Jordan Caldwell: Cybersecurity in an Insecure World
By: Sunnie Dawn Baker
It took two days, but by the end, Jordan Caldwell had done it. He had accessed the executive floor of a two-billion-dollar company. They didn’t think it could be done. In fact, the company’s security team was sure it couldn’t be done. But they were wrong, and Caldwell stood, triumphant, on the executive floor. When Caldwell was working on his degree in Medical Physics from ECU in 2009, he probably wouldn’t have dreamed that he would be breaking and entering high security places for a living. But, as of 2021, that is what he does—the year when Caldwell and his friend Kris Wall founded their own cybersecurity firm, Critical Fault.
Of course, Caldwell isn’t a criminal; he just gets to pretend that he is and try to think like one in order to provide a very important service to companies around the country—and perhaps one of these days, the world. This is one of the facets of the cybersecurity industry that is so fascinating. Sure, there is study and training involved in what they do; it is necessary to study coding and cybersecurity. And in a constantly changing landscape they have to make sure that they are current on all of the new developments. Something as simple as a Windows update can create new openings for hackers to attack. However, it seems like one of the most important parts of their business is thinking creatively and trying to stay one step ahead of the bad guys. In order to prevent systems from being taken advantage of, they must try to figure out how the systems might be attacked and then take the according steps. They are the good guys, but they get to think like the bad guys.
Caldwell, a Chickasaw citizen who graduated from Ada High School in 2004 and ECU in 2009, came to cybersecurity in a roundabout way. He has always loved a challenge. This is what led him to his study Medical Physics—a physics degree that essentially had the added equivalents of minors in biology, chemistry, and math. During his studies at ECU, he had the chance to work on research at the Environmental Protection Agency’s Robert S. Kerr Environmental Research Center in the summers. After graduation, he eventually he took a job with the Department of Environmental Quality where he worked as one of a few primary risk assessors in the state of Oklahoma, including a stint in the radiation section because of his physics background. Now he is still doing risk assessment, though of a different kind.
His friend, Kris Wall, came to cybersecurity in the more traditional way. He studied at Francis Tuttle and taught himself code. He discovered how easy it was to write security flaws into code and became interested in cybersecurity, leading to work as a penetration tester. Penetration Testing is a process where someone attempts to hack a system, and uses the results of the attempt to assess the strength of a security system so that it can be better defended against malicious attacks.
He loved it so much that he wanted to start his own cybersecurity company. When he met Caldwell in 2015, they became fast friends and started talking about the idea of starting their own company. As Caldwell says, “I don’t have the cyber background, but I do have the innate curiosity.” However, Caldwell had a full time job at the Department of Environmental Quality and starting a business is both expensive and time consuming. Interestingly, though, the very skills that they use in their company actually helped them find the seed money to start their company.
Caldwell had a laptop that was over a decade old that had his cryptocurrency wallet on it. The laptop had been hit by ransomware, but he had already built himself a new desktop computer, so he wasn’t that concerned and just wrote the laptop off as junk. During this time, the cryptocurrency market was going crazy, but he couldn’t access his account, so he just let everything ride; there was no other choice. The laptop was forgotten and collected dust. However, in 2021 Wall convinced him to let him look at the laptop and see what he could do with it. There was nothing to lose so Caldwell agreed. Fortunately, the crypto wallet was of a file type that was not corrupted by the ransomware, so it was safe. Unfortunately, it had a very secure password that Caldwell had forgotten. Wall had a password cracker, though, and Caldwell was able to remember enough of the password to give it a shot. It took about eight million guesses, but eventually the password cracker did what it was supposed to do. They had the password. They had the access. And they had the seed money for their company from the once forgotten crypto wallet. So, in 2021, Caldwell and Wall, along with their friend Joan Stanolis, and MBA and the head of the Math department at Jones High School, founded Critical Fault.
Caldwell does what he does because he loves the actual day-to-day work required to assess security risks, but he also loves providing a valuable service to companies. When most people think about cybersecurity, they tend to think about the risks of major corporations being hacked or research facility data being compromised through a ransomware attack. However, lately small and medium size companies get hit by cyber security attacks as well. Caldwell says:
One of the new statistics I learned recently is that in 2021 small businesses had been hit for over 600 million dollars in ransomware, and this is just what has been reported. Some companies just pay and don’t report it. Any company that has any kind of digital presence—whether it is social media or shipping, tracking, or payment—can be at risk. With the resources on the dark web, there is an attacker for every size of target out there.
Smaller companies can be at a larger risk than bigger companies because many don’t even have a dedicated IT team. This is one of the reasons why he started this business and tries to raise awareness to business owners of all sizes that they should have some sort of protection.
Critical Fault offers many different types of services including risk assessments, penetration testing, digital forensics, application security, physical security, and training. While some might not think of the physical security of a facility as important for cybersecurity, it most definitely is, and that is Caldwell’s favorite part of his job. If someone can gain access to a facility, then they can also gain access to the computer systems and can infiltrate their systems just by inserting a flash drive.
While Caldwell feels like he made the right choice starting his own business, it has not been without challenges. The biggest challenge has been the awareness of the importance of cybersecurity to businesses or all sizes as well as letting people know that his company is here to help. Other challenges have included learning how to speak in front of groups because that is necessary to help build connections and raise awareness. However, being a Chickasaw citizen has also helped with this through new opportunities to meet other leaders.
Caldwell says, “Generally as a Chickasaw the nation has provided a whole lot of support to me personally with lots of scholarship opportunities and allowing me to be a part of their preferred vendor program.” He also had the chance to join the American Indian Chamber of Commerce and is a recent graduate of their Leadership Native Oklahoma program which meets once a month and works to connect Native entrepreneurs with the different tribes in the state as well as with each other. Caldwell is also excited about the new opportunities for STEM education within the Chickasaw nation–opportunities that were not around when he was in school.
Caldwell doesn’t just want to grow his business and help other businesses with their cybersecurity. He wants to show young kids and teenagers that they can make their dreams come true without even leaving home if they don’t want to. He says, “There are people who don’t want to leave their town, and internet connectivity has gotten a lot better, so you don’t need to move to the city or the coast and still retain a good paying high skilled job. This is one great thing to come out of the pandemic—we can work anywhere.” Because of this passion, Caldwell is working with the Oklahoma School Public Resource Center to get more Oklahoma talent, and more diverse talent, interested in this field.
Caldwell’s trajectory has been anything but a straight line. However, through following his curiosity and embracing new and exciting challenges, he has found a path that is both stimulating and rewarding. As an entrepreneur, he gets to be his own boss while performing work that he truly enjoys and helps other people. This also gives him a chance to help shape the future by encouraging young people to take advantage of this new and important field, especially youth in rural Oklahoma. Cybersecurity is only going to become more and more important to our society as we continue to grow technologically and Caldwell is excited to be a part of this future.
Edited on September 22, 2022 to include Joan Stanolis, the third founder of Critical Fault.
Sign up to receive more news from the Ada Jobs Foundation HERE!