to become the top talent. And most of us are just regular mediocre players in whatever sports we are in, like I am. But we have, we managed to find the most talented hackers in the whole world and through sort of a social competition we caused them to learn more, get better and just better and better. And here's the other dimension. So the first dimension is that we have to have a cure that is as strong, as potent as the risk. So we have to find vulnerabilities at the same level as criminals will find. Well, our hackers will do that. The second thing is it's a moving target. Whatever you learned in cybersecurity yesterday may already be outdated. Whatever technology you are catching up with may already be different than it was yesterday. But thanks to our giant community we have this sort of evolution inside the community where new talent is always coming in with new skill and replacing the old ones. So as a hacker, of course, you compete with all your other friendly hackers to be the best, but one day you'll get beaten by a new guy, a new person, a new hacker who has figured out the new technology. And that's how we stay current. Like there's no risk of the knowledge being outdated or stagnated because the people revolve in this community and it's always the freshest, most accurate current talent that's being deployed in our programs. You know, we've had a lot of conversations with cybersecurity experts over the years here on theCUBE and generally there's been a theme of, I wouldn't say resignation, that's too strong. I'd say almost acceptance that there are going to be challenges and sometimes bad guys win. Sometimes vulnerabilities do yield results with Ilan 10. So how do you match the skill level on your side with the skill level and the motivation of the criminal actors on the other side and keep up with that? Because there's great financial motivation on the bad side in order to ransomware. Great example of that. But how do you continue to fortify the hackers on your side to match that motivation that is so deeply embedded on the ill side? You brought up many good points. So let me start from the back end of them. So first of all, when we say that it's very lucrative to do cybercrime, I don't think it is lucrative for the actual doers. Like in ransomware, a lot of money is changing hands but I think it ends up in very few hands. So a lot of the technical cyber criminals who are conducting it are probably not making much money. In opposition of this, in our ethical hacking community, we already have 14 hackers who have earned more than a million dollars by working on our programs. That is a lot of money. It's a lot of money even for criminals. If you are enlisted by an euphorist government or other nefarious organization to work for them, they don't necessarily pay you well but working as a white hat, you can earn much, much more. So I do think the economics is rigged the right way, especially as human beings inherently want to do good and they are ready to do good even if their pay is much lower. Now the pay isn't lower but even if it were, the propensity to do good overpowers the likelihood of somebody becoming a criminal. So as long as we work together and pool our defenses, we'll be much stronger than any criminals. So let's turn the page then to, you've established the talent pool, very deep, great bench. You've got a lot of people doing really good work. So let's talk about the work they are doing in terms of vulnerabilities that they're citing, whether it's app security, cloud security, whatever the case may be. Generally, what are you finding? What are you seeing? Like where are the mistakes being made generally in your client base? What kinds of things are you pinpointing to them that you're finding through your work that they can shore up and build those defenses a little stronger? Broadly speaking, when you look at the industry today, every organization is undergoing digital transformation and some do it from a primitive standpoint. Some are already running on software but there's a digital transformation going on. Most organizations are moving workloads to the cloud, to a public cloud. When that happens, the nature of your application workload changes, the nature of the threat changes and the possibilities for mistakes will be different. When you deploy workloads on a public cloud, you may have configuration issues, you may leave secrets in public repositories. There are new threats that come to you but at the same time, it's a more uniform space because everybody's running on the same cloud and the cloud itself is secure. So we have devised specific services for those who run on cloud, where we go and say, we know AWS, we know Google Cloud, we know Microsoft Azure, we will find the specific typical vulnerabilities that you have there and we will tell you about them so you can fix them. And then you get a much stronger cyber defense because the world of vulnerabilities is known to us. We've trained our hackers in identifying them. When we find them in with one company, we learn and we can look for the same in some other company. So the pace of learning is much faster in our system and that's how we can bring companies to a higher level of security when they're on the public cloud than they were before. So actually, like when you said that many are resigned in front of this situation, the ship is already turning. It's important to look the threats in the eye and be unafraid of it and just meet it, but we don't have to be resigned anymore. We have the powers in the cloud vendors in the ethical hacking community in software automation to now build proper systems that are broadly speaking very secure. So how do you, yeah, how do we, we look at the ransomware incidents that continue to occur and yet, and that frightens a lot of people in the corporate world, municipal public sector and private citizens even, right? But you sound, if I'm hearing you right, a little more optimistic that we're getting to be a little more adept at security, if you will, and of citing vulnerabilities and finding these loopholes and whatever. So you're not as pessimistic as some might be. You're thinking that perhaps we are starting to turn the corner a little bit and maybe some of these things that have been big threats are being somewhat more mitigated now. Well, I believe that whether you think you can fight cyber crime or not, you are correct. Meaning you must have a belief of the power that you have with your other defenders. And today we can create a defense that's strong enough. Nobody is 100% safe ever. You can take any vaccinations you like, you may still get the virus. So like as a metaphor, it's the same with software. You can never get 100% safety but you can get much better than you were before. And you do it step by step with boring, small steps. It's not, there's no silver bullet. There's nothing that in one change will make you secure. But if you every day fix one little thing, soon you are more secure than your competitors and soon you are among the most secure in the industry. So, you know, as Martin, it is almost, I think about the old saying, if you can't beat them, join them. This is like, if you can't beat them, have them join you, right? No, it is. If you can't beat them, keep beating them, keep beating at them. Like criminal activity is very bad. The nefarious actors that are out there, there's nothing good with them. And whether they are operating voluntarily or mandated by somebody's power over them, it's really, really bad. But in terms of numbers of people, they are already in a minority. They have vast resources. They have as technical resources and skills, but we have more people lined up on the defense. And pool defense will always overpower an asymmetric threat. Well, it's a great story. What hacker one has done in just a very short period of time over the past seven, eight years, it's important work, it's vital work, and you're doing it very well. And so thanks for being with us here on theCUBE. And I wish you all the best down the road too. We want the companies to do well. That's when we do well and they are very secure. So thank you very much, John. This was a wonderful conversation. I appreciate the time. Martin Mikos joining us to CEO of Hacker One. You've been watching theCUBE conversation part of the AWS startup showcase.