What if you could clone your best cybersecurity consultant and put them to work on five engagements at once?

In this episode of Cyber Security District, we sit down with Leslie Clement and Erie Berhitu, co-founders of Clember AI, an EU-first, AI-native platform built to automate the repetitive, time-consuming work that holds cybersecurity consultants back. Both Leslie and Erie spent years grinding through the same manual loops at major consultancy firms document analysis, gap assessments, risk reports, roadmaps before deciding enough was enough.

Rather than build another consulting firm or hire more headcount, they built a platform. Clember AI now enables security consultants to run five or more client engagements simultaneously, with consistent, high-quality output every time. And they did it entirely bootstrapped, no VC, no investor pressure, just product-market fit and a clear-eyed vision of where cybersecurity consulting is heading.

In this episode, we explore:

• How a company getting hacked on day one of the job launched Leslie’s career in cybersecurity
• The year-long frustration that led Erie and Leslie to build Clember AI instead of another consulting firm
• Why they chose to stay bootstrapped despite investor interest and why they don’t regret it
• How Clember AI automates the full consulting lifecycle: document ingestion, gap analysis, risk translation, and reporting
• Why consistency across junior and senior consultants is a bigger deal than most firms admit
• The shift from hourly billing to monthly retainers and how Clember keeps consulting firms “interesting” to clients year three and beyond
• Their vision: becoming the Datasnipper of cybersecurity consulting
• Why embracing AI is non-negotiable for CISOs and why helping early-stage startups matters for the whole industry

Timestamps:

00:00 – Introduction

00:15 – Meet Leslie Clement and Erie Berhitu

01:40 – How Erie got into cybersecurity (and why it wasn’t exactly planned)

02:45 – Leslie’s rough first day: getting hacked with no tech team

04:00 – The shared frustration that sparked Clember AI

06:10 – Why they chose to build a tech firm instead of a consulting firm

08:30 – The first product concept: automating the questionnaire

11:20 – Who Clember AI is actually for: cybersecurity consultancy firms

14:00 – Billable hours vs. scale: how Clember changes the math

17:30 – The shift from hourly billing to monthly retainers and staying interesting in year three

22:00 – Will AI kill traditional consultancy? Leslie and Erie’s take

25:10 – How Clember works: document ingestion, gap analysis, risk translation, roadmaps

29:00 – Consistency across consultant seniority levels

31:30 – Hiring technical talent as non-technical founders

34:00 – Staying bootstrapped despite VC interest and why pivoting was easier without investor pressure

38:30 – What made Clember appealing at an early stage

41:00 – The hiccups: work-life balance, family, and knowing when to step away

44:30 – Gut feeling vs. rational decision-making as founders

48:00 – The vision: Clember as the Datasnipper for cybersecurity consulting

51:30 – What’s next: new markets, sales hires, and scaling customer success

54:00 – Data privacy and security by design inside Clember

57:00 – Final message to CISOs: embrace innovation, and back the startups

Connect with the guests:

Leslie Clement: https://www.linkedin.com/in/leslie-clement/

Erie Berhitu: https://www.linkedin.com/in/eberhitu/

Website: https://www.clember.ai/

Follow Cyber Security District:

Laurens Jagt on LinkedIn: https://www.linkedin.com/in/laurensjagt/

Website: https://www.cybersecuritydistrict.com/

All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we speak with Tom Leijte, founder of Passguard, one of the most exciting emerging cybersecurity companies in the Netherlands. Passguard helps organizations detect when infected devices, stolen credentials, and active sessions show up on criminal marketplaces, giving security teams early visibility before exposure turns into a breach.

Tom shares how his journey started outside of “traditional” cybersecurity, working in private investigations where dark web intelligence was already part of high-stakes screening work. Together with his technical co-founder, he built the capabilities to infiltrate closed criminal forums and surface the kind of forensic-level logs most companies never see until it’s too late.

In this episode, we cover:

• Using dark web intelligence for sensitive employee screening
• Why “classic” dark web monitoring often gets deprioritized by security teams
• The infostealer shift: stolen session tokens, not just leaked passwords
• How session theft can bypass MFA and why that changes the game
• How criminal marketplaces work (and how trust is built among criminals)
• How Passguard infiltrates closed forums using reputation, escrow, and long-term access
• Building a European-first solution and partnering with MSSPs / security platforms
• Scaling after investment: team growth, ICP clarity, and market expansion

Timestamps: 00:00 – Intro 00:15 – Meet Tom Leijte and Passguard’s mission 00:37 – Early visibility: exposure before it becomes a breach 01:22 – Tom’s background in private investigations 02:13 – Screening sensitive roles using open-source + dark web sources 03:47 – Why dark web intelligence matters for organizations 04:39 – How Passguard started (and the co-founder story) 05:53 – What surprised Tom most about the dark web 06:20 – Data breaches vs data brokers: what ends up for sale 07:20 – Discovering infostealers and why they’re different 08:17 – Session tokens, MFA bypass, and the “unmanaged endpoint” problem 10:01 – What infostealers capture (sessions, access, and more) 11:10 – Why SaaS + remote work + BYOD changed attacker economics 12:27 – Supplier and branch-office risk: the blind spot organizations miss 14:31 – Why classic “dark web monitoring” wasn’t landing in the market 15:38 – The Mom Test and learning to run real customer conversations 18:08 – Reframing the problem: focusing on infostealer exposure 20:38 – How the dark web works (no “bookmark”, reputation, escrow) 23:11 – Passguard’s approach: bots, reputation, and long-term infiltration 25:55 – Real-world example: infostealers and large-scale government breaches 27:37 – What stolen access is worth and how it gets packaged for sale 29:19 – Screenshots, persistence, and “always up-to-date” stolen sessions 30:05 – Educating customers and turning awareness into action 31:03 – What Passguard delivers: evidence, context, and early alerts 33:08 – The Snowflake case: old credentials, massive impact 36:06 – Scaling after investment: pressure, growth, and coping 37:18 – Why Tom chose experienced cyber investors and operators 39:43 – Passguard as intelligence inside MSP/MSSP security workflows 41:45 – Team expansion and what roles matter most next 43:27 – ICP clarity and European market expansion 45:27 – Signal message to CISOs: give startups a chance early 46:50 – Outro

Connect with the guests:

• Tom Leijte: https://www.linkedin.com/in/tom-leijte-01596536/
• Website: https://www.passguard.com/

Follow Cybersecurity District:

• Laurens Jagt on LinkedIn: https://www.linkedin.com/in/laurensjagt/
• Website: https://www.cybersecuritydistrict.com/

All channels & newsletter: https://beacons.ai/cybersecuritydistrict

In this episode of Cyber Security District, we sit down with Julius Muth, co-founder of Revel8, a fast-growing startup tackling one of the most urgent threats in modern cybersecurity: deepfake-powered social engineering.

Julius flew in from Berlin to join us in the Amsterdam studio and breaks down how attackers are already cloning voices, abusing call centers, and using multi-channel manipulation (email, WhatsApp, LinkedIn, video calls) to bypass technical defenses and target employees at scale.

We also get into how Revel8 scaled from early MVPs to large enterprise rollouts, the team’s operator DNA from Celonis, and their goal to build “10 million human firewalls.”

In this episode, we dive into:

• Why deepfake voice phishing is exploding via service desks and call centers
• The real-world deepfake fraud case that changed everything (25M USD)
• How Revel8 personalizes awareness with role-based “playlist” simulations
• Why time-to-first-report beats click rate as a security KPI
• How Revel8 scaled fast: funding, enterprise rollouts, and culture

Key Takeaways:

• Deepfakes turn trust signals (voice, video) into attack surfaces
• Context-rich phishing is far more effective than generic campaigns
• Awareness works best in short, relevant, continuous moments
• Measure reporting behavior and speed, not “gotcha” click rates
• Modern threats require modern training across every channel

Timestamps: 00:00 – Introduction 00:15 – Meet Julius Muth and Revel8’s mission 01:20 – Why deepfakes are a serious enterprise risk 02:30 – Voice phishing through service desks and call centers 04:00 – A real incident example and why it’s “hot” right now 04:45 – Founders’ background and the Celonis operator mindset 05:40 – Validating the market (100 handwritten letters) 07:10 – The deepfake fraud case: 25M USD and what it proved 09:20 – Social engineering is leveling up (multi-channel trust) 12:00 – The “podcast vote” scam and impersonation patterns 14:20 – From MVPs to enterprise: what changed after hiring a senior CTO 19:00 – Why traditional awareness training fails 23:40 – The “Spotify playlist” model: personalized learning journeys 26:00 – Turning real attacks into simulations 28:40 – Better KPIs: time-to-first-report and workforce sensors 31:10 – Modern payloads and “make the victim execute” tactics 34:40 – Scaling growth: team, cold-calling “Champions League,” and GTM 41:40 – Advisors, credibility, and enterprise access 45:00 – The goal of “10 million human firewalls” 46:10 – Why the name Revel8 (and the naming story) 48:40 – Hiring profile and what they look for 51:40 – Munich office move and what’s next 52:35 – Final message to CISOs

Connect with the guest: Julius Muth: https://www.linkedin.com/in/julius-muth/

Revel8: https://www.revel8.ai/

Follow Cyber Security District: Laurens Jagt on LinkedIn: https://www.linkedin.com/in/laurensjagt/ Website: https://www.cybersecuritydistrict.com/ All channels & newsletter: https://beacons.ai/cybersecuritydistrict