An Interview with Daniel Cid, Co-Founder of Sucuri and Creator of OSSEC HIDS

For All Things IT Security Conference Related

Join Our Newsletter [Over 50K Subscribers]

Let us send you information on ticket discounts, speaking opportunities and a ton more!

Home / Blog / An Interview with Daniel Cid, Co-Founder of Sucuri and Creator of OSSEC HIDS

An Interview with Daniel Cid, Co-Founder of Sucuri and Creator of OSSEC HIDS

Tagged Under:

What will you learn in this post?
We’ve been interviewing several pentesting and forensic tool developers over the last few months, such as Marc “van Hauser” Heuse who created THC Hydra and the cURL developer Daniel Stenberg. In this blog post we interview Daniel Cid, the co-founder of Sucuri and creator of OSSEC HIDS.

Intrestingly, you’ll learn how Daniel’s venture into creating tools influenced his co-founding of Sucuri. You’ll also receive invaluable advice on how to promote your tool. Furthermore, it is interesting to note Daniel’s comments that cyber threats are becoming more ‘intelligent’ from his experience at Sucuri.



Henry, Concise
You are founder of Sucuri – which we love! Did creating the open source OSSEC HIDS lead into Co-Founding Sucuri?

Daniel, OSSEC HIDS Creator
Absolutely. I learned so much building and working with OSSEC, that gave me the ideas and the experience to start Sucuri. In fact, Sucuri came out initially as a network-based integrity monitor to complement the file-integrity monitor available on OSSEC. OSSEC was able to look at the file and server-level, but didn’t have the external visibility to some assets that are not tangible (like DNS or Whois or even how your web server is displaying your site). Sucuri complemented that by looking at them. We later expanded into also looking for indicators of compromise and web-specific malware for a more complete package.

Henry, Concise
For all those budding security developers out there trying to create tools, how do you recommend they promote their work? Perhaps presenting research at conferences? Any other ways?

Daniel, OSSEC HIDS Creator
I was never really good at that, but I relied heavily on mailing lists and blogging to share and promote the work we were doing on OSSEC. It grew very slowly and took a few years until people started to recognize and use OSSEC more often.

At this day and age, I would say that blogging + twitter + mailing lists/forums are still the best way to promote and share the work you are doing.

Henry, Concise
What advice would you give to all those trying to break into cybersecurity? What tips would you suggest to ‘get noticed’? Maybe develop a tool? Contribute to Open Source?

Daniel, OSSEC HIDS Creator
If you want to get noticed, you have to do something worthy of getting noticed. I will recommend to start by learning and studying all you can and trying to find areas where you can make a difference and really contribute to make things safer and better. It could be through open source projects, through research or even good documentation.

Once you are able to make a difference, getting noticed will follow.

Henry, Concise
Also, with regards to Sucuri, are you seeing an overall increase in APT’s/ attacks and are services such as Sucuri becoming more ‘intelligent’ in filtering attacks?

Daniel, OSSEC HIDS Creator
Oh yes, attacks are becoming more complex (I could say intelligent), which forces any defensive security company to also become smarter on how we are monitoring and filtering attacks. We (Sucuri) are spending a lot of time and money into improving our research to try to stay ahead and to continue to offer real valuable security to our customers.

And that applies not only to companies, but to security professionals as well. You can not stop in the time and think you know it all, or you will be outdated in a few years. You have to be in this always learning and always improving mode to keep up with the changes.


In summary
A big thank you to Daniel for the time he took to answer our questions and we wish him and the team all the best at Sucuri! Drop a comment below if you have any comments on questions regarding OSSEC HIDS. If you are interested to learn more about OSSEC we’d recommend that you consult the documentation here.

Leave a comment or reply below...thanks!