On The Brink with Castle Island - Rob Behnke (Halborn) on Public Blockchain Cybersecurity (EP.360)
Episode Date: October 12, 2022Rob Behnke, co-founder and CEO of Halborn joins the show. In this episode we discuss: Rob's career journey in the cryptocurrency industry and the insights that led him to founding Halborn. The 2017 I...CO era and the security issues that plagued many projects. How Halborn approaches engagements with DeFi ecosystem participants. How centralized financial services companies are engaging with DeFi and how these firms think about cybersecurity. How Rob and his co-founder Steven Walbroehl approached their Series A fundraising process. Halborn's new suite of software products. To learn more about Halborn visit halborn.com and follow Rob on Twitter
Transcript
Discussion (0)
Today on the podcast, we sat down with Rob Benke, the co-founder and CEO of Halborn, a portfolio
company of ours that's a cybersecurity business focused on public blockchains.
Halborn is working with some of the leading C-Fi and D-Fi players in the crypto ecosystem,
and it was great to get Rob's perspective on the maturation of the industry, the common pitfalls
from a security perspective that most companies take, and the evolution of Halborn's products
that are notarizing public blockchain interactions. I think you'll enjoy this one. So without further ado,
here's my conversation with Rob Benke.
Matt Walsh and Nick Carter are partners at Castle Island Ventures.
All of these expressed by them or the guests on this podcast are solely their opinions
and do not reflect the opinions of Castle Island Ventures.
You should not treat any opinion expressed by anyone on this podcast as a specific
inducement to make a particular investment or follow a particular strategy,
but only is an expression of their personal opinion.
This podcast is for informational purposes only.
Brought down by bad mortgage investments, Lehman, which has 25,000 employees will be liquidated.
The federal government loans American International Group,
AIG, 8,000.
$85 billion.
This is a different kind of market, and the Fed is asleep.
The federal government is stepping it to stabilize Fannie Mae and Freddie Mac, the two mortgage
giants that have been threatened by the housing crisis.
The Bank of England has pumped 75 billion pounds more to Britain's ailing economy with a new
round of quantitative easing.
You print a couple trillion dollars, and all of a sudden, people start to worry.
So out of this worry, we have something called the Bitcoin.
Bitcoin.
Rob, so thanks so much for joining on the podcast.
It took a while to get you on.
So thank you for finally joining the podcast.
Hey, very happy to be here, though.
Absolutely.
Been hunting you down for a while to try to get you to come on.
The cybersecurity people, it's hard to get you guys pinned down and talking about stuff.
But we'd love to just start with your origin story.
What was the path that led you and Steve into starting Halborn?
My original story is definitely more on the more general side of business and growth.
I use the word serial entrepreneur lately.
I've built a couple of companies over my career.
the first major one was an organic food brand, actually.
So I had an organic food company back in the early 2010s called Brooklyn Salsa Company.
We took a salsa recipe.
And in two or three years, we were in 10,000 grocery stores around the world.
And the crazy thing about creating atoms, as opposed to bits, is that you need to keep
on producing those.
And so the bigger you get, the more money you need, actually.
And so it's CPG.
My heart goes out to all things.
founders in the world of CPG. We built that up. We eventually ran out of cash, plus my founders and I were
having all sorts of different internal difficulties. So I decided to sunset that business and look
elsewhere. I'm also a musician. And at that time, I was working on an album. Someone passed me over
an idea to create an app for musicians. And so I said, I think that sounds great. And so in 2014,
I launched my next company, which is called MicSwap.
Mike Swap is a virtual microphone modeler for iOS, which at the time was the first of its kind.
And that did quite well.
But what happened is, as I was sunsetting my organic food business, I found out about Bitcoin.
A friend of mine went to me and he said, hey, can't believe Bitcoin is $70.
I said, that scam, what are you talking about?
I'd initially heard about it.
Years before that, wrote it off.
And as a tech geek in general, he told me, well, there's this thing called a brain wallet.
And that immediately was like, oh, okay, let me go look at that.
So long story short is that I absolutely fell down the crypto rabbit hole very hard in 2013
to the point where my extremely small claim to fame back then is that I put together,
I'm big into audiobooks.
And so I put together and launched the Satoshi White Paper audiobook that's on YouTube.
If you look up Bitcoin white paper audiobook on YouTube, that is my voice and animations that I did back then as a total fun little side hobby.
I knew that I wanted to do something in this space.
I was infinitely fascinated by all things crypto, whether it was the non-sovereign digital currency side, the deflationary side, all the things that bring people into the space.
And it wasn't until 2016, 2017, when ICOs basically started to happen.
and those obviously have varying opinions on such terms nowadays.
But as ICO started to happen, I actually found that once again,
how to eliminate and get rid of third party intermediaries within capital raising
for whatever the initiative is.
And that was definitely sort of like the catalyst.
So 2016, 2017, I started a company called Token Agency,
which we were working with a number of different.
startups to help launch their token sales and their ICOs. One of our larger clients that ended up
not even inevitably launching was the former commissioner of the CFTC at the time was launching
an oil-backed stable coin and we did a bunch of work with them to get that to be in the right place.
But here's what happened. Throughout 2017 and 2018, our clients just kept getting hacked left
and right. I couldn't get my job done. My focus is as and always will be on the marketing
and sales operations, just business side in general.
And so it didn't matter how good of a job I was doing.
Every project that we would launch just kept having issues in the cyber world.
So for example, the first two projects that were token agency clients,
they were affected by the 2017 parity hacks.
So like, great, they just launched.
They just raised a bunch of money and now it's all gone and it's gone.
So I'm a big proponent of building out service and product-driven
and service companies at this point, technology firms.
And it was very clear in 2018 to me that there was a much larger need in the space
for real proper cybersecurity professionalism.
And so I started to ping my network.
I had one of those Slack channels with a bunch of my buddies in there talking about Alpha
and all the fun stuff that you do at the time.
And I said, hey, I'm looking for cybersecurity professionals to say,
anyone know anyone and come to find out
an old friend of mine from college,
said, yeah, I happen to know somebody
that's over here in Miami. And so
in comes my now business partner,
Stephen Walbro, we meet.
So Stephen is one of these,
what people typically call, like your 10x engineers.
Stephen was working multiple jobs
as a sort of head of cyber.
He was in the internal red team at IBM,
and he was over at a number of other
large enterprise institutions running their cyber programs. And my call to him was, hey, we have some
clients that need some help. Steve is and will always be one of these. He would be okay with me calling
him a Bitcoin Maxi at this point. So he fell in love with the technology and was mining it back in
2013, 2014. And what I've come to find is that engineers in the Web 2 space love themselves
a good challenge and a good opportunity. And so Steve and I knocked,
our heads together to start thinking through, what does blockchain-related cybersecurity really
look like in the modern era? People immediately lean into smart contract auditing, but doing so really
is sort of like focusing on the tree in a very large dark forest, as they say now. So I had knocked
our heads together. We did a couple of one-off engagements together through my former agency,
token agency. And what became very clear is that we have kind of like this Yang and Yang
scenario where he's highly technical. I'm operational. And so we knocked our heads together
and built out what would later then be rebranded to Halborn. What we did was in 2019,
we went to DefCon and Black Hat. And what was happening at the same exact time was, I think
it was called like World CryptoCon or something out there in Vegas, sit in on a panel and
a couple well-known CSOs in the space were there doing a panel. I walk up and do the very first
pitch that ever was a Halborn pitch, and it inevitably led to our first deal, which was like
literally right smack dab when COVID hit and when lockdowns happened. We closed our first deal,
which happened to be with New York Stock Exchange and ICE to work on some of the things that they were
doing at that time. And we looked at each other and said to ourselves, well, maybe there's something here
if the first client that were ever signing as a two-man operation is nice, let's go out and build something.
And so we did. And so from the get-go, the core thesis at Haliborne has always been, there is way more that you can pown than a smart contract.
And so you really need proper end-to-end holistic cybersecurity practices mixed into this wacky world of Web3.
And that's how we started, and that's where we are still today.
We made our very first hire in October of 2020.
And we're at right now, we're recording this October 2022,
is a little over 100 people now distributed across the world.
And so we've just been sort of growing at an exponential rate.
And I'll pause there.
But that's the origin story.
It's an awesome origin story.
I remember those days when it felt like every single SEO was being hacked
or some random wallet was getting thrown up on their,
website. That must have just been complete chaos to live through. The PTSD is real from those days,
but I think that it's all part of any early pioneering days. There's that age-old saying,
I mean, I'm in New York now, but I moved briefly to San Francisco and I read like the 1984
birth of the gold age. It was very clear that pioneers are the first of the slaughter, typically.
And so that metaphor translates definitely to that scenario. For sure. So what's fascinating
about you guys is you got to tremendous scale bootstrap. I would say in,
large part because you had this bigger focus on not just smart contract platform audits,
not just looking at centralized infrastructure. So maybe talk a little bit about how you guys
have built the business across the products and the services and the types of clients
that you guys are engaging with today. For the most part, what we're doing is this is all on
our website regarding what I'm about to say here, but our core offering is not smart contract
auditing. Our core offering is security advisory as a service. And so what that means is you get an
actual human because you want an actual human, you get a human to come in and really talk to you
about your needs. Let's talk about your architecture. Let's talk about what you're building,
what you're designing, what you're launching. Let's extrapolate all the layers, all the processes,
and then let's secure everything throughout that process. So if you're launching major layer one,
so I mean, some of our clients are people like Salana Foundation, Aval Labs, Dapper Labs. Major layer one
providers where as they are building out the layer one upgrades, those are the things that we are,
in fact, testing. And so there is primarily that services component for sure, but there's a lot of
technology involved. We have a ton of tools that we've built out over the last several years now,
whether it's internal fuzzling tools or internal point systems and internal dock servers
and so on. So we've built out a ton of internal tools throughout this process. So I would say that we're
definitely a technologically driven professional services firm that is evolving into.
We'll get to this, but obviously we recently completed a sizable raise or very first raise.
And so we have a very aggressive but sizable pipeline of products as well as services
that are going to be coming out in the coming months and years to come,
all wholly focused at how do we help the builders in the Web3 space, whether they're institutional
or pure DGEN, DFI, and or institutions.
So regarding who our clientele is, I mean, that's the thing.
Our clientele is going to be more of the enterprise Fortune 500.
We do work with a number of different custodians and large banking institutions, but we work
with a very large laundry list as well of just pure application layer DFI
protocols as well. It's got to be a fascinating customer base to manage because on one end, you have
some institutions that are amongst the oldest banks and traditional financial services players in the
world, really. And on the other end, you have organizations that don't even really have a capital
structure that really it's just a loose confederation of people that are building open source software.
And so how does it like the go to market and just the sales pitch work across those two customer
sets? We segment off how we pitch. We basically have two different.
from pitch decks for the two different target personas that we've built out, but the offering is still
effectively the same. So how are engaging managers and project managers engage with different
clients is definitely different and certainly telling. But I think for us, our strategic advantage,
well, we have a couple, but like what I would say is that our major advantage is bringing
tried and true professionalism into the space.
And so like really just hyper-focused on absolutely exceptional customer service and experience
while making sure that you don't get pones throughout the process.
And that's for us, our major OKRs around Halborn or the number zero.
So zero financial losses through breaches or anything like that.
That's why I'm exceptionally excited that after over 250 plus clients that we'd be working with at any given time,
Yeah, you're not going to find our name on the reckless list that comes with a really specific
hyper, hyper detail focus on quality of work and quality of training of our people and also
the quality of people that we bring into the org.
That makes sense.
So you talked about the ICO era and a lot of the hacks that were happening back then.
I mean, I guess I wish I could say it's gotten better.
You see high profile hacks from North Korea.
It feels like every quarter or so in this industry where, I guess,
I guess the latest one was Axi, that it looks like the Lazarus group made off with a pretty good bounty.
How do you think about that when you see things like that? Is it an existential risk to the industry, or is it just sloppiness?
How do you contextualize it to folks that might not be in this every day?
I think it is once again this whole theory of pioneers are the first of the slaughter.
This is the next era and age of digital internet money.
And so when you think about it, I mean, look, back in the 90s, it took a while for us to ever
get to an HTTP standard.
There was all sorts of ways, fairly elementary ways to hack different systems and to get access
to people's emails and so on back then.
And over time, the free markets do what the free markets do.
And it's the same thing in cyber.
So it just takes time for the market to say themselves, hey, like, someone should be creating
a more secure protocol or a more secure standard to really.
kind of focused so that this Tom Foolery doesn't happen anymore. And so it's still this moment
that we're in. I mean, Bitcoin's only, what, 13-ish years old, but it's still relatively young and this
technology is still young. And I look at this as these are economic science experiments with
a billion dollars of DVL in them. And so, look, what I would say here is that for anybody that's
listening to this and thinking about laughing to themselves about these crazy kids in Defi,
there is a lot of professionals coming into the space and really focusing on security.
Pretty much, I mean, look, I call what it is, pretty much because they have to because they get that if I'm taking investor money to go out and build X,
it turns out that some of that should probably be going into security auditing along the way and some tooling along the way so that this awesome thing that we're building out doesn't get popped anytime soon.
It's fascinating because some of these attacks, I don't know if this is the right word for it, but they're almost game theory type of attacks.
Maybe the contract works exactly how it's intended to work, but there's some other interaction that compromises it.
So how do you guys even segregate the types of ways that you could be compromised?
Well, now you're getting into really like, this is precisely why we do what we do.
And so there is a number of different, like it's not just someone found an exploit or even
thinking about 2017 or even 2016, what was it, 15 or 16 with the Dowhack, where you have
what is now known as a simple re-entrancy attack. You really don't see that as much, only really
sloppy. You do occasionally see it. But the reality is that a lot of what we're seeing today
does tend to resemble a lot of what the traditional vanilla Web 2 world is going through as well.
social engineering, humans, still the single most vulnerable point of attack to everything.
People that are working in the NFT space or sitting around in Discord servers, well, there's
all sorts of social engineering going on in there. People can still click on emails.
People can still click on links. What I read about the Ronan hack, you can't even really
call it a hack because what happened was you had someone that reached out to a senior engineer
and I'm just using round numbers. These aren't the real numbers, but like, hey, Mr. Engineer, you're
making $300,000 right now at this big blockchain company. Well, I have my client that's offering
$400,000 to come work for them, download this synopsis of the job description. That guy then
downloaded that PDF that had some macros enabled or had something enabled.
And boom.
Yeah, that's scary.
So from there, obviously, you can go off and do your shifting left
and figuring out how to expelrate private keys in whatever manner they did.
The reality is that the world of smart contract-related hacks
certainly is alive and well and still there.
However, how people are doing that is getting to resemble a lot more of the traditional world.
And I guess the stakes are just so much higher in the context of public blockchains
because we're talking about physical.
Oh, that's ridiculous.
I guess not physical, but digital bearer assets that once you have them, you have them.
You think about like Lazarus Group and North Korea, like, why would they focus on enterprises
when they can go focus their time and energy on a bunch of these engineers that are launching
codebases where you find something and you're able to exfiltrate like real proper
million dollars of value money?
and for as much as call what it is around like compliance and what the U.S. government's doing with
tornado cash, there's going to be five other tornado cash clones that pop up immediately, just like
with what happened with Pirate Bay, just like with what happened with Napster, back with
peer-to-peer technology that existed way before Bitcoin. And so the internet's a wacky place in that
sense. That's why you need help. Not everyone specialized in this. Totally. So for all of its
false, obviously, DFI is one of the most fascinating aspects of public blockchains and just some of
the innovation there is mind-boggling. From where you sit, you're obviously seeing a lot of
centralized financial services companies start to look at this. Why do they care? I mean,
what is the impetus for even being interested in public chains for some of these centralized
companies? Some of them pretend to care. Some of them are mandated by their managers to go care
about it. But then some of them understand that this is the early days of a new era,
the really gross word that probably a lot of the listeners know about like digital transformation
and all that. So it's like there's a new era of digital transformation that's going to happen
with all financial services tech. And it starts with blockchain technology or DLT and all these
permissioned chains and so on. I think they're looking at it. I think most in the,
the traditional financial markets are looking at and kind of like giggling to themselves
about the wild speculation around this APY that supposedly some of them are able to be able
to obtain and are smart enough to acknowledge that these assets are highly volatile.
But just like anything, in the early days, God forbid, I'm probably like the 50th person
on this podcast and any podcast and bring up the fact of like, well, you have email in the
early 90s that everyone joked about. It was where all the bad guys were sending you messages
electronically this way. So stay off email. And that leads to the 99.com boom. And now 20 years later,
we see where the internet is and it took a lot of time to kind of get through that minutia.
And I think crypto is still in that time and place. So again, I'm probably the 50th person to say,
oh, we're still early. But that is the reality. But that is the reality.
And so I think that that's why we've had that consensus amongst our community and amongst our industry now.
We're early and there's some really just causes and some really just solutions that are coming out.
You need to be creative and wise enough to take a look at what a smart contract like Ave or Compound or any of these platforms are doing.
and still say that there is some real, real utility in what is going on there.
And while also acknowledging how early we are in that.
I totally agree.
I mean, I lived through the bad old days of the private blockchain hype cycle and enterprise
blockchain, yeah, of course.
A lot of that's just innovation theater.
I guess the good news is that it got a lot of people inside of big organizations
to actually learn about blockchains.
And I think you saw this migration where it became very clear that private blockchains were not going to be a thing and that there was large coordination problems. And frankly, there just wasn't a lot of money to be made in it. There's a lot of stories around saving costs on post trade settlement that never really materialized. But then you started to see folks realize, hold on, wait a second. So I can start a custody business and I can charge 35 basis points for holding Bitcoin. And my traditional custody business is two basis points. So why am I not doing this?
And why am I not offering access to trading where I can have very higher margins?
And so it was ultimately a profit motive that I think brought in a lot of folks.
I think you're going to see the same thing with defy.
I think you're just going to see banks and large financial firms start to see compound
and Ava and say, hold on a second.
We need to tap into this.
Our customers can have a better user experience.
We can lower the cost of capital on certain types of financing events.
And I think that's ultimately what pushes a lot more folks into the ecosystem.
Yeah.
And disintermediation is going to be very real.
I fundamentally believe that.
And that over the next really 10 to 20 years, I mean, major governments are going to have to try to figure out what they want to do about this.
And I know Matt, you and I are Americans.
And we have our thoughts and our feelings about our home country.
And then I think that whenever there's regulation in one country, well, the free market tends to try to sort of
itself out from there. And it's really a shame whenever I hear about really some of the smartest
people that I know that are American who want to go off and, oh, I got to go move to Lisbon,
or I need to go to Puerto Rico, or I need to go to any of these other jurisdictions just to
do this innovation without having to worry about things. And I think that there's a need for it
in a lot of ways. It is absolutely, it's really bad when a Terraluna happens. It's really bad.
And what can regulation do to help that?
I purposely try not to get into the compliance and the regulatory side myself,
but there's some much wiser people focused on how to ensure that things like that don't happen again.
Yeah, I agree.
And they're going to have a real tough time because the moment that South Korea and America and Five Eyes nations and NATO decides to make decisions around there,
well, guess what?
there are a lot of other jurisdictions out there where people are still all doing what they want.
I think if you were thinking about this from the perspective of running the United States as a
company and you were put in charge of it for a second, you would probably be looking at capital
formation as being a big reason why you should give some clarity on things like who controls
the spot market for these things and what is a security and what's a commodity and how is the
process work to raise capital and then become a decentralized network. Hopefully we'll figure
that out at some point, because to your point, this is a global ecosystem. And one of the largest
players in the entire space is FTX, and it was started by an American, not in the United States
of America. And so it would be great to see some of these things actually built in the U.S.
Yeah, and I don't know what the U.S.'s history is of regulatory sandboxes, but as far as I'm
concerned, that's kind of like necessary at this point. What is the definition of a token?
It's really just a representation of anything. So to think that.
you can regulate all tokens under one specific rule set would be unwise. I totally agree.
Not to mention this crazy thing that all the kids are doing now like liquid staking,
which is a token of a token, and then they move that across bridges, and then you have a token
that represents the token of the token. So the systematic risk is a whole different story,
but when you think through that kind of regulation of synthetics and so on, that's where we start
again into the complexities and the nuances.
We'll recreate CDS squared at some point and have a mortgage crisis in the
blockchain space.
You mentioned the tokens, though.
I mean, I guess one of the places outside of financial services where we're seeing
the most entrepreneurial activity is in the NFT space.
And even in the physical NFT space, a company or a brand that wants to issue an NFT
representing and tied back to a physical object.
It seems like this is going to be a huge category.
Obviously, it would have the same type of cybersecurity concerns.
What's your view on that category?
I mean, my view is that it's a beautiful and brilliant thing, which is in the early days.
There's only so many people that are going to be interested in monkey pictures.
But outside of that, I mean, there's so, so much more utility that comes with NFTs.
And so the media will focus on NFTs being all about these funny monkey photos.
That being said, you have major fashion houses that now are using this technology to verify all
authenticity. You have major real estate providers that are tokenizing real estate. You have the whole
concept of digital identity solutions, which would be technically an NFT. And I believe that's the whole
concept of Vitalik's soulbound token concept. There's a lot of innovation happening right now. And what I
love about this, too, if you think about it, there is plenty of technological innovation.
But humans, what separates us from the apes is our ability to storytell and our ability to perceive things in the ways that we do.
But this is really an evolution in how we think about stories and technology and what we're doing.
Like, I'm a musician.
So is actually my business partner, Steve.
He's a musician.
And we're both music fanatics.
And the whole concept of music NFTs makes a total sense to me.
I love going to shows and getting posters and getting t-shirts and getting merchandise.
And I would absolutely love for, I heard that Ticketmaster is now doing a thing with Dapper Labs.
So it's like the concept of me having a ticket or even a platform that I can log into verify it's me through using my digital identity that verifies that I was at this show at this time and place.
And here's the piece of merch that I can buy.
here's an exclusive unlock that's enabled.
That is all infinitely fascinating.
What I think people lose, where I think fundamentalists and sort of like Bitcoin or Ethereum
Maxis lose out on is this idea around decentralization.
I think your blockchain is supposed to be decentralized.
NFTs and concepts and all this stuff, you're not trying to decentralize that.
Let's be real here.
There's one artist that is creating the artwork and building out these things.
You want to have there be a centralized creative director of things.
So I think the gray area of centralization versus decentralization isn't even a debate that needs to happen in the world of NFTs.
It's just about where's this technology?
And ultimately, what do we want to disintermediate?
For me, personally, I hope to one day have Ticketmaster as a client, but as a fan, I'm not a big fan of Ticketmaster in the sense because of the outrageous charges and all the different things that are happening where, like, I can't transfer tickets.
other people. These are just ways of how do we get through the disintermediation of me being able to have
a proper customer experience. So for example, I recently heard about, I don't know what the name is of this
Brazilian airline now, or maybe they're Argentinian, there's a South American airline now that's
offering tickets in the form of NFTs. And the beautiful part about that is, in theory, well,
if I'm not going to be able to make my flood anymore, I could, in theory, go to an open market
and sell my ticket in that way. And that creates, in theory, a better user experience. So these
are all UX upgrades that were really focused in on in the NFT space. Totally. I think the other
potentially interesting disintermediation is of Facebook and Google is just ad monopolies. When you think
about, imagine a world where you have a sneaker that is really,
represented with an NFC chip to an NFT, all of a sudden, whoever issued you that sneaker can offer
you other types of experiences in a really interesting way. They can offer you unique access to live
events. They could offer you and directly reach out to you on chain to offer you a discount and
promote to you via that channel as opposed to buying a blanket Facebook ad and trying to pinpoint people
in your geo. So it's really interesting. I think the surface area for things that are possible here
we're probably just getting going. I guess the good news for you guys is that these things have
to reside on public blockchain just because they need to be provably fair. And so you're going to need
to have eyes on the code. There's no lack of need in Web 2 cybersecurity for traditional technology
companies. So for sure, there will be no lack of demand for quality professionalism for people
that are building out new cutting edge solutions to this tech. Maybe just to talk a little bit about
the macro. So you're building this company. It's a macro downturn liquidity crunch here. You
kind of shrug that off here. You guys recently announced a very big fundraise in your bootstrap
before that. So how have you thought about just building the business through this current
macro cycle? And obviously you've been through a few of these in the crypto space.
Having gotten into crypto in 2013, 2014, 15 was definitely like this is now what my third
crypto bear market, winter, so on. And I guess I lived through the financial crisis as well.
having just entered the workforce at that time and kind of saw that as well.
We bootstrapped because we could and we wanted to build this out.
And we inevitably kind of saw the writing on the wall saying to ourselves,
well, at some point in the next, this is like mid-2020, basically,
just having conversations amongst our executive team saying,
hey, look, something's going to happen at some point.
And it doesn't matter how profitable we are.
are like, why don't we go out and really focus on growth at this stage. I was excited after a lot
of time and energy and effort to complete our $90 million rounds, which we call it a series A,
because you can't call that a seed round at that point. And for us, there's a very clear trajectory
for us as Halborn. So like, we're here to help all the tokens in the world, but Halborn's never
going to have a token. We don't see there being any need or utility there for anything along
that. And that's just a purely philosophical concept. For us, we're going to be focused on
call what it is. Our goal is to go public in the next three to five years. And we're going to do that
through product wins. We're going to do that through continuing to provide exceptional customer
service in the form of professional services, consulting, and having a solid mix of both. With the world
of cyber, we tend to be able to have our cake you eat at two in that sense. So if you're
launching a traditional SaaS tech business, you want to be one product, one thing,
wholly focused, your team is just there to help provide a great product and build a great
product.
And cyber, look, if you're hacking and your penetration testing a regular web app, there is
no product in the world that does that all for you.
You still need humans to go in and manually review that code.
Yes, there are code scanners.
Yes, there are vulnerability scampers.
And funny enough, yes, there are QSRs and compliance pen testing firms that that's all they do is hit the button and it scans it.
And now here's your compliance audit review that you're able to go by.
But the reason why people work with Halborn isn't to pass compliance reviews, it's just to stay safe and sleep well at night.
We have some of the most absolutely top-notch elite ethical hackers from the Web 2 space.
We do not hire from the Web3 bucket.
What we do is we hyper focus on training and hyper focus on education and take naturally gifted people and show them the wacky world of Web3, which they inevitably fall in love with and love themselves a good new challenge.
And we have time and time again seeing this theory and this use case play out where an engineer that we bring in from IBM who was a,
a pen tester there, who we educate. Well, three months later, they're finding major zero days.
Halborn recently disclosed the major zero day that we found in Cosmwasum. That was that pure use
case of someone that we brought in, educated them on Cosmwasum. I don't even think they actually
knew Rust even before they started, but they had an insatiable appetite for learning and education
and being given the resources to go and thrive. And so that's why I think in our very
short history as an org. I mean, I can't talk about specifics. I mean, we have probably like three to
five major zero days that we're still like sorting through at this time. I don't see that ever
changing. I don't see that actually going down at all. It's just like we're just, there's a constant
slew of new technological innovations that we're here to help pop and then make the world a safer
place. It's exciting for us to get up every morning because we're the good guys in the space. We're
We're here to help save lives.
We're here to help save bank accounts and save people's life savings.
There's a lot of people out there that are crazy enough to put their entire life savings
into a defy platform.
So I tell my people every day, every single line of code that you find, every critical
finding, every low finding, whatever you find, you are saving somebody every time that
happens.
That's really powerful.
Totally.
I mean, it's a very exciting new space, but it's pretty scary out there.
So I'm glad you guys are around to keep people safe.
Where can we send people, Rob, to learn more about Halborn?
I know you guys are hiring a lot.
Where do you want to send people?
Yeah, go to Halborn.com.
We're in the middle of releasing a number.
I mean, I recommend our Twitter, which is at Halborn Security.
I also recommend halborn.com.
We are excited to also announce Zion.org, which is with two I, so Z-I-I-O-N-O-N-org.
Zion is, if any listeners out there,
familiar with Cali Linux.
It's a Linux distribution.
It's an operating system.
So Cali Linux is a very well-known,
very popular operating system
that comes pre-populated
with all the tools you need to hack a web app
or a network and so on.
We created the blockchain and Web3 version of that called Zion.
So it comes pre-populated with all the packages,
dependencies, and everything that you need to go
and hack a DAP or hack a blockchain.
And we're in the process of building out educational materials and training around that at this time.
And I will also say that I can certainly now talk about this.
So we are in the process of launching a product that we've been building out for a while.
And so I'll describe that as well.
Seraph.
Serif is what we are calling the world's first blockchain security notary platform.
And here's the basic premise.
There's a lot of people out there launching insurance protocols.
And it's like, oh, crap, I just got hacked.
well, here's some of your money back.
Well, that's a reaction to there not being the right measures in place.
Serif is a preventative platform and product
where you won't have these particular functions hacked
because you have an actual shield up
where you can think about it as opposed to auditing a smart contract,
we're actually auditing transactions that matter.
And these are very detrimental transactions.
So, for example, in a Ethereum,
smart contract, there's a thing called an emergency withdrawal function. There is no reason in the
world that that should ever be called unless there is something really major going down, where
you have to call the emergency withdrawal function and you move all the TVL and the D5 platform
from Wall A to Wall of B. So again, there's no need to ever do that. God forbid, you actually did
have to do that. Well, now what you've done is you have written a modifier in that smart contract where
when that's called, you now have a blockchain security notary that is on the other line
that is there to ensure that this is a legitimate transaction, that you have not been pones,
that you've not been popped, that your private keys have not been stolen, and a malicious
actor is moving funds from point A to point B. And we're really excited about this,
spent about a year in the making. And this is the second product that Halbourne has launched. We have
about six more in the pipeline. And that's a little bit about what we're up to.
Seraf is one of the most exciting things. I think the space has seen. It's definitely one of the
things that got us excited to invest in Halborn. I sort of describe it as it's the badge that you
need to have if you want to be engaging in a public blockchain context. I think it's going
to become table stakes for institutions that want to engage in this space. So I'm glad you guys are
taking the covers off of that one. Yeah, thanks, man. Awesome. Rob, well, thanks so much for
joining us to have the podcast. Thanks for having me. Thanks for listening to another episode of
On the Brink with Castle Island. To find out more about Castle Island, visit castle island.
To listen to all of our podcast episodes, please go to On thebrink dashpodcast.com or just click
on the tab in our website. Thanks for listening.
