The Story of Allure Security: From Teenage Hacker to Defending Brands Against Internet’s Oldest Threat

The Story of Allure Security: From Teenage Hacker to Defending Brands Against Internet’s Oldest Threat

The police were at the door. Again.

Inside his parents’ bedroom, a teenage Josh Shaul was doing what teenage hackers do – poking at systems, finding vulnerabilities, pushing boundaries. “I was the teenage hacker in my parents bedroom where the police were, like, knocking on the door, telling me to cut it out,” he recalled in a recent episode of Category Visionaries.

Most origin stories in tech start with a dorm room innovation or a corporate spinout. Josh’s begins with law enforcement intervention and a fundamental personality trait: “I think I’m the type of person that just has never been able to walk into a room without figuring out how to steal everything from that room.”

This compulsion, redirected, became the foundation for Allure Security – a company now protecting major financial institutions and ecommerce brands from the internet’s oldest and most persistent threat.

The Inexorable Pull

Josh’s path into cybersecurity wasn’t strategic—it was inevitable. “I was just growing up at the right time where sort of computers and the Internet and those things were just being born as I was at the right age to become involved there. So I think I was just inexorably drawn to it,” he explained.

The pattern started early. “Electronics were coming out when I was a kid and I was the kid that was, like, tearing apart the electronics that my parents got me as a gift and just sort of went on from there.”

But computers offered something physical electronics couldn’t: a playground where experimentation didn’t end in literal explosions. “The computer security world has given me an opportunity to do that and sort of have a playground where I could push buttons and pull wires and try different things and do that in a way that’s relatively safe from blowing yourself up and like, getting thrown in jail.”

That last phrase—”relatively safe”—carries weight. Those police visits taught Josh where boundaries lived. More importantly, they showed him that his instincts for finding system weaknesses could either be destructive or protective. He chose protection.

Career Cybersecurity Person

Josh describes himself simply: “Career cybersecurity person. I spent my whole life honestly just fascinated by computer security and how computer security can be bypassed.”

The evolution from teenage hacker to enterprise security leader took him through multiple phases. He spent years “helping organizations to figure out how to protect themselves and their communications and then how to protect their websites and their customers from various different types of thefts and scams.”

Throughout this journey, one constant remained: “It’s all about always and always will be about the same kind of things. Generally, it’s about money.” The attackers want money. The defenders are protecting money. The business model is just illegal versus legal.

This clear-eyed view of cybersecurity as economic warfare—not technological competition—would later become central to Allure Security’s differentiation.

The Chess Match

Over several years, Josh’s focus sharpened. “For the last couple of years, I’ve been really focused on fraud and on preventing fraud on the Internet and preventing people from becoming the victims of fraud and companies from being tied up in fraud with their customers and partners and whatnot.”

What drew him to this specific problem? “It gives me the opportunity to constantly engage in what feels like an ongoing chess match with the folks on the other side that are dedicated to making the fraud happen.”

The chess metaphor captures something essential about how Josh approaches security. It’s not about building impenetrable walls—it’s about anticipating moves, forcing opponent mistakes, and making the game economically unwinnable for the other side.

Watching the Evolution

Josh’s career spans the entire modern internet era, giving him perspective few founders possess. “It’s changed so dramatically, even though our mission hasn’t changed, like, one iota, but the tactics and the techniques and the level of sophistication of the attackers on the other side has just evolved nonstop since I’ve gotten into the industry in the beginning.”

He’s watched cybercrime professionalize. “These folks are purely profit driven. You’ve got criminals all the way up the stack from people that are building tools to help you host a scam website to people that are helping you get traffic into your scam website. They all operate as a supply chain just like any other industry would.”

More striking is how every business innovation creates security vulnerabilities. “It’s been amazing to see the innovation and techniques and it’s also stunning to see how every change in the business landscape, every new technology, every new consumer trend also turns into a new security trend. Like the explosion of cryptocurrency turned into an explosion of crypto security related issues. It never gets boring.”

Building Allure Security

This accumulated expertise led Josh to founding Allure Security, though the company’s history hints at complexity. When asked about funding totals, Josh corrected the record: “Relevantly? Raised about $6 million in funding,” not the $19 million listed on Crunchbase.

His explanation: “This company’s got a history that is maybe different from some other companies, tried some things, stopped doing them, just didn’t go out of business.”

That candor—admitting the non-linear path—reflects how Josh approaches the entire business. Allure Security’s mission emerged from recognizing a fundamental problem: scams have existed since the internet’s birth, and nobody had successfully made them unprofitable at scale.

The solution required understanding that you can’t eliminate scams. “You just can’t stop people from putting things on the Internet, so the ability to completely eliminate the problem just isn’t there,” Josh acknowledged.

Instead, Allure Security focuses on economics. They find impersonation scams early, take them down through platform relationships, and poison active scams with fake data that looks real but isn’t. “We just want to make their life miserable. We want to break the business model,” Josh explained.

The Intellectual Foundations

Josh’s leadership philosophy draws from specific sources. He cites Carol Dweck’s “Mindset” as “seminal in my life. I’ve been trying to get my children to read it since like early preteen age.”

Daniel Coyle’s “The Talent Code” and “Leadership Code” taught him “how people become talented” and how to lead them. David Rock’s “Your Brain at Work” provided physiological insights that proved “tremendously impactful for my ability to work than to get high performance out of other people around me.”

These aren’t random recommendations—they reveal someone obsessed with understanding systems, whether human psychology, organizational dynamics, or criminal networks.

The Future: Beyond Brand Protection

Allure Security’s current focus is brand protection for consumer-facing companies. They’re seeing traction primarily in “financial services, banks, credit unions, broker dealers, and even in the crypto space” along with “ecommerce. Fashion brands are really heavily targeted by impersonation attacks.”

But Josh sees a much larger opportunity ahead. “This problem of impersonation on the internet is a broad problem,” he explained. The logical expansion includes counterfeit products spanning “everything from fashion all the way to healthcare.”

More ambitiously, Josh wants to address workforce-targeted attacks. “When you look at those sort of attacks that are happening right now, those often rely on impersonation as well. It’s different from the brand impersonations that are targeting consumers, at least from a logical perspective. But from a technical perspective, impersonation is impersonation.”

He’s particularly critical of current solutions. “A lot of money is spent on security awareness training. A lot of money is spent on email security,” yet “we still have a massive tens of billions of dollars a year of security loss problems driven through the problems that email security and security awareness training are supposed to solve. So the products don’t work and they don’t do what they’re supposed to do.”

Allure Security plans to become “another component in that overall solution set that organizations are using to protect themselves against these attacks that result in compromise that start with, oh, that looks like a place where I should put my username and password.”

The vision is clear: “The more we can put ourselves into that equation over the next several years, the larger we’ll be able to grow.”

From a teenager tearing apart electronics to a CEO building protection systems for enterprise brands, Josh’s journey follows a single thread: understanding how systems break so you can prevent them from breaking. The police aren’t knocking anymore. Now the criminals are the ones who should be worried.