Fancy About

Daniel B. Cid is the VP of Engineering for the security products division at GoDaddy. He is also the original founder of the open source OSSEC HIDS and the Founder of Sucuri, Inc. He is passionated about intrusion detection, log analysis (log-based intrusion detection), web-based malware research and secure development.

He is an active member of the open source and security community, specially known for creating the OSSEC HIDS (Intrusion detection system) and founding Sucuri. He is also the co-writer of the Host-Based Intrusion Detection book.

In the past, he worked at Trend Micro, Q1Labs (now IBM), Sourcefire (now Cisco) and on his own ventures.

On June 2008, he sold his open source project OSSEC to Trend Micro, and joined Trend as the lead of OSSEC development.

On April 2017, he sold Sucuri to GoDaddy and joined the company as a VP of Engineering.

I am Social

Well, not really. But I am on Twitter (@danielcid) and on Linkedin.

A centralized repository to all my research and articles is available here: http://dcid.me/texts/

You can also reach me via email: dcid@dcid.me or dcid@sucuri.net.

Projects

And you can follow the OSSEC and Rootcheck development via my bitbucket repository: http://bitbucket.org/dcid/

Or some of my new research on DNS security (DNS over HTTPS/TLS) via GitHub: https://github.com/dcid/

Interviews and Papers

Some interviews with me:

• 2017, AlienVault - Interview with Daniel Cid, founder of OSSEC
• 2016, Concise Courses - An Interview with Daniel Cid, Co-Founder of Sucuri and Creator of OSSEC HIDS
• 2015, IncomeDiary - Daniel Cid Interview – Defending 250,000 Websites From Hackers Every Month
• 2015, Heimdal - 50+ Internet Security Tips & Tricks from Top Experts
• 2014, WFH.io - Company Showcase - Sucuri - Remote Work
• 2013, SANS - SANS Security Thought Leader
• 2012, Use This - The Setup - Daniel Cid
• 2010, Network World – Being acquired is the best thing for a FOSS project
• 2009, Net Security – OSSEC, the open source host-based intrusion detection system
• 2009, Linux Magazine – Commercial open source (hobby seguro) - Portuguese

Old Conferences and papers

• 2011 – Quebec, QC - OSSEC Workshop on Hackfest
• 2010 – SANS, DC – SANS log management and incident response summit
• 2009 – Ottsec, Canada – OSSEC HIDS for Ottsec
• 2008 – PST Canada – Open Source Host-based Intrusion Detection with OSSEC
• 2007 – PST, Canada – Enterprise Log Management with Q1 Labs QRadar and OSSEC
• 2007 – AusCERT, Australia – Log-Based intrusion detection
• 2007 – CONFidence, Poland – Log-Based intrusion detection

Old OSSEC Proud moments

• 2011 - OSSEC voted #2 best IDS tool by the sectools.org survey (again)
• 2010 – OSSEC Award Daemon
• 2009 – OSSEC book as Best Book Bejtlich Read in 2008
• 2007 – OSSEC was chosen #1 open source security tools in the enterprise by LinuxWorld
• 2006 – OSSEC voted #2 best IDS tool by the sectools.org survey

Mentions

• 2017, GoDaddy, Sucuri and GoDaddy team up to protect more websites
• 2017, Threat Post, Attackers Capitalizing on Unpatched WordPress Sites
• 2016, BBC, Wordpress blogs defaced in hack attacks
• 2015, PC World, Webmasters have only hours to deploy patches, Joomla incident shows
• 2015, ArsTechnica, Active malware campaign uses thousands of WordPress sites to infect visitors
• 2015, SC Magazine Zero-day bug identified in popular FancyBox WordPress plugin
• 2014, PC World, Over 160,000 WordPress sites used as DDoS zombies
• 2014, Help Net, Over 162,000 WordPress sites exploited in DDoS attack
• 2014, ArsTechnica, Attackers trick 162,000 WordPress sites into launching DDoS attack
• 2014, InfoWorld, Joomla receives patches for zero-day SQL injection vulnerability
• 2013, ArsTechnica, Google crawler tricked into performing SQL injection attacks using decade-old technique
• 2013, InfoWorld, Google’s dangerous bots put the whole Web on edge
• 2013, ArsTechnica, Backdoor in popular ad-serving software opens websites to remote hijacking
• 2013, CSO - Attackers embedding backdoors into image files
• 2013, eSecurity - Malicious WordPress Plugin Discovered
• 2013, Information Week - Darkleech Attacks Hit 20,000 Websites
• 2013, ArsTechnica - Exclusive: Ongoing malware attack targeting Apache hijacks 20,000 sites
• 2013, CIO - Web Server Hackers Install Rogue Apache Modules and SSH Backdoors, Researchers Say
• 2012, Information Week - Apache Server Setting Mistakes Can Aid Hackers
• 2012, InfoWorld - Many Apache Web servers put popular websites at risk
• 2012, ArsTechnica - Misconfigured Apache sites expose user passwords
• 2012, Yahoo - AlienVault Launches Technical Advisory Board
• 2012, PC World – PHP patches actively exploited CGI vulnerability
• 2012, SC Mag – 50,000 sites compromised in sustained attack
• 2012, Krebs on security – Plesk 0Day For Sale As Thousands of Sites Hacked
• 2012, TechCrunch – Yahoo Confirms, Apologizes For The Email Hack, Says Still Fixing
• 2010, Network World – Being acquired is the best thing for a FOSS project
• 2009, Net Security – OSSEC, the open source host-based intrusion detection system

Pics

Some public pictures of me. More here: http://dcid.me/pics.html