Kevin Mitnick was arguably the most wanted hacker in the world when he was arrested by FBI agents in the winter of 1995 and charged with a litany of cybercrimes. Mitnick had discovered the joys of computer systems at an early age. At 12, he figured out how to bypass the Los Angeles paid punch system to ride the bus for free. By 16, he had graduated to breaking into computer networks and copying software—a crime for which he was later sentenced to a year in prison.
Years later, when he was caught violating the terms of his parole, Mitnick went on the run.
Mitnick’s misadventures earned him fame and another five years behind bars, but the verdict wasn’t without controversy. Supporters argued that at least some of the charges were fraudulent and that he hadn’t been treated fairly by journalists. Others suggested that Mitnick was driven by pride in his technical ability, not profit, and that the companies he infiltrated had not suffered meaningful losses.
Regardless, everyone agreed that he was talented. So when I was looking for someone to help build my cybersecurity company, I saw an opportunity. Mitnick was respected but notorious—a potential HR nightmare. Naturally, he was a perfect hire for me.
A fortuitous encounter
After selling my third company, I was eager to start something new. My experience had shown me that there was a huge gap in the traditional cybersecurity business. Most firms focus on software but overlook the problem of “social engineering.” That’s the term of art for the practice of cybercriminals who bypass firewalls by “hacking the human”—tricking people into doing things like clicking malicious links or downloading attachments.
As luck would have it, while I enjoyed a dinner with some new neighbors, the conversation shifted to business. When we started to talk about social engineering and my idea for a new startup, my friend Karen mentioned that she had a cousin who was really good at hacking—so good, in fact, that he’d gone to jail for hacking companies such as Sun Microsystems, Pacific Bell, and Motorola.
Karen’s cousin was none other than Kevin Mitnick. Fortunately for me, after serving his time, Mitnick realized the enormous good he could do with his technological talent, and he effectively switched sides. For the past several years, he had been consulting as a “white hat,” showing companies how they could protect themselves from cyberattacks.
I immediately knew that Mitnick’s skill would be an enormous asset, so I sent him an email and arranged to hire him. After all, who’d be better to propel a new cybersecurity company than a guy who’d penetrated some of the toughest systems that experts had ever built?
One hacker, three advantages
That was a turning point for my startup, KnowBe4. By recruiting Mitnick, we gained invaluable insights about where employees are most vulnerable. We were able to use those insights to develop a practical platform where companies can see where their own employees stumble and, most importantly, train them to recognize and avoid potential pitfalls. This is essential for any business because if all other security options fail, employees become a company’s last line of defense—one unintentional blunder can infect the entire network and bring down the whole company.
But having Mitnick on our payroll also gave us much-needed status in the cybersecurity world. Professionals within the industry already knew his name, and they respected the knowledge he’d built over three decades of work. And because we understood social engineering early and Mitnick joined us at the ground floor, we were able to rise to the top of our sector quickly and become a go-to company as the public started to recognize the danger of ransomware and other, more insidious types of cyberattacks.
It’s hard to understate the importance of this, for those considering our strategy. Mitnick wasn’t just an employee—he was at the center of our entire marketing strategy. Although we certainly could have stood out in other ways, we bet that Mitnick’s history would get people talking about what we do and the expertise we offer. And it was a bet we won. This idea, that courting a bit of controversy and celebrity can set you apart, is one that any serious entrepreneur should consider.
Not every startup will be centered around cybersecurity the way KnowBe4 is, and you might not be able to give a partner 50 percent of your company the way I did with Mitnick. But the idea that you should be ready to snap up talent that clearly fits your vision—even if that talent essentially falls into your lap and isn’t planned for—is critical for any business leader. Our success also shows that you don’t need to do it all yourself or be “the” expert to come out ahead. You simply need to find and lead others who are experts. If you stay ready and open-minded enough to leverage a partner’s brand, you’ll expand far faster than if you tried to start from scratch.
On a more human level, our story is also about redemption—second chances are hard to come by, especially for those with a turbulent history. Sometimes, the past or résumé doesn’t matter. Rather, it’s all about the potential we choose to see in each other. I’m grateful that I looked beyond the past with Kevin. It was one of the best decisions I ever made.
Stu Sjouwerman is the founder and CEO of KnowBe4, which hosts the world’s largest integrated Security Awareness Training and Simulated Phishing platform.