The world of technology is continuously evolving, from the rise in the Internet of Things (IoT) through the adoption of Software as a Service (SaaS) over traditional in-house applications. And as technologies shift, so does the threat landscape. With the rate of cybersecurity risk doubling every year, Sohang Sengupta (Founder, ZeroDollarSecurity) saw the significant role the cybersecurity domain is going to play and came-up with a unique idea of establishing a community of researchers by pooling together cybersecurity experts and students from colleges, independent security researchers and professionals. Established in Kolkata, ZeroDollarSecurity, under Cibertix Technologies LLP, is India’s first crowdsourced and crowd-skilled cybersecurity company. Sohang further elaborates on the workings of his unique venture in the cybersecurity domain in detail in conversation with CIO Insider.

In conversation with Sohang Sengupta, Founder, ZeroDollarSecurity

With the advent of enhanced Internet connectivity, Internet of Things, Machine Learning, and other technolgies, any cyber architecture can be easily compromised; it’s just a matter of time. How is ZeroDollarSecurity placed in the Cybersecurity domain? In what way is the company supporting the ‘Make in India’ initiative?
We call ourselves ZeroDollarSecurity because we offer cybersecurity services at zero-dollars spent towards product cost. As a crowdsourced and crowd-skilled Cybersecurity company, we induce a community driven Cybersecurity culture. To grow in this community value chain, one needs to train the other members and keep a consistent mentorship and product development active. This community is supported by our parent organisation Cibertix Technologies LLP. We cater to cybersecurity solution requirements for the Micro and Small businesses in India realizing their businesses are unguarded and prone to loss of digital assets. With a subscription-based

community model, we provide our subscribers consultancy services and tailor-made solutions using open source technologies. We facilitate them with a value ecosystem of cybersecurity enthusiasts and professionals to deliver reasonable security. We are enabling the ‘Make in India’ initiative without our customers having to spend many dollars on a cybersecurity product or services. We have also launched an analytics wing lately.

Brief us about the various Cybersecurity consultancy services offered by ZeroDollarSecurity. How far has the company realized its mission of providing Cybersecurity services to small and mid-cap businesses through its open-source products and services?
Inspired by the SAAS model, we coined a model called STAAS or Security Team As A Service. Here, we have two teams. One is creating security weapons and working on various tools relating to the product and architectural vulnerability assessment, and the other is working on open source-based defence products which will ensure security posture improvement of subscribed organizations. Our governance model ensures quality delivery from both the teams.

We are working on solutions for tomorrow that might change the way Endpoint Detection and Response (EDRs) have been looked at lately. We are working towards a signature-less, ML-based, APT-29, and APT-3 defence ready product. We are constantly harnessing the huge potential of the community and converting it into productive output. Trust me, it has got the power of commoditizing information security and soon will be the new normal.

In what ways is ZeroDollarSecurity taking advantage of the thousands of unrefined raw talents in the Indian colleges waiting to be groomed in the practices of cybersecurity?
We are institutionalizing the Triple Helix Model by creating a knowledge society for Cybersecurity and Analytics. Any emergent intellectual-property that we develop is either converted into a product within a specific period or it slips back to the sole ownership of the community.

The colleges and universities under the ZeroDollarSecurity umbrella stay active under our mentorship programs, where they are coached with our specially curated ZeroDollarResources and HandBooks. The interested individuals from the community are also allowed to work in an ongoing project with the company, where a very specific portion of the task is assigned to them. The best contributors are rewarded with stipend and internship opportunities either with us or the companies involved. The ZeroDollarResources we

share are mostly verified by expert members from the industry.

Share with us a success story where ZeroDollarSecurity successfully fulfilled the cybersecurity requirements of its clients.
All our customers have a very wonderful and unique story, but some become exceptional and you remember them. So, there was this one client who came-up with a need for a specific cyberweapon that they wanted to build for internal consumption purposes. They were using high-end anti-viruses and top-notch security systems. They told us that they want a tool that they could use to evade a security perimeter and shared the details of a specific security architecture. Various community members got thrilled and designed a tool in 18 days time. We could breach their systems in more than a singular way and compromise many security components individually. They wanted to buy the team, but they couldn’t because you cannot buy a crowd!



What is the future road map that has been envisioned for ZeroDollarSecurity?
From senior students of few colleges, we want to diversify the community in a ‘T’ model - move vertically - start younger so that the value cycle is three years rather than current 1-2 years and move horizontally – because there are approximately 4800 engineering schools in the country. Even if I aspire to get 30 students as a member of each college, we will be a part of the top ten organizations in the country with the highest number of minds working together to create value. Channelizing this energy and to make it sustainable is my challenge.

Powerful people are concentrating and collecting data through corporations & nations and creating their private data colonies, globally. Amidst this situation, I aspire to protect the interests of the country’s micro, small enterprises from the Digital Fascists by commoditizing Security & Analytics and driving a niche technology research driven community. Managing Digital uncertainty is positioned at the core of our strategy, and we are poised to protect and handle digital assets. Hence, we are confident in a way that the industry and the government will partner with us in their growth strategies for a flourished economy.