Hey, My name is

Charlie

Hacker. Creator. Curious. Entrepreneur. Thinker. Yogi. Student. Teacher. Advocate. Empath. Neurodivergent.

Hacking and work

Prior to 2022, most of my time was spent on my work and the startups I were involved with. As somebody who likes to understand how things work, hacking has been a big part of my approach to life and work

2025-Present

I work on software supply-chain security at Aikido Security, focusing on finding malicious behavior in open-source ecosystems at scale. I research real-world attacks, design detection signals, and build systems that turn messy package and maintainer data into clear security findings.

Research & Analysis
- Supply-chain threat research across open-source ecosystems
- Analysis of real-world attacks and systemic failure modes
- Adversary behavior and tradecraft tracking

Detection & Defense
- Designing signals for malicious package detection
- Translating raw data into actionable security findings
- Balancing precision, scale, and explainability

Ecosystem-Level Work
- Registry-scale analysis of packages and maintainers
- Identifying structural weaknesses in open-source platforms
- Cross-ecosystem risk and abuse pattern discovery

Tooling & Systems
- Building systems for large-scale package analysis
- Detection pipelines and internal security tooling
- Rule engines and risk-scoring frameworks

Communication & Impact
- Public research writing and incident communication
- Industry discussions on supply-chain security
- Advocacy for safer open-source ecosystems

2022-Present

jswzl

Making tools for hackers. Initially releasd in July 2023.

- First solo-startup
- Tool meant for hackers, penetration testers, bug hunters
- JavaScript focused
- Reverse engineering, static analysis, semantic analysis, and dynamic analysis

2020-2022

- Acquired Adversary.io in April 2020
- Group Product Manager for Security Tooling team
- Security Researcher in Content team

2014-2020

Security Consulting in Iceland.

- Principal Security Engineer
- Partner

Consulting
- Application Security
- Source Code Review
- Penetration Testing (External & Internal)
- Incident Response
- Forensics
- Phishing

Training
- Created the original version that'd turn into Adversary.io
- Taught in-person classes at universities and companies

Tooling
- Created systems and tooling for improving efficiency and results


Acquired by Origo in 2021.

2016-2020

Teaching Developers how to hack.

- Co-founder
- CTO 
- Head of Content
- Guide vision & mission

Acquired by Secure Code Warrior in 2020

2010 - 2014

CCP Games

- All things security
- Internal & External Security
- Incident Response
- Game Security
- Code Review
- Anti-cheating
- Preventing money laundering, real-money trading and botting

In media

Here's some highlights of the news, interviews, and other media I've been involved in.

News

XRP Breach
Gizmodo - Massive Supply Chain Attack Targets Cryptocurrencies Through NPM (September 9, 2025)
The Register - Ripple NPM supply chain attack hunts for private keys (April 23, 2025)

debug/chalk compromise
The Register - Dev snared in crypto phishing net, 18 npm packages compromised (September 8, 2025)
CSO Online - Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads (September 9, 2025)
Bleeping Computer - Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack (September 8, 2025)
KrebsOnSecurity - 18 Popular Code Packages Hacked, Rigged to Steal Crypto (September 8, 2025)

React Aria attack
Bleeping Computer - Malware found in NPM packages with 1 million weekly downloads (June 7, 2025)

S1ngularity
The Register - Nx NPM packages poisoned in AI-assisted supply chain attack (August 27, 2025)

Shai Hulud
The Register - Self-propagating worm fuels latest npm supply chain compromise (September 16, 2025)
KrebsOnSecurity - Self-Replicating Worm Hits 180+ Software Packages (September 16, 2025)

Sha1-Hulud 2.0
Bleeping Computer - Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub (November 24, 2025)

Misc.
Fortune - Phia, a popular AI shopping agent founded by Bill Gates’ daughter Phoebe Gates and Sophia Kianni, has been collecting a concerning amount of user data (November 15, 2025)
Fortune - OpenAI says prompt injections that can trick AI browsers like ChatGPT Atlas may never be fully ‘solved’—experts say risks are ‘a feature not a bug’ (December 23, 2025)

Conference talks

BSides RI 2013 - Large-scale application security
UT Messan 2016 - Turning the table on „Advanced Persistent Threats“
UT Messan 2017 - Inviting hackers into your bedroom
UT Messan 2020 - Lessons learned from teaching developers how to hack

The self

In 2022 I decided to leave the corporate side of things behind to focus more on what really matters to me. This has deeply shaped my approach to life since then.

2022-Present

Ashtanga vinyasa yoga

After I resigned my job at Secure Code Warrior, I wanted to augment my powerlifting practice. I found a local Ashtanga yoga studio, which has been my primary practice ever since.

At The Breathing Space in Amsterdam, I've had the pleasure of practicing with Lana Beex and Mercedes Parellada most days. As well as visiting teachers who's had a profound impact on my practice, especially Scott Johnson of Stillpoint London.

2022

Prāṇāyāma

In 2022, shortly after starting my Ashtanga practice, I had the opportunity to do a 60-hour Pranayama teacher training with Laurent Roure.  

This was a wonderful experience that opened my eyes up to the profound nature of the breath, and how it impacts every aspect of daily life.

2023

Vinyāsa

Having practiced for a bit over 6 months, and having done the Pranayama TT, I wanted to go deeper.

Together with Lana Beex, I did a 300H+ Vinyasa Teacher Training, which was a truly life-changing experience.

2024

Reiki I & II 

During my exploration of Pranayama and Yoga I increasingly became sensitive to the phenomena of "Energy" (Whether called Prana, Chi, or Ki). Initially I was sceptical about the traditional teachings around energy work.

But I decided to explore it deeper, and did Reiki I and II, which gave me tools that I've enjoyed using in my daily life.