Hector Monsegur

Why organisations work with Hector Monsegur

• He co-founded and led LulzSec during its 2011 campaign against targets including Sony, the CIA public website, News Corporation, Stratfor, and US and UK law enforcement bodies, which gives his technical explanations a provenance no defender-only speaker can claim.
• Court filings credit his FBI cooperation with helping prevent roughly 300 cyber attacks on US government, military, and corporate targets; that record is a matter of public record, not self-description.
• He is a working penetration tester and cybersecurity research lead, currently Chief Research Officer at SafeHill, so his examples reflect live engagements rather than stories from a decade ago.
• His joint work with former FBI Special Agent Chris Tarbell, including the “Hacker and the Fed” podcast, means a single booking can span both the attacker and investigator perspective on the same incidents.
• He is direct about his own record and the decisions that led to cooperation, which is what makes him credible in front of boards and security leaders who have seen the sanitised version of this story before.

Biography highlights

• Co-founder and de facto leader of LulzSec, the 2011 hacktivist group that breached Sony, PBS, News Corporation, Stratfor, and the public website of the CIA.
• FBI cooperator from June 2011, credited in federal court filings with helping prevent around 300 cyber attacks before being sentenced to time served in May 2014.
• Co-founder and Chief Research Officer of SafeHill, a US cybersecurity startup that exited stealth in 2025 with a 2.6 million dollar pre-seed round.
• Former Director at Rhino Security Labs, leading network penetration testing for financial services, retail, and technology clients.
• Co-host with former FBI Special Agent Chris Tarbell of the “Hacker and the Fed” podcast.
• Covered by CBS News, Wired, Vice, Ars Technica, and Fox News; first television interview conducted by Charlie Rose on CBS This Morning.

Biography

LulzSec existed for roughly fifty days in the summer of 2011 and did enough damage in that window to force boards at Sony, News Corporation, and several federal agencies to rethink their security posture. Hector Monsegur, operating under the handle Sabu, was one of six core members and the group’s public face on IRC and Twitter.

The FBI identified him that June and, within twenty four hours of arrest, he agreed to cooperate. Over the next ten months he continued to appear online as Sabu while working with federal investigators, an arrangement court filings later credited with helping prevent around 300 planned attacks on targets including NASA, the US military, and major media organisations. He was sentenced in May 2014 to time served.

What makes his perspective commercially useful is not the biography, it is the technical specificity behind it. He can walk a security team through how a hacktivist crew forms, how trust between members is established and exploited, how initial access is gained, and how the same operational mistakes keep appearing inside Fortune 500 networks a decade later. That work now sits inside a live engineering role.

He is Chief Research Officer at SafeHill, a cybersecurity startup that raised 2.6 million dollars in pre-seed funding in 2025 to build a continuous threat exposure management platform. Alongside that he co-hosts “Hacker and the Fed” with Chris Tarbell, the former FBI special agent who ran the LulzSec and Silk Road investigations. For a security buyer, the unusual thing is that both sides of that original case are now on the same stage.

Key speaking topics

• Attacker-side perspective on corporate cyber risk
• Hacktivism and the formation of online crime groups
• Penetration testing and offensive security
• Insider threat and human failure points
• Federal cybercrime investigation and cooperation
• State of the threat landscape

Ideal for

• CISOs, heads of offensive security, and red team leaders inside banks, insurers, and large technology firms
• Boards and audit committees seeking an unfiltered briefing on how a modern intrusion actually unfolds
• Risk, compliance, and fraud leadership inside retail, payments, and critical infrastructure
• Cybersecurity conferences and industry events looking for a keynote that pairs operator credibility with current research

Audience outcomes

• A first-hand account of how a hacktivist group formed, operated, and was eventually dismantled.
• Specific examples of where corporate defences tend to fail against a motivated attacker with time.
• A clearer view of the human factors that drive most successful intrusions, from insider error to social engineering.
• Language that senior leaders can use to brief their own boards on cyber exposure without leaning on vendor slides.