Kunal Agarwal’s cybersecurity journey takes him from the sting of Juvenile Corridor to the founder and CEO of dope.safety.
Dope.safety supplies a safe net gateway. It’s designed to cease hackers making hay from web sites. However its founder was, is, and can at all times be, a hacker.
“I used to be born and raised in California, however I began as a bit of a kid hacker,” he says. He was round 9 years outdated, greater than 20 years in the past, and was on the age the place he needed to do issues he shouldn’t do or couldn’t afford to do.
“It was a time of, hey, how do I watch this film that I’m not allowed to go in and watch, and I can’t go in and watch at dwelling. So, I entered this world of questioning the right way to obtain a film or a sport totally free.”
This primary curiosity prompted him to find out how emulators and ROMs work in order that, if he may pirate a Nintendo sport, he would be capable to play it on a PC. It was the beginning of understanding expertise.
It’s price interjecting that this conduct is only a hop, skip and a bounce from social engineering – a time period that we normally restrict to critical dangerous guys, however is admittedly one thing everybody does in all features of every day residing. Discover that the Agarwal youngster needed to search out methods to see films and play video games that he couldn’t.
Kunal Agarwal, founder and CEO of Dope.Safety.
Everybody faces this downside and finds completely different options. A technical particular person will discover a technical answer. Much less technical individuals could resort to social engineering. What 19-years outdated youth has by no means tried to influence a liquor retailer proprietor that he’s actually 21. It’s price contemplating this connection between the social engineer and the hacker as we discover the trigger and exercise of hacking.
Evidently, Agarwal’s strategy progressed as he grew to become extra technically adept. “Once I was at school, I virtually went to jail for hacking the varsity grading system.” The motivation was curiosity reasonably than any type of private achieve – he personally had good grades, however was curious to see how the system labored.
The potential of the hack was, nonetheless, critical. “When you get in, you possibly can modify and alter something, throughout any faculty in any district within the California space.” He was caught; and what occurred subsequent in all probability modified his life.Commercial. Scroll to proceed studying.
There wasn’t a lot codified legislation in place at the moment, and far was depending on the advice of the DA. “So, I used to be put in entrance of the DA for San Jose, and I had the chance to persuade him – socially engineer him, in case you like – to take my most popular route. I stated, you may have the choice of placing me in Juvey the place I’ll change into an inmate; or you possibly can let me do one thing else and be productive. We ended up taking the second route, which led to probation reasonably than jail time.”
Agarwal stayed out of jail however doesn’t fake it was a straightforward time. “It was a really scary time, however studying expertise. It was good that any person had that decision-making energy and that there really existed a program to direct somebody down a distinct path, reasonably than simply sending them to Juvenile Corridor.”
It could be mistaken to counsel that this expertise modified him, nevertheless it did assist redirect him. He was, and is, and believes he’ll at all times be, a hacker. For Agarwal, being a hacker will not be what you do, however who you might be; that’s, somebody who at all times questions the established order and questions the way it could possibly be completely different. That questioning will not be one thing you’ll be able to activate or off. In his personal phrases, “It’s in my DNA.” The scary nature of his district legal professional expertise made his DNA-driven curiosity deal with the extra productive space of cybersecurity – nevertheless it didn’t and couldn’t cease him being a hacker.
This sequence seeks to grasp why some individuals with hacking expertise change into black hats whereas others change into white hats. Most hackers agree that they’re born hackers – it’s of their nature. They begin with childhood and adolescent pranks – typically for kudos reasonably than achieve. There isn’t a malicious intent – but some go on to change into malicious whereas others don’t. The query is, Why?
“I’ve at all times been a rule breaker,” says Agarwal. “That’s my primary nature. However then there’s a discovered facet of what’s acceptable – what guidelines you’ll be able to break and what guidelines you shouldn’t. I completely credit score the individuals round me, reasonably than myself, for my course. I might say there’s an affect in nurture that finally ends up pushing your nature in a sure course. Clearly, in case you’re surrounded by individuals which can be nefarious and doing dangerous issues each single day, that pushes you in a single course. I wasn’t.”
It could be that the primary affect got here from the DA who determined to present him a second likelihood. However Agarwal himself credit his subsequent stint at Symantec as an vital issue.
After a number of temporary employments, together with internships, he grew to become a researcher at College of California, Berkeley. In 2013 he grew to become a software program engineer with Symantec, shifting into product administration in data safety in 2014. Three years later he grew to become Symantec’s basic supervisor for the web of issues. He was at Symantec for greater than six years. He typically says, I did my undergrad at UC Berkeley, however I did my Grasp’s at UC Symantec.
It was at Symantec that he discovered the right way to deal with individuals. He rose by the ranks into product administration reasonably quickly with the assistance of people that mentored and pushed him.
On the age of twenty-two, “I used to be working with individuals twice my age and manner smarter than me. These of us weren’t hackers and had a really completely different strategy to issues, they usually actually instilled their mindset into me. Each time I’ve a buyer dialog, it’s drilled into my thoughts that you just by no means deceive a buyer, and that you just by no means drive prospects to do one thing they actually shouldn’t do.”
So, by the age of twenty-two, Agarwal was a hacker by nature, and other people particular person by coaching.
When he left Symantec in 2020, it was for a stint as senior director of product administration at Forcepoint, however when he left Forcepoint in 2021, it was to discovered his personal firm, dope.safety.
Dope supplies a cloud native safe net gateway, and his position as CEO marries most of the vital features of his private historical past. He understands expertise (beginning by educating himself about emulators and ROMs earlier than his age was in double figures); he understands the net (hacking it practically landed him in jail whereas he was in school); and he understands the distinction between proper and mistaken conduct (triggered by the DA who didn’t ship him to jail and fomented by older and wiser colleagues at Symantec).
However he’s nonetheless a hacker as a result of it’s in his DNA. And being a hacker and understanding hacking is vital in growing a safe net gateway.
“I used to be on the black hat aspect for a really very long time earlier than shifting over and occupied with issues. However you by no means actually lose that mentality of, How do I exploit one thing? or How do I discover a vulnerability in one thing and obtain some type of a profit out of that? It’s wired into my private DNA. So, I can take a look at somebody and surprise, What’s their password? And I routinely suppose, OK, I do know the identify is Jones, so the password is kind of seemingly a variation on that: Jon_es, or joneS1, or JoneSone. That’s simply me – it’s the best way I’ve at all times operated in life.”
As a child, though by no means maliciously, the worth of this mind-set was to use the password proprietor. Now that he’s grown up and matured together with his personal firm, the aim is to guard the proprietor of the password. However the pondering technique of exploiting and defending could be very related.
“Being a hacker is a mindset. It means you’re at all times in search of the vulnerability in issues. It’s a blessing and a curse, as a result of it helps loads with a job, nevertheless it additionally will get you into loads of bother. You find yourself doing issues, and even occupied with issues, about, properly, this web site works. Actually simply yesterday, I used to be pondering, I’m wondering what’s occurring below the hood of this web site. Oh, in order that’s what’s occurring, and that is the way it works, and these are the dangers related to that, that is the data disclosure that’s occurring. It’s not one thing I do day-after-day, nevertheless it’s a really, crucial a part of, not simply my job, but in addition the enjoyable a part of my life as properly.”
Hackers interviewed by SecurityWeek typically describe their impulse to hack as a compelling curiosity that can not be suppressed – a deep need to grasp how one thing works. That is widespread (though Agarwal means that this compulsion could also be integral to the very DNA of the hacker – which might clarify why it can’t be denied).
The world that separates hackers into completely different classes is what they do with the understanding after they’ve acquired it. Some change into black hats, utilizing the information to extort cash, or disrupt programs, or steal victims’ data for monetary achieve. Some are ruled by patriotism. We may classify NSA, GCHQ and Mossad hackers this fashion; however that may additionally require us to incorporate Russia’s FSB, GRU and SVR hackers and, for instance, the Strategic Help Pressure of China’s PLA – together with Models 61398 and 61486 – as patriotic hackers. Others search to grasp programs in order that they are often improved, or secured, for the good thing about the customers. Agarwal belongs to the final class.
If we assume that he’s proper, and that hacking is a part of the hacker’s DNA, then we will assume that the origin of hacking is an inescapable a part of the hacker’s nature. However that alone doesn’t clarify why now we have completely different classes of hacker: black, white, gray, moral, and nation-state. This comes from the hacker’s environmental pressures pointing them in a particular course. It implies an outline of the hacker as an individual pushed by nature however formed by nurture.
Associated: Hacker Conversations: David Kennedy – an Atypical Typical Hacker
Associated: Hacker Conversations: Dan McInerney and Puzzle-Pushed Hacking
Associated: Hacker Conversations: Joe Grand – Mischiefmaker, Troublemaker, Instructor
Associated: Hacker Conversations: Chris Evans, Hacker and CISO
