Child Entrepreneur Caleb Sima: Cofounder Of SPI Dynamics (Part 4)

SM: Your first real job, as a teenager, involved securing online banking products?

CS: That was when I got involved with real security work. I started going through security techniques and examining exploits. At the time, there was a very small company called ISS that was also based out of Atlanta. They found me and pitched me a product called RealSecure. I found so many ways to bypass their product that it was not even funny. I was constantly on the phone with engineering at ISS about their problems. Finally, the head of engineering called me up and asked me if I wanted to have a job there.

I was happy where I was, but ISS was a company dedicated only to security and hacking. That was intriguing. I went to do an interview at ISS, and as I walked up to the building the first guy who met me was a white Canadian guy with dreadlocks and a full beard. He was smoking a cigarette on the steps, and he stopped me and we started talking. He knew more about security than I knew, which blew me away. He walked me through my interview process, where I interviewed with thirty people over two days. Everybody I talked to was a security guru and a hacker. I loved it. They offered me a job to join X-Force, which was a security research team inside of ISS.

SM: How old were you then?

CS: That was in 1996, and I was seventeen. ISS had about one hundred employees. I was the youngest person at ISS at the time. ISS became my high school and college experience. It was small and I was very familiar with everyone. My job was to research exploits. You can still find my advisories on the Internet today.

SM: How long did you stay there?

CS: I stayed there through 2000. I started the first security consulting services at ISS for security penetration testing. We would break into company networks. I was the person who transferred from X-Force into the consulting to do pentesting. That required a completely different mindset. I was used to downloading something and reverse engineering it to find exploits. In the world of pentesting, I had to break into a company and I had two weeks to do it. I had a week to break in and a week to write a report about it. I went to real-world exploitation techniques.

In the beginning I was using firewall exploits and zero day exploits, but companies started patching their networks. People would buy IDSs, and firewalls were standard at all companies. It became harder and harder to break into companies. I then started messing around with corporate websites. I noticed that in the link of the HTML there was a comment in the source code that said, “Marcus: on this date I left the admin utilities in the /admin/temp. Look there for all utilities,” so I copied the URL and put it in the browser. It gave me a directory listing of all the pages in the website with full admin access. I was then able to root around their database and retrieve usernames with passwords. I then connected to their e-mail system and tried the same user names and passwords. I was then able to start breaking into all these different companies just through the Internet.

Soon I was able to go into any company and break into its websites with ease. It would take me about ten minutes. I went back to the ISS engineering team and told them what I was doing. They all thought it was cool, but ISS did not want to make it into a product. ISS had IPO’d and they now had “big company” syndrome. I decided to leave and create that product on my own, so in 2000 I started doing my own consulting while working on it.

This segment is part 4 in the series : Child Entrepreneur Caleb Sima: Cofounder Of SPI Dynamics
1 2 3 4 5 6 7