Episode 247: Into the AppSec Trenches with Robinhood CSO Caleb Sima
The Security Ledger Podcasts - En podcast af The Security Ledger
In this episode of the Security Ledger Podcast, Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. [MP3] | [Transcript] These days, every business is online and a huge – and growing – chunk of business activity is transacted online. The “web” has, in the space of 30 years, transformed from a funky little corner of the Internet full of pictures and text to become the bedrock of modern commerce. The web: 100% hackable Caleb Sima is the CSO at Robinhood. But it wasn’t always that way. Our guest today, Caleb Sima (@csima), was there at the beginning, before SQL injection was a thing (or at least a thing with a name). This was in the heady days when prominent firms were keen to get web pages, but didn’t think that web security was anything that warranted their attention. As Mobile Fraud Rises, The Password Persists As a security analyst at the pioneering security firm Internet Security Systems (ISS) Caleb was happy to prove them wrong and turned what he learned exposing security weaknesses in corporate websites into a thriving business: SPI Dynamics, which was sold to HP in 2007. Once more unto the (data) breach! Caleb followed that with another startup, Bluebox, a mobile application security firm he sold to Lookout in 2016, followed by senior roles as a Managing Vice President at CapitalOne and Vice President of Information Security at Databricks. These days, Sima has situated himself on the other end of the vendor divide as the Chief Security Officer at Robinhood, the Menlo Park based stock trading and investments firm. Identity Fraud: The New Corporate Battleground In this podcast, which is part of our CISO Close Up series, Caleb and I talk about his work as a pioneer in the field of web application security,