May Recap: New Faces, New Digs & More Community

By | May 31st, 2013|Uncategorized|

This past month was a proud one for CSID – with new faces, a new Austin office and various community outreach initiatives.

Welcome to CSID, Kent Bloomstrand
While Kent took his post at CSID as Chief Technology Officer back in April, we told the world in May. Kent came to us from OpenText Corporation, and we look forward to working with him on the development and infrastructure of new products. Get to know more about Kent in the official announcement.

A New HQ
Last year our team grew by more than 46%, and to accommodate our expanding company and more robust tea, we needed a brand new Austin office. So, we moved! We’re still getting settled, but stay tuned for pictures and updates from us enjoying our new digs.

Foster Care Month
May was National Foster Care Month. We dedicated much of our social media efforts this month to educate others about the identity theft risks that foster children face. While 1 in 10 kids are at risk for identity theft, the risk is much higher for kids in the foster system. See our blog post on Foster Care Month for more information about these risks, as well as how to protect all children from identity theft.

Joe Ross at ATC CEO Summit
Our president Joe Ross participated in the Austin Technology Council’s CEO Summit. We were honored to have Joe represent us, as we’re proud to be a part of Austin’s growing technology community.

Joe Ross at MPA Entrepreneurship Panel
Joe also represented CSID – and his entrepreneurial side – at the MPA Council’s Entrepreneurship Panel in early May. He spoke alongside the founders of fellow Austin businesses, Tiff’s Treats, P. Terry’s and Stubb’s BBQ. He deserves extra recognition for representing the tech community among a panel of foodies. Nice job, Joe!

Coming up in June – let’s talk SMB! Survey, webinar and Twitter Chat
If you recall, this quarter we’re focusing on small business security risks, reputation management and best security practices. We’ve been surveying small business owners to get their perspectives on these topics, and we’ll present the findings next month in a whitepaper. We’ll also be hosting a webinar on the topic with other experts – stay tuned for more details. But coming up just next week is our Twitter chat about SMB security risks. Join us on June 6th at 1 PM CT using the hashtag #IDTheftChat.


Password Complexity: Why It Makes a Difference in a Breach

By | May 15th, 2012|Uncategorized|

By: Joel Carleton, CSID Director of Cyber Engineering

We’ve all heard that it’s important to pick long, complicated passwords. What you may not realize is why this becomes crucial in the context of a breach. While ensuring you don’t pick from some of the most common passwords is important, it’s still not enough. 

Some background information on how passwords work: while we still see websites storing passwords unencrypted (in this case, if you are part of a breach, the complexity of your password makes no difference), it is most common for websites to encrypt your password with a one-way hash. Put simply, this is a method that takes your password and transforms it into a long string of characters that is then stored in the website’s database. The website does not know your original password. When you log in to the website it applies the transformation and compares the long string to what it has stored in the database. If they match, then it knows you have entered the correct password.

When a company is breached, a common result is the selling and or sharing of that company’s user accounts. They could be publicly disclosed, shared in criminal forums and chat rooms, or sold to the highest bidder. The breached company may have taken steps to secure your account credentials, but the strength of your password can be your best friend or worst enemy. When a breach happens on a website where the passwords have been hashed, the criminal steals a list of user ids/emails and associated hashed passwords. They do not yet have your original password. The criminal has to decrypt the hash to retrieve the original password. While there are many sophisticated techniques at the criminals’ disposal, one of the most popular is referred to as the “brute force” method.  Every possible password is tried. Given the short and simple passwords that are routinely used, the criminal can quickly decrypt the majority of the encrypted passwords. 

To find out just how simple it is to decrypt a password, try to Google the encrypted hash of a common password, “d8578edf8458ce06fbc5bb76a58c5ca4”. It’s pretty easy to see what the original password is even without using brute force guessing software.

Let’s assume you’ve chosen something more complicated. For passwords with 6 characters, how many brute force guesses are necessary? Assuming your password at least has mixed upper and lower case letters, there are 19 billion possible passwords. There are two things that make cracking this type of password trivial for the criminal:

  1. They do not have to attempt to log in to the website for each of their guesses. It would be impossible to make the necessary number of attempts to log in. They are able to make as many guesses as they want without anyone knowing what they are doing because they have the hashed password. 
  2. Computers are very good at making very fast guesses. An average computer with an upgraded graphics card can make 500 million guesses a second.   Your 6-character password length can be guessed in 38 seconds or less. Adding numbers and the full set of non-alphanumeric characters, the password can now be guessed in 26 minutes or less. 

Parting advice: the easiest way to make your passwords better is to make them longer (at least 9 characters).  If you still use only alphanumeric characters but your password is 10 characters, a criminal would need over 18,000 days to crack it. Hopefully he won’t have this much time on his hands and will move on to an easier target!

CSID New Faces: Tim Brown, CTO

By | February 23rd, 2012|Uncategorized|

Tim Brown
CSID recently welcomed Tim Brown to the company’s executive team as CTO. Tim brings more than 20 years of experience in the information security industry, having worked at established companies like CA Technologies and Symantec. Amidst his hectic first weeks at CSID (he’s already traveling the world), Tim filled us in on his experience, goals and moving from a New York horse farm to “weird” Austin.

CSID:Can you tell us a little bit about yourself?

Tim: I’m married and have one son who is a freshman at Rochester Institute of Technology (RIT). I currently live on a large horse farm in upstate NY, and we are looking forward to leaving the winters behind and moving to Austin. I’ve been involved in the security industry for many years, and I’m always looking for ways to improve the overall state of security for individuals, governments and enterprises.
CSID: What do you like about CSID that made you want to work here?

Tim: The security industry has been falling behind and identities continue to be compromised. CSID provides an approach that goes beyond firewalls and anti-virus to address the real identity theft problem. CSID empowers users to manage their identities, and it provides the technology and people necessary to stop them from being compromised and warn them if they are at risk. I also was drawn to the team—the CSID team consists of highly motivated and talented people moving towards a common goal.
CSID: How do you feel your previous experiences will contribute to your role as CTO at CSID?

Tim: I have been involved in many different aspects of technology, have run many different teams and have provided helpful guidance to governments and industry. I started at Symantec in the early days of anti-virus and I watched the market grow into a standard component that protects every computer. At CA Technologies I drove the identity technology that protects many of the largest enterprises and their consumers. At CSID I see these coming together. Identity protection will be as commonplace as anti-virus, and CSID will power the protection utilized and offered by many enterprises.
CSID: Any immediate goals for the company you can share with us?

Tim: The company has incredible opportunities and a great deal of growth ahead of it. Our current portfolio is the best in the industry and we are constantly investing in new product and technology offerings. As CTO my job is to focus our efforts, drive our differentiating technology and optimize our operations.
CSID: How’s the move to Austin?

Tim: My wife and I are having a great time exploring Austin. The people are wonderful and the food is great. We have been looking for houses and have traveled North, South, East and West.  I think we like the East side, but we are still looking.

CSID New Faces: Amanda Nevins, CFO

By | November 29th, 2011|Uncategorized|

Amanda Nevins is one of CSID’s newest faces after joining the team back in October as CFO. She brings to the table a wealth of experience from prior finance positions at international, high growth companies such as Rackspace and

New to Austin and new to CSID, we sat down with Amanda to find out more about what makes this CFO tick.

CSID: Can you tell us a little bit about yourself?

Amanda:  On the personal side I love being a mom! I have a 12-year-old daughter and a 19-year-old stepson who is studying at West Virginia University. I have been married 14 years. I love the outdoors and enjoy camping, skiing and hiking. I also love music, which is why I am so excited about living in Austin and having all these different music venues to explore.

CSID: What do you like about CSID that made you want to work here? 

Amanda: Throughout my career, I’ve worked at companies that have had a great company culture and CSID is no different. CSID is a fast-paced, growing, innovative company, in an interesting industry.

CSID:  How do you feel your experiences at and Rackspace will contribute to your role as CFO at CSID?

Amanda: It is interesting. At both and Rackspace, the companies were very service-oriented. CSID is also very much about trying to provide the right products and services to our customers. In this sense, and Rackspace have a lot in common with CSID. In my role, I will be providing financial leadership in a company that strives to provide great service with a company culture that is top notch. There is a lot of overlap and similarities between these fast-paced, high-growth companies and this is an area where I excel.

CSID: Any immediate goals for the company you can share with us?

Amanda: Just continuing to provide great service and products for our customers. This is how we will ultimately increase revenue and provide return on investment for investors.

CSID: We’re in a day and age where a breach seems inevitable. What is one key action companies should take to prepare for a data breach?

Amanda: So, being a little biased, I would say they should hire CSID. Taking a proactive approach to preparing for a data breach can really help a company in the long run. I also feel being up on industry standards is important. The more you know about the industry, the more aware you will be. 

CSID: Anything else you would like to share?

Amanda: I am just really excited to become part of the Austin community and become rooted here. Meeting peers and learning more about Austin is going to be a lot of fun. It has been six weeks since I moved here and am I’m starting to venture out a bit. I’m looking forward to joining organizations and getting involved in this great community.  

Load More Posts