What if your next great cyber defender is a teenager gaming in their bedroom right now?

In this Threat Talks episode, Lieuwe Jan Koning and former FBI Supervisory Special Agent William McKean (founder of The Redirect Project) explore how young digital natives go From Hacker to Hero.

They chart the journey from gaming and online communities to real-world intrusions.
Then they show how to redirect that curiosity into ethical hacking, cyber defense, and a Zero Trust mindset at home and at work.

You’ll get practical questions to ask kids, simple “safe word” tactics, and concrete steps security leaders can use to grow defenders instead of future attackers.

Key Topics Covered
From gamer to attacker: How curiosity, gaming communities and digital “mentors” funnel kids into cybercrime, and how to redirect that path toward ethical hacking.

Psychology of recruitment: Why belonging, status and rewards override an undeveloped moral compass, and how grooming patterns mirror terrorism and gang recruitment.

Parent & educator playbook: Practical ways to talk about online life, spot early warning signs, use “safe words,” and apply a Zero Trust mindset at home.

Diversion, not destruction: How programs like The re_direct Project, HackShield, re_B00TCMP, Hack_Right, and The Hacking Games turn justice-involved kids into defenders instead of life-long offenders.

• (00:00) - - Introduction
• (01:25) - - What does FBI’s cyber division do
• (05:40) - - Children as hackers
• (08:14) - - From hacker to helper
• (10:31) - - It all starts with curiosity
• (17:56) - - What about AI development
• (21:27) - - Other mechanisms to worry about
• (22:32) - - 27:17 What can we do to help
• (27:17) - - The re_direct Project
• (33:45) - - What should the consequences be for child hackers
• (37:09) - - Recommendations for parents
• (42:02) - - What can organizations do

Episode Guest & Projects Mentioned
• The re_direct Project (youth cyber diversion & mentorship): https://www.redirectproject.org/
• HackShield (elementary school cyber game): https://www.hackshieldgame.com/
• Dutch Police re_B00TCMP “Reboot Camp”: https://www.politie.nl/informatie/re_b00tcmp.html
• Hack_Right juvenile cyber program: https://www.om.nl/onderwerpen/cybercrime/hack_right
• The Hacking Games (ethical hacker esports): https://www.thehackinggames.com/

If this episode helped you rethink your From Hacker to Hero strategy for your family or your workforce, don’t forget to hit Like, subscribe to Threat Talks.

🔔 Follow and Support our channel! 🔔 ===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520
👕 Receive your Threat Talks T-shirt https://threat-talks.com/
🗺️ Explore the Hack's Route in Detail
🗺️ https://threat-talks.com 🕵️
Threat Talks is a collaboration between @ON2IT and @AMS-IX

The world’s biggest open-source ecosystem - npm - faced its first self-spreading worm.

They called it Shai Hulud.

It didn’t just infect one package. It infected developers themselves.

When a maintainer got phished, the worm harvested credentials, hijacked tokens, and created new CI/CD workflows to keep spreading - automatically.

No command-and-control. No manual uploads. Just a chain reaction across the npm registry.

And while the world was busy shouting about “2.6 billion downloads affected,” this real threat was quietly exfiltrating GitHub, cloud, and npm secrets - right under everyone’s nose.

This isn’t just another npm story.

It’s the first-ever self-replicating supply chain worm - and a wake-up call for every developer and security team building in the open.

Watch host Rob Maas (Field CTO, ON2IT) and Yuri Wit (SOC Analyst, ON2IT)

break down how it started, how it spread, and how to make sure your pipeline isn’t the next one to go viral.

• (00:00) - Intro, welcome & what npm is
• (00:01) - Crypto drainer: how it worked, maintainer phish & real impact
• (00:05) - “Shai Hulud” worm: credential harvesting & package spread
• (00:07) - Hype vs reality: the “2.6 billion downloads” myth & media reaction
• (00:10) - Defenses: dependency strategy & CI/CD workflow alerts
• (00:14) - Secrets hygiene, OS targeting (Windows exit), end-user/EDR tips & takeaways

• How a maintainer phish and TOTP capture led to a crypto drainer in npm.
• Why Shai Hulud’s credential harvesting + CI/CD persistence makes it high-impact.
• Practical defenses: pin/review dependencies, CI/CD change alerts, secret rotation, egress monitoring.
• What developers vs. end users can (and can’t) do in supply-chain attacks.

Got your attention?

Subscribe to Threat Talks and turn on notifications for more content on the world’s leading cyber threats and trends.

Guest and Host Links:

Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/

Yuri Wit (SOC Analyst, ON2IT): https://www.linkedin.com/in/yuriwit/

Additional Resources
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams
npm: https://www.npmjs.com/
Node.js: https://nodejs.org/
GitHub Docs: Actions & Workflows: https://docs.github.com/actions
MetaMask: https://metamask.io/
OWASP Dependency Management: https://owasp.org/www-project-dependency-check/
SLSA Supply-chain Levels for Software Artifacts: https://slsa.dev/

Click here to view the episode transcript.

How solid is your digital trust—or are you just hoping your PKI is secure?
Let’s be honest: too many companies run on borrowed trust and forgotten certificates. In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning and Rob Maas pull back the curtain on what really holds your digital world together—and what can tear it down overnight.
They break down PKI in plain language: the root of trust that must stay locked away, the intermediates that keep your systems running, and the automation that stops your team from clicking “ignore” on yet another warning.
You’ll see why rolling your own keys beats trusting anyone else, how to keep your devices speaking the same language of trust, and why short-lived certificates might just save you from the next big breach.
This isn’t theory—it’s how Zero Trust really starts: by proving that your organization can trust itself.

Additional Resources
• Threat Talks Episode on SSL Decryption – https://youtu.be/Xv_jVHVsD9w
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• ACME protocol (RFC 8555): https://datatracker.ietf.org/doc/rfc8555/
• Let’s Encrypt / ACME protocol – https://letsencrypt.org
• DigiNotar case study background – https://en.wikipedia.org/wiki/DigiNotar
• Mozilla CA Program (trusted root store): https://wiki.mozilla.org/CA
• infographic about encryption  https://on2it.s3.us-east-1.amazonaws.com/20250304_Infographic_Encryption.pdf

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Key Topics Covered
• Why root certificates must never be online—and how intermediates provide a safe fallback.
• Real-world PKI failure: DigiNotar compromise and lessons for CISOs.
• How ON2IT built a secure, low-cost PKI with offline key bearers and ACME automation.
• The hidden risks of training employees to ignore certificate warnings—and how Zero Trust demands the opposite.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX