S3ntinel, Hack Me If You Can, Hack a Server and DefCamp.
Marius considers himself a serial entrepreneur and is very passionate about Artificial Intelligence. Never a quitter, always a perfectionist, looking for challenges that will change the world we live in. He believes in people and the power of great teams, and he intends to start blogging in the near future.
What determined you to shift your attention towards software development industry?
Besides the great opportunities, I am a guy who loves challenges. I started to like developing digital products and I belive that the online industry will increase growth in the near future.
What is Hack a Server?
HaS (Hack a Server) is a platform designed for conducting manual penetration tests using the power of crowdsourcing, covered by anonymity and confidentiality.
It's a fact that communities and individuals who love to discover and test security issues already exist. Whether they are called black, grey or white hackers, crackers, skiddies, PenTesters you name it, they love to find flaws and vulnerabilities. They love challenges and every flaw or vulnerability represents a challenge for them. This is the truth.
When your system or production server gets hacked in real life, peaceful intentions are the least to expect. Trust me, we've been there having our platform "tested" and tested. Thanks God we don't keep any sensitive data about our users on the platform.
HaS brings security skilled people in the same place and gets them paid for what they love doing most: Hacking. Everybody can register to our platform, but only the best will have access to "Playground Arena", where all the hacking happens.
In order to get access to the "Playground Arena", they will first have to pass a test. We all know that the most important thing when someone finds holes into your system is not the penetration itself but the report that describes the security issues and the solutions. That report is the most important thing for a CTO, Sys Admin or web app developer.
The test that a HaS user has to pass in order to get access for hacking, is like any other tests that they should pass in order to get different security certificates (e.g. CPTC, OSPC, CEH, CEPT, CISSP etc). The only difference is that we give this opportunity to all our users and we don't charge for it. This test ensures CTOs, Sys Administrators and web apps developers that whenever they will pay and receive a Penetration Test Report, it will comply Penetration Test Standard Reports.
How did you come up with the idea behind HaS platform?
I use to say: Solve a problem, then, build a product. There were two ingredients that make me come up with this idea:
- Gaming: I hate gaming because if you are not aware, it's like a drug.
- Security: Security is one big problem, believe me.
One day, being with my little daughter at a doctor and waiting to get in, I was thinking „how can you use gaming in such a way to solve a big problem?" And it strike it me. Online Security Gaming but in another way that it hasn't been done before. Using the power of crowd source, and not for points (as was done until now), but for real money. After I figured out the outlines, I grabbed the phone, called a friend who's Sys Admin and asked if he would use such platform and how much would pay for this service. He said yes, he would use such service and he would pay like 1000 Euros. …And here we are. If you think deeper, we solve a few other complementary problems, like hackers that ware black hats, can become grey and start earning real money for what they love most: Hacking Servers. Moreover we fill up a niche between companies that perform penetration tests with high rate cost for small and medium companies and those companies. In fact we don't even compete with those companies and we complete them. And I can add at least two or three more good things like being sys admin or tester on our platform you get the opportunity if you are in „Hall of Fame" to become consultants on InfoSec issues.
Building the product
Who is currently working to bring out HaS platform to the world?
I've tried many, we left few.
Marius Chis is currently CFO and the first investor in this project. I tried to involve people that fall in love with the project because I'm a strong believer that money is a consequence of a "well done job" and not a purpose.
Andrei Nistor, is the CTO. He is the one who did the most of the coding part, based on relevant feedback from team members or testers. He worked day and night to get the project working flawless, and made crowdsourcing pentesting possible.
Alexandru Constantinescu, is the PR & Marketing Executive. He impressed me with his determination when he told me how much loves the project and wants to jump in on marketing side with no initial financial interest, because he understands the development stages of a bootstrap leanstartup company.
Cosmin Strimbu is our frontend developer. Although I didn't meet him at the time I'm being interviewed, the same like Alexandru, he just asked me to take him on board. I love this kind of people driven by passion of what they doing and not by money.
Am I lucky? Yes and no.
Lucky because They find me (not otherwise) and They find the project. Not lucky because I worked hard to spread the word about me and my projects. No, this is not luck, this is hard work. I have spent over 3 years in online industry, and although I've meet a lot of people, I would recommend just a few.
What is the business model that will bring you revenue from HaS?
We had a few business models in mind, but since we are dealing with a two sided market place we have decided to charge at a decent percentage those who get paid. That means low rates costs at a fraction comparing with penetration test companies, and we are aiming towards a mass adoption price.
Who are your customers?
HaS customers are companies that wants to solve their security issues fast and with low costs. CTOs CIOs CISOs, Sys Administrators, Data Base Administrators, Web Apps Dev are also the professionals within companies that can use our product.
Other customers are the individual specialists, whether they are PenTesters, Sys Administrators, who want to verify the security of their innovative servers or applications, covered by what we value most, anonymity and confidentiality.
What are the current features of hackaserver?
Hack a Server is the next level solution to resolve critical security issues in a funny war game way.
Cost effective: What can be better for your business than The Power of Crowd Source at cost of a fraction?
It's Fast, Reliable and Secure.
Fast: Within minutes you can setup your server with most popular OS and start to configure. I think we have like 7 clicks to have a machine up and running
Reliable: Our PenTesters must pass a test and complete a Penetration Test Report to see if they really can be PenTesters before they get access to hack into Playground Arena.
Secure: At Hack a Server, we encourage you not to disclose your real identity whatever you are a company representative or a pentester. In this way, we don't keep sensitive data on our platform which means that no matter if someone will try to penetrate our system. They will find nothing.
Are there new features to be implemented into the platfom?
Ha! There are a lot of features that we want to implement. We have a top three features but better for us is to let our customers to decide what they want most. On the second thought we have one that we believe will help CTOs, sys administrators, web apps dev and companies: Finding the best way to automate the process to replicate a physical machine on our platform. Now this is a challenge and we will start as soon as we close this iteration (I think?!).
How you intend to penetrate the market?
Hack a Server will become official platform for gamming at DefCamp a premier InfoSec Conference that will held on September 6-8 in Cluj-Napoca City at Hotel Napoca.
The virtualization module we make it open source so everybody who wants to deploy fast a PenTest lab can free of charge.
The virtualization module we intend to implement within faculties so the students will have a funny way to learn security.
Those are a few directions, part of our market strategy.