David Schwed, Halborn: “there is still a lot to build to prevent hacks and secure people’s digital assets”

Robust cybersecurity is paramount in the interconnected digital world of emerging technologies like blockchain and Web3.

With the rise of emerging technologies such as blockchain and Web3 applications, the need for robust security measures, from high-grade antivirus to Web protocols, has become paramount. This realization led to the emergence of Web3, a decentralized ecosystem leveraging blockchain technology to empower individuals and secure their digital assets.

To find out more about the fascinating field of Web2 and Web3 security, we sat down with David Schwed, the Chief Operating Officer (COO) of Halborn, shed light on the company's journey, its unique approach to cybersecurity, and the importance of practical understanding in tackling cyber threats.

How did Halborn come to be? What has your journey been like since your launch in 2019?

In 2017, Rob Behnke launched a growth marketing agency catered to the burgeoning crypto startup community. It didn’t take long until he noticed a disturbing trend: his crypto clients kept getting hacked!

In 2019, to protect his clients, he asked his network for referrals to security experts who could help, and he was introduced to Steve Walbroehl, an award-winning cybersecurity pro. And so Halborn was born out of the realization that the world needed more security experts to navigate the intersection of Web2 and Web3 to keep digital assets safe.

From the start, Halborn had strong foundational principles that enabled rapid growth. A remote-first team, results-driven rewards, and constant personal improvement (Kaizen) were some of the core ideas that enabled Halborn to go from a two-people team to close to 100. On the other hand, the need to secure and prevent multi-million dollar hacks in Web3 has allowed Halborn to thrive and help hundreds of clients in a short period of time.

In just under 3 years, the company was able to complete a Series A funding round for $90M to continue its growth and fulfill its mission to make Web3 a safer space for all.

Can you introduce us to what you do? What sets Halborn apart from other security firms in the industry?

At Halborn, we specialize in the convergence of Web2 and Web3 security, providing comprehensive security solutions. What sets us apart is our expertise in the Web3 domain, our meticulous approach to security engagements, and our dedication to delivering value to our clients.

We work closely with organizations to ensure their digital assets and systems are secure and compliant with industry best practices.

Even though penetration testing has gained momentum over the past few years, why do you think it is still not a widespread practice?

I believe the primary reasons are lack of budget as well as internal resources. A comprehensive pen test can be expensive, primarily if performed regularly, and also require substantive internal resources to address many of the findings uncovered during the test.

Many organizations also believe that a simple perimeter scan from a commercial scanner suffices as a pen test when in reality, that should just be one step in a more detailed test.

In your opinion, what are the worst organizational cybersecurity habits? Which bad practices do you come across most often?

The worst habits are those that take the approach of securing their project/environment/architecture at a later date. Many organizations view cybersecurity as an exercise that can be performed at any point or stage of a project. In reality, the most secure organizations involve cybersecurity personnel/vendors during the design phases of a project.

Other areas that I don’t believe many organizations are addressing effectively are PAM (privileged access management), Security Monitoring, Incident Response, and Host/Network security.

What tips would you give to someone looking to break into the field of ethical hacking?

As a primer, I would first recommend strengthening their existing technical knowledge. A deeper understanding of the underlying technology will allow that individual to truly understand how the technology works and, therefore, how to find exploits potentially.

I’d also highly recommend setting up a lab at home or in a cloud environment. Understanding something on a theoretical level is not enough, you must also understand it from a practical standpoint.

Since you mainly specialize in blockchain security, what predictions do you have for the future of this technology?

I believe that we will quickly see increased adoption of distributed ledger technology. Many projects are addressing the challenge of onboarding/offboarding into Web3 to make the experience transparent for users.

I also believe that we will see greater and more seamless interoperability with the different blockchain layer 1s.

And finally, what’s next for Halborn?

In the coming years, Halborn will continue to tackle some of the biggest problems in the security industry.

Halborn will release a number of tools to deal with the increasing number of threats, with a strong focus on providing security expertise to both companies and individuals.

Having worked in the Web3 space for over 3 years, Halborn now has an industry-wide insights knowledge base that sets a clear path on how to better secure Web3 Apps, Protocols, and even IoT devices.

There is still a lot to build to prevent hacks and secure people’s digital assets, and as long as there are emerging technologies such as Blockchain or IoT, there will be a need for Halborn.