Embrace open-source: The power of collective experience

Paulino Calderon (Co-Founder at Websec) is a cybersecurity entrepreneur with a passion for open-source projects. His contributions to the information security industry are far-reaching, with millions of professionals relying on the tools he’s developed. 

He also serves as a mentor for students (including on the Google Summer of Code program) and upcoming cybersecurity professionals; and collaborates with OWASP to produce resources that are freely available to the global cybersecurity community. 

We caught up with Calderon for a quick glimpse into his perspective on security. 

What led you to co-found Websec?

“This question takes me back to Canada in 2010, when a good friend, and now my partner, asked me to help him conduct a security assessment for a company in the energy field that wanted to know how secure it was. 

“Back then, companies weren’t forced by regulations to take penetration tests by third parties, and only those interested in their security were looking for offensive security services. 

“We had so much fun conducting this first assessment, and after recognising it would become an essential service in the future, we decided to start this venture. A year later, we joined forces with another friend and also started operations in Mexico.”

Why are you passionate about open-source projects? 

“I genuinely believe in the power behind the democratisation of knowledge. I joined a program sponsored by Google that gave funds to open-source projects, and the infamous port/service scanner Nmap took me under its wing. I learned much from collaborating with people worldwide and sharing contributions with millions of users. 

“The amount of experience and knowledge we can gain if the information is freely available is mind-blowing. Mainly because when I started learning about cybersecurity, the information was mostly shared in small circles/silos. Together, we can make significant strides toward a future where technology serves as a bridge rather than a barrier, connecting us in our shared pursuit of progress.” 

When you offer your experience as a mentor for cybersecurity students, what do you gain from that experience? 

“I learn something from everyone. We all have different backgrounds and sets of skills. I firmly believe we all have different perspectives and strategies for tackling problems, especially in a field where creativity pays off. You often find the most innovative solutions from people new to the field that bring fresh eyes and, more importantly, an open mindset.”

What are the key threats you're concerned about in 2024? 

“As standard security measures have evolved, we will discover more sophisticated attacks that utilise multiple layers of attack surface. Hence, it is important to build multi-layer cyber security programs that don’t focus on single threats but take on the entire ecosystem of known threats. With the progress of AI, we are on the verge of a historic jump in adversarial capabilities, and we need to be ready to face them.”

Finally, what did you gain from Black Hat MEA 2023? 

“Black Hat MEA 2023 gave me insights into the latest solutions for facing modern threats and where we need to work more as an industry. Learning more about the technical details of the latest attack techniques prepared me to focus on the big picture as attacks evolve. Finally, networking with my peers was invaluable in helping me better understand the threats affecting this region.”

Thanks to Paulino Calderon at Websec. If you want to immerse yourself in the future of cybersecurity, join us in Riyadh for Black Hat MEA 2024.