From 13-Year-Old Hacker to Cybersecurity Leader with Mischa van Geelen

In this episode of Cyber Security District, we sit down with Mischa van Geelen, one of the Netherlands’ most remarkable cybersecurity professionals. At just 13 years old, Mischa discovered a critical vulnerability at a major Dutch bank. By 15, he was the youngest full-time pen tester at a global consultancy. Now in his twenties, he’s already co-founded one of the top incident response firms in the country, served as TISO at leading payment institutions like iDEAL and European Payment Institute (EPI) and is gearing up to launch his next venture.

Mischa’s story is anything but ordinary. A self-taught hacker turned security strategist, he shares candid insights into the realities of incident response, the pitfalls of “watermelon compliance,” and why cybersecurity must be treated as a business enabler, not a sunk cost. Whether it’s rebuilding a college’s IT infrastructure after a massive ransomware attack or scaling a startup from scratch, Mischa combines technical brilliance with rare clarity on communication, compliance, and leadership.

In this episode, we cover:

• Discovering his first vulnerability at age 13
  
  
• Interning at ABN AMRO while still in high school
  
  
• Joining a consultancy firm as a full-time pen tester at 15
  
  
• Building and scaling an incident response company
  
  
• Inside stories from real-world cyberattacks
  
  
• Why most companies still don’t “get” compliance
  
  
• The burnout risk of incident responders
  
  
• His thoughts on AI, deepfakes, and the future of cybercrime
  
  
• Plans for his next cybersecurity venture
  
  
• Advice for aspiring ethical hackers and cyber entrepreneurs
  
  

Whether you're a CISO, student, founder, or future threat analyst, this episode is packed with valuable lessons and honest reflections from someone who's lived cybersecurity from every angle and isn't done yet.

Timestamps:
00:00 – Intro
01:00 – Finding His First Vulnerability at 13
04:20 – Interning at ABN AMRO
07:00 – Getting Misunderstood by the School System
09:40 – Joining a Consultancy as a Teenager
14:00 – Launching a Cybersecurity Company at 17
17:20 – Challenges of Managing Incident Response Teams
22:30 – Real-Life Ransomware Incidents
27:10 – The Reality of 24/7 Cyber Incident Response
31:45 – The Emotional Impact of Cybercrime
34:30 – Working with iDEAL & EPI
38:10 – AI Threats and the Rise of Deepfakes
42:00 – Watermelon Compliance & What’s Broken in Cyber
45:50 – Mischa’s Next Venture: Automating Real Compliance
49:20 – Communication as the Missing Skill in Cybersecurity
52:00 – Final Message to Global CISOs

 

Connect with the guest:
Mischa van Geelen: https://www.linkedin.com/in/rickgeex/
Learn more about Anovum: https://www.anovum.nl 

Follow Cyber Security District:
Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/
Website: https://www.cybersecuritydistrict.com
All channels & newsletter: https://beacons.ai/cybersecuritydistrict