From Hacker to Cyber Gamekeeper, Danny Jenkins

Interview with Danny Jenkins, CEO and co-founder of Threatlocker

Danny Jenkins didn’t take the conventional route into cybersecurity. In fact, his journey started in an entirely different world—writing malware as a teenager in the UK. Now, as the CEO and co-founder of ThreatLocker, he’s one of the leading voices in cybersecurity, helping businesses and IT professionals defend against the very threats he once explored.

With the rise of AI-driven cyberattacks, Jenkins is more determined than ever to educate and arm businesses with the right tools. Through hands-on training, live demonstrations, and a deep dive into emerging cyber threats, he’s helping IT professionals develop the skills and strategies needed to combat modern cyber risks.

A Childhood Curiosity Turned Cybersecurity Mission

Jenkins’ fascination with technology began at an early age—though not in the most conventional way.

“I was very short and used to get beaten up a lot,” Jenkins admits. “I wasn’t very good at fighting back, so I responded by writing malware. This was in the days of Windows 3.1, and I would create scripts that waited for floppy disks to be plugged in and then deleted work from people I didn’t like.”

Despite this early experimentation with hacking, Jenkins never went down the black-hat route. Instead, he secured an IT apprenticeship at just 15 years old, earning £50 a week. His passion for understanding how systems worked quickly led him into corporate IT security, where he learned firsthand how to defend large-scale networks from cyber threats.

The Evolution of Threats: AI and the New Cybersecurity Battlefield

Jenkins built his career by securing global enterprises, but today’s cyber threats are evolving faster than ever—especially with the rise of AI-generated malware. What once required deep coding knowledge can now be created in minutes by someone with no prior experience.

“Two years ago, if you wanted to create malware, you either had to buy it off the dark web or write it yourself,” Jenkins explains. “Now, anyone with a computer can generate malware using AI. We tested ChatGPT last year. At first, it refused to write malicious code, but when we told it we were cybersecurity professionals, it gave us exactly what we needed.”

The experiment was eye-opening. When Jenkins’ team compared a ChatGPT-generated malware script with a publicly available one from Google, traditional antivirus software immediately flagged the Google script—but the AI-generated one slipped through undetected.

“The problem isn’t just that AI is making it easier to create malware. It’s that new, unique malware is being generated in real time, making it nearly impossible for traditional detection-based security to keep up,” Jenkins warns.

The Zero Trust Approach: Deny by Default

Jenkins and ThreatLocker advocate for a zero trust approach to cybersecurity—one that flips traditional security models on their heads. Instead of trying to detect and block bad software, Jenkins believes in denying everything by default and only allowing applications that have been explicitly approved.

“We don’t care whether a piece of software is good or bad. If it hasn’t been approved, it doesn’t run. Period,” he explains. “Hackers constantly find new ways to get past antivirus and detection tools, but if they can’t execute their code, they can’t do anything.”

This “deny by default, allow by exception” approach eliminates a key weakness of traditional security models: the reliance on knowing what’s bad. With AI-generated threats emerging at an unprecedented pace, zero trust security is becoming a necessity, not a luxury.

AI Agents, Web3, and the Future of Cybersecurity

The rise of AI agents—autonomous systems capable of performing complex tasks—also presents new cybersecurity challenges. These agents can transact, make decisions, and access personal data without direct human oversight, raising concerns about data privacy, fraud, and security breaches.

“The biggest risk isn’t just what AI agents can do—it’s what data we’re trusting them with,” Jenkins says. “I wouldn’t put anything confidential into AI systems I don’t fully trust. If an AI is helping book your vacation, that’s one thing. But would I let it wire money? Absolutely not.”

Similarly, in the Web3 space, where blockchain and decentralized technologies are becoming more mainstream, Jenkins sees both opportunities and threats. While blockchain can improve transparency and security in some areas, it also introduces new attack vectors for hackers looking to exploit weaknesses in smart contracts and digital wallets.

Preparing for the Future: Hands-On Training at Zero Trust World

To help IT professionals stay ahead of these evolving threats, Jenkins is leading the charge at Zero Trust World 2025, a hands-on cybersecurity event designed to provide practical, real-world training. Taking place from February 19-21, 2025, in Orlando, Florida, this immersive three-day experience will bring together some of the brightest minds in cybersecurity, featuring live hacking labs, in-depth technical training, and expert-led discussions.

“Zero Trust World goes beyond traditional tech conferences,” Jenkins explains. “We don’t just talk about threats—we show you how they work. Attendees will gain practical experience identifying vulnerabilities, understanding how malware spreads, and seeing firsthand how hackers exploit weaknesses.”

The conference is structured to provide IT professionals with an interactive learning environment. Sessions will cover a range of topics, including how attackers compromise systems using USB-based hacking devices, how cybercriminals take over public Wi-Fi networks, and how AI-generated malware can bypass traditional security measures. With a lineup of industry leaders, ethical hackers, and cybersecurity executives, Zero Trust World is designed to give attendees immediate, actionable strategies they can implement to strengthen their security posture.

By focusing on real-world threats and hands-on training, the event ensures that professionals walk away not just with theoretical knowledge but with the skills to proactively defend their organizations. In an era where AI is making cyberattacks more sophisticated, Zero Trust World 2025 offers a crucial opportunity for businesses and individuals to reinforce their cybersecurity frameworks.

One of the standout sessions? Live hacking demonstrations. Participants will get to see:

• How attackers use USB-based hacking devices (like Rubber Duckies) to compromise systems
• How cybercriminals take over public Wi-Fi networks
• How AI is being used to generate malware in real time

The goal isn’t to train hackers—it’s to make IT professionals think like hackers, so they can defend their organizations more effectively.

“I have one goal,” Jenkins says. “I want everyone who attends to leave and immediately implement at least one change that makes their system more secure. Even if it’s something simple—like adding branding to your email login page to prevent phishing attacks—every step counts.”

This year’s conference will feature an impressive lineup of speakers, including industry leaders, ethical hackers, and cybersecurity executives who are shaping the future of cyber defense. Attendees will have the opportunity to participate in live hacking demonstrations, explore cutting-edge security solutions, and connect with some of the brightest minds in the industry. With cyber threats becoming more sophisticated—especially in the age of AI-driven attacks—Zero Trust World 2025 provides a crucial learning environment for IT professionals to stay ahead of emerging risks and adopt proactive security measures that go beyond traditional detection-based models.

A Cybersecurity Vision for the Future

Jenkins’ journey from teenage hacker to CEO of a billion-dollar cybersecurity company is more than just a personal success story—it’s a wake-up call for businesses and individuals alike. The cyber battlefield is evolving, and AI is making attacks easier, faster, and harder to detect. But by embracing zero trust security, understanding emerging threats, and staying one step ahead, organizations can protect themselves from the next wave of cyber risks.

“Cybersecurity isn’t about reacting—it’s about being proactive,” Jenkins says. “The threats are changing, and we need to change with them.”

See more breaking stories here.