Sunday, May 31, 2015

I'd never hire someone who could enter my machines

Alejandro Ramos, IT Security Manager at ING DIRECT Spain.

Alejandro Ramos, 35, is a benchmark in INFOSEC from Spain. Editor at Security By Default, one of the communitie's flagship blogs; godfather of RootedCON; co-author of the succesfull book "Epic Hacker"... Easy to say when you have a 6-year-old son and a job, security manager at ING DIRECT, which does not seem easy either.

Self-declared Geek, Álex is a hacker, plain and simple, and really smart too. His best skill according to Linkedin is the "penetration testing", we're talking about an expert who has spent 15 years in business and a few on the dark side, in the 90's, still studying at that sort of College called IRC-Hispano. He still keeps some good friends from that time, when a hacking group was, as he says, "putting ideas in common."

How did you get into this?

I started programming BASIC at early 90s, as an extracurricular activity. The teacher lent me a modem he had at home and from then, and after many phone bills which we all remember with love / hate, until today.

What motivates you to continue?

Mostly, speed. Technology is so changing that it is impossible to know their set. When I go to sleep, everyday, I can't help to think there is a world to discover out there.

Are there differences between defending a bank network and a company network

We have an expression we use daily: "We don't do soups," referring to the fact which banks are an attractive place to be attacked and we must pay special attention to their safety.

Are Banks protected as they should?

Yes, all of them know security is key to their business.

A good hacker is often called a "Ninja". Why?

In both worlds, constant training, patience, dedication and hard work are required.

What worries you about infosec world?

There're great challenges today. The networks have spread outside the datacenter with cloud services and has not been completely solved, and the same is valid for mobile devices.

You've organized several hacker competitions. What would you take to a Capture The Flag?

A couple of laptops, "switch" and caffeine in any format :) In addition to tools, virtual machines, etc.

Would you hire someone you had caught entering your machines?

I don't think so, today there are many possibilities to learn or show your knowledge without having to break a company's security or violate any law.

Do you love cyberspace or is it just a workplace?

I spend 12 hours a day with systems and networks, you have more options to find me in front of a keyboard than without one. I could say I am a cyberspace resident  and  that is much more than my work, is my passion. But I stay away from politics and hacktivism, although I worry about privacy. There are concepts which seem more romantic than realistic to me.

Does any sentence (which you have not used as a password) guide your steps?

This concept: but as to what constitutes research in general, I keep in mind the final sentence: "Keep pushing!".

Author: Mercè Molist


Post a Comment