In this episode of Cyber Security District, we sit down with Mischa van Geelen, one of the Netherlands’ most remarkable cybersecurity professionals. At just 13 years old, Mischa discovered a critical vulnerability at a major Dutch bank. By 15, he was the youngest full-time pen tester at a global consultancy. Now in his twenties, he’s already co-founded one of the top incident response firms in the country, served as TISO at leading payment institutions like iDEAL and European Payment Institute (EPI) and is gearing up to launch his next venture.

Mischa’s story is anything but ordinary. A self-taught hacker turned security strategist, he shares candid insights into the realities of incident response, the pitfalls of “watermelon compliance,” and why cybersecurity must be treated as a business enabler, not a sunk cost. Whether it’s rebuilding a college’s IT infrastructure after a massive ransomware attack or scaling a startup from scratch, Mischa combines technical brilliance with rare clarity on communication, compliance, and leadership.

In this episode, we cover:

• Discovering his first vulnerability at age 13
  
  
  
  


• Interning at ABN AMRO while still in high school
  
  
  
  


• Joining a consultancy firm as a full-time pen tester at 15
  
  
  
  


• Building and scaling an incident response company
  
  
  
  


• Inside stories from real-world cyberattacks
  
  
  
  


• Why most companies still don’t “get” compliance
  
  
  
  


• The burnout risk of incident responders
  
  
  
  


• His thoughts on AI, deepfakes, and the future of cybercrime
  
  
  
  


• Plans for his next cybersecurity venture
  
  
  
  


• Advice for aspiring ethical hackers and cyber entrepreneurs
  
  
  
  

Whether you're a CISO, student, founder, or future threat analyst, this episode is packed with valuable lessons and honest reflections from someone who's lived cybersecurity from every angle and isn't done yet.

Timestamps:

00:00 – Intro

01:00 – Finding His First Vulnerability at 13

04:20 – Interning at ABN AMRO

07:00 – Getting Misunderstood by the School System

09:40 – Joining a Consultancy as a Teenager

14:00 – Launching a Cybersecurity Company at 17

17:20 – Challenges of Managing Incident Response Teams

22:30 – Real-Life Ransomware Incidents

27:10 – The Reality of 24/7 Cyber Incident Response

31:45 – The Emotional Impact of Cybercrime

34:30 – Working with iDEAL & EPI

38:10 – AI Threats and the Rise of Deepfakes

42:00 – Watermelon Compliance & What’s Broken in Cyber

45:50 – Mischa’s Next Venture: Automating Real Compliance

49:20 – Communication as the Missing Skill in Cybersecurity

52:00 – Final Message to Global CISOs

Connect with the guest:

Mischa van Geelen: https://www.linkedin.com/in/rickgeex/

Learn more about Anovum: https://www.anovum.nl 

Follow Cyber Security District:

Laurens Jagt (Host): https://www.linkedin.com/in/laurensjagt/

Website: https://www.cybersecuritydistrict.com

All channels & newsletter: https://beacons.ai/cybersecuritydistrict