Connect with us

Interviews

Felix Kan, Founder and CEO of Cyberbay – Interview Series

mm
Published

Felix Kan is the Founder and CEO of Cyberbay, bringing over 15 years of experience in cybersecurity. Prior to launching Cyberbay, he served as a Partner at PwC, where he co-founded several notable initiatives including Darklab, Hackaday, and Hackbot. His expertise spans IT governance, technology architecture, and security management.

Cyberbay is a cybersecurity company that provides AI-powered security services and ethical hacking solutions through a global network of vetted professionals. Its platform enables continuous vulnerability scanning, real-time threat analytics, and fixed-reward bounty missions, helping organizations detect and remediate risks efficiently. Cyberbay also offers professional training and security assessments to strengthen enterprise resilience.

You spent over a decade at PwC, where you co-founded ventures like DarkLab and Hackbot. What motivated you to leave and build Cyberbay from the ground up?

After 15 years in the industry, including my time as Partner at PwC Hong Kong and founder of initiatives like DarkLab and Hackbot, I came to a realization: cybersecurity needed a mindset shift. The industry had no shortage of tools, but it lacked clarity and confidence. Security had become reactive and product-driven, instead of being proactive and strategic. I launched Cyberbay to change that, not just to build another dashboard, but to be a true partner to organizations. Our mission is to help them fix, strengthen, and future-proof their digital environments. In a world full of noise, Cyberbay aims to be the signal.

It was also clear that the traditional consulting model, where clients pay for effort, not outcomes, was fundamentally broken. Organizations shouldn’t be charged for time spent; they should be paying for results. That’s why Cyberbay is built around an incentive-based model that rewards impact, not activity.

At the same time, AI was reshaping how expertise is created, shared, and scaled. Cybersecurity has always been an expertise-intensive field, dependent on a small number of specialists. But with the right tools, we can democratize that expertise, transforming it into a shared, accessible, and validated knowledge pool. I saw an opportunity to crowdsource real-time insight from a global and diverse group of ethical hackers. Criminal networks are already operating with inclusivity and speed. We believe defenders must do the same.

As both an ethical hacker and a business leader, how has your hands-on cybersecurity background shaped your vision for Cyberbay?

I started my journey as PwC’s first ethical hacker, where I uncovered vulnerabilities in large-scale enterprise environments and helped fix them. That hands-on experience taught me that real security isn’t just about building walls; it’s about visibility, governance, and deeply integrating security into how businesses operate. That philosophy is baked into Cyberbay’s DNA: security that runs at the speed of business, anticipates change, and brings order to chaos.

No single expert sees the whole picture. The key to effective assessments is diversity of knowledge, background, and approach. That’s why we emphasize building a broad, global network of security professionals. When expertise is collective, outcomes are consistently stronger.

With a successful security assessment, the goal is to find bugs, but the real formula lies in the knowledge and expertise of the assessor. To generate stable and meaningful output, we need a large and diverse pool of experts. Each assessor brings their unique competence pool, and that diversity creates strength. Different assessors approach problems differently, and that variation leads to richer insights and more resilient defenses. At Cyberbay, we believe that diversity of thought is not just a value, it’s a security advantage.

In what ways does AI make Cyberbay’s threat detection predictive rather than reactive, and how does that change how companies approach risk?

At Cyberbay, we take a proactive approach to cybersecurity. Our AI-powered tools, like CyberScan, don’t just alert you to problems that already exist; they simulate potential attacks, analyze behaviors, and adapt to evolving risks in real time. This allows organizations to identify vulnerabilities before they’re exploited.

Unlike other bug bounty platforms that only focus on hunting bugs, we built our monitoring tool, CyberScan, which continuously scans and detects issues across the enterprise. Security assessments are like housekeeping services that operate outside the internal IT team. While IT teams are focused on known checklists and internal systems, our assessments uncover blind spots that often go unnoticed, especially those tied to “shadow IT” systems or assets launched by business units without IT oversight.

With digital enablement easier than ever, it’s increasingly common for assets to be managed outside the IT department. These hidden systems pose major risks if they’re not seen or managed. We approach cybersecurity as an exercise in knowing the unknown and giving organizations the time and clarity they need to prepare. In doing so, we help shift cybersecurity from a reactive cost center to a strategic, predictive function.

How do you ensure the AI models you use don’t generate false confidence or overlook low-probability but high-impact threats?

One of the common traps in cybersecurity is over-relying on automation. At Cyberbay, we blend AI with expert human oversight. Every flagged vulnerability goes through a triage process where we validate its exploitability and real-world impact. AI helps us see more, but our experts make sure we see clearly. This human-machine balance keeps our clients focused on what truly matters.

Can you explain how CyberScan works behind the scenes? What makes your continuous monitoring stand out from legacy SIEM or vulnerability scanners?

Traditional scanners are often noisy, intrusive, and run on fixed schedules, which limits their effectiveness. CyberScan is different. It’s non-intrusive, always on, and continuously updated with secondhand intelligence sourced from the dark web and hacker forums. If cybercriminals are already scanning your systems and posting results online, CyberScan picks it up.

Rather than redundantly scanning, we prioritize remediation. We also correlate leaked credentials, sometimes even admin access, so companies can act before damage occurs. Think of CyberScan like a digital immune system: constantly evolving, deeply integrated, and designed to protect before the breach.

Why do you believe ethical hackers are becoming the first line of defense in cybersecurity?

Because unethical hackers are the first line of attack. Ethical hackers think like adversaries, uncover blind spots, and evolve with the threat landscape. They don’t just run scripts; they simulate real-world attacks with nuance and creativity. In today’s cybersecurity environment, they’re not optional. They’re essential.

What are some of the biggest misconceptions companies still have about ethical hacking, and how do you help them overcome those fears?

One major misconception is that cybersecurity assessments are one-and-done. Just because a company passed a test last year doesn’t mean they’re safe today. Threats evolve. So do infrastructures. Another fear is that ethical hacking might disrupt business operations. In practice, our manual testing is designed to be safe, targeted, and minimally invasive.

How have you integrated UX and human factors into a space traditionally dominated by technical complexity and jargon?

We believe cybersecurity is a business problem first, and a technical problem second. Most breaches stem from breakdowns in governance, not just bugs in code. That’s why we’ve designed Cyberbay not just for CISOs, but also for marketing, finance, and operations leaders who need to understand digital risk.

Through intuitive dashboards, clear communications, and our virtual CISO service, we demystify security. Our approach helps organizations shift from reactive bug-fixing to proactive governance, where behavior, culture, and process are the frontline defenses.

What’s your 5-year vision for Cyberbay? How will the platform evolve as threats become more sophisticated and AI becomes more autonomous?

We’re building for what comes next. Over the next five years, Cyberbay Labs will expand into AI red teaming, Web3 security, and voice interface protection. We’re also developing autonomous threat detection and remediation models. Our goal is for every company, especially those without a CISO today, to use Cyberbay as their virtual CISO tomorrow, backed by a global network of researchers.

Do you foresee a future where AI itself becomes the attacker? And if so, how will defensive platforms like Cyberbay adapt?

That future is already unfolding. AI can generate code, mimic voices, and deploy phishing campaigns at a scale humans never could. But AI is neutral. It can be a weapon or a shield. At Cyberbay Labs, we use AI to simulate, reverse-engineer, and stay one step ahead of emerging threats. We adapt at the pace of innovation because that’s what it takes to stay secure.

Thank you for the great interview, readers who wish to learn more should visit Cyberbay

Related Topics:
mm

Antoine is a visionary leader and founding partner of Unite.AI, driven by an unwavering passion for shaping and promoting the future of AI and robotics. A serial entrepreneur, he believes that AI will be as disruptive to society as electricity, and is often caught raving about the potential of disruptive technologies and AGI.

As a futurist, he is dedicated to exploring how these innovations will shape our world. In addition, he is the founder of Securities.io, a platform focused on investing in cutting-edge technologies that are redefining the future and reshaping entire sectors.