Benjamin Caudill – CEO of Rhino Security Labs

[quote style=”boxed”]Make a prioritized ‘to-do’ list. I do this daily, and wouldn’t be able to manage everything without it. Invaluable tool it being able to identify and prioritize what’s important on a given day.[/quote]

Benjamin Caudill is the CEO and principal consultant for Rhino Security Labs, an IS consulting and managed security firm. Prior to his years in consulting, Ben worked as a penetration tester, incident responder, and forensics analyst in the aerospace and finance industries. He has spoken at numerous security conferences (most recently at Defcon 21) and is currently researching the security of embedded devices and other up-and-coming technologies.

What are you working on right now?

I have a few big things going on, but one of the most interesting is offering my technical assistance to Rebecca Wexler, a videographer looking into the forensics of a war crimes tape leaked in Sri Lanka. For those who aren’t familiar, the Sri Lankan military recently won a 30+ year civil war against the rebels in its country. However, new video footage shows those in the military committing war crimes, causing further turmoil. Long story short, there is debate as to the authenticity of the video, and Miss Wexler and I are looking more into the case.

Where did the idea for Rhino Security Labs come from?

Like many new companies, the idea developed from working in the area and seeing how much better it could be. After some failed attempts at improving things as an employee at another firm, I decided I had to do it myself!

How do you make money?

We offer information security services to companies, non-profits, and governments. Typically this means managed security services (such as firewall and log management) for smaller firms and complex, project-based assessments for those with established security divisions.

What does your typical day look like?

First thing is looking over the past night’s alerts and overseeing the company’s Managed Security Services. This is just to review if anything occurred and ensure it was taken care of, but it pays to be aware of problems quickly. From here, the morning consists of email, security news of the day, sales calls, marketing efforts, and other miscellaneous necessities.

The afternoons tend to be more focused on tech operations – working on research projects, active security engagements, and administering client security configurations as necessary.

How do you bring ideas to life?

Typically I try to consult with those around me. Friends and co-workers are all good references to bounce ideas and implementations off of, and their feedback is invaluable.

What’s one trend that really excites you?

There’s a lot coming out today that’s exciting, but really the idea of ‘cheap technology’ is exciting to me. Drilling down the cost of min-processors, camera’s, circuit boards, and other electronics means much more than just having to spend a few less dollars. It means that other firms can integrate today’s technology into anything and make it a new and exciting product. One example I saw the other day was a little rabbit toy for children with a range of cameras and sensors so not the child could interact with it more, but the parent could connect to the toy and see the baby with an iPhone app. The internet of things is going to be amazing.

What was the worst job you ever had and what did you learn from it?

The worst job I ever had was a summer job as a teenager raking and collecting fallen (often rotten) fruit from fruit trees in yards and throwing them away. Where I lived, this was a small but miserable job, as it was often 90+ degrees, required manual labor at low pay, and was a very slow process, as I was paid per bag of fruit collected. This was a rotating job, as fruit dropped on a regular basis and would require my attention.
One day I had nearly finished with a house when the wind started blowing and the newly-clean lawn dropped a handful of new fruit. More frustrated than ever, I began cleaning when I had an idea: borrowing several large tarps, I covered the entire base of the tree, climbed the fruit tree and began violently shaking. A rain of fruit came storming down as I jumped from branch to branch and within minutes, I’d nearly emptied the whole tree of its bug-ridden fruit. Funneling the tarps into new bags, I was able to make a weeks’ worth of pay in under an hour – and save myself many hours of toil in the process. In realizing a better approach and methodology, I’d learned the value of process efficiency and how thinking outside the box can reap unimaginable benefits.

If you were to start again, what would you do differently?

I would utilize the skills and specialties of other people, and not try doing everything myself. Some of our early web design and marketing campaigns I designed myself, and in hindsight it was terrible. Needless to say, we have a few people doing these jobs now, and they’re all fantastic.

As an entrepreneur, what is the one thing you do over and over and recommend everyone else do?

Make a prioritized ‘to-do’ list. I do this daily, and wouldn’t be able to manage everything without it. It’s an invaluable tool, being able to identify and prioritize what’s important on a given day.

What is one failure you had as an entrepreneur, and how did you overcome it?

As with many startups, Rhino Security Labs was financed with (almost literally) what we could find under the couch cushions. We had no money to spare and as a result, I became a jack of all trades. Marketing expert, graphic designer, website developer, you name it – because we couldn’t afford to hire.

Needless to say, it was terrible. The graphics were poor, the site was buggy, we burned hundreds on poor advertising, and (despite my best efforts on each), nothing was going well. We overcame this by realizing relatively early what we’d done, and why. We stopped the ads, brought down the site, and took a new approach. After some more directed budgeting, we hired web developer to remake the site, a graphic designer for a small project, and a consulted with a marketing professional about brand exposure. Each of them were experts in their field, did an amazing job, and we succeeded because of this decision.

What is one business idea that you’re willing to give away to our readers?

I’ve always thought there was a lot of potential in advertising and marketing services for startups and small businesses on an ‘pay-for-performance’ payment system. You don’t pay anything until the company does well, but upon hitting certain milestones, they get a bonus/cut of each sale/etc. It would benefit the startup who needs that early boost of brand development and recognition, and would ensure the marketing consultants are ‘invested’ in the success of their clients. For that matter, I’d feel more assured in any company willing to put their money where their metaphorical mouth is!

If you could change one thing in the world, what would it be and how would you go about it?

I would remove the human impulse to do harm to one another and enforce more empathy and cooperation. I think if everyone had the luxury of not worrying about what their neighbor will do to them, the world would be a much different place. I suppose to a certain degree, that’s why I got into the information security industry.

Tell us something about you that very few people know?

I had some very rough years through high school and college that led from one catastrophe to another and correlated with several years of on-and-off depression. In the long run I’ve grown from the experiences though, and such dark times has allowed me a particularly high stress-tolerance.

What are your three favorite online tools or resources and what do you love about them?

Nothing exciting, but incredibly valuable –
1 . – because it’s the compilation of all the world’s information at your fingertips. How can you top that?
2. – because it’s a tool for (nearly) meeting anyone you’d like to connect with in the professional world.
3. – because I’ve met great tons of great personal and professional connections through meetup.

What is the one book that you recommend our community should read and why?

Verbal Judo – while it’s not a business or entrepreneurial book, it show how to communicate more effectively and facilitate win-win situations with those who could be difficult or even hostile. I try to read it every few years, just as a reminder to be empathetic and understanding.

When was the last time you laughed out loud? What caused it?

I made fun of a friend referring to a specific bird as an ‘albatross’. Long story short, I thought an albatross was a large sea mammal.

Who is your hero, and why?

Richard Branson. To me, he is the epitome of an entrepreneur -shaken up one industry after another in the past 40 years and still maintains a challenging, push-the-limits attitude.

Tell me about an amazing milestone for Rhino Security Labs.

The big one that comes to mind recently is my/our first talk at a major conference – Defcon 21 (2013). I’ve given speeches before, but never to a crowd so large, which was a little intimidating at first. The talk went great though, we had a great time in Vegas, and the company got a lot of exposure as a result.

Would you rather fight one horse-sized duck, or 100 duck-sized horses?

Well logically, I have to assume 100 duck-sized horses would be much less intense, but much longer of a fight (marathon fighting). By contrast, the size of a horse makes any duck-fight likely to be short, but incredibly intense (sprint fighting). Following this logic, I’ve never been much of a long distance runner, so I’d have to assume my stamina wouldn’t last and 100 duck sized-horses would eventually take me out. One horse-sized duck it is.


Benjamin Caudill on LinkedIn:
Rhino Security Labs on LinkedIn:
Rhino Security Labs on Twitter: @RhinoSecurity