Sunday, September 13, 2015

I don’t sleep, I am fading

Lorenzo Martínez. Securízame CEO.

Behind Lorenzo´s Martinez, best known as Lawwait, smile, there is a great personality hiding. Born as hardware hacker, cofounder of the common known blog, Security by Default, he is the archetype of enterprising hacker, for his own merit he is part of what we could call the “business sector” of the Spanish hacker community.

36 years, from La Rioja, studied Computer Engineering at Deusto and by the time he finished he had a job. In fact, he meet who is writing, in 0ctober 2001, at Benalmadena, when he gave the presentation of his thesis at the I National Symposium of E-Commerce. We met again in 2012, in the Navaja Negra convention, when he had just launched by his own Securízame, his enterprise, with 3 employees and 10 coworkers. ¿Will it bring him luck? :)

- Which principle of the hacker ethic do you like the most?

- The integrity of using your knowledge to satisfy your curiosity and never stop learning.

- You would change your first class honors and A´s for... 

- For having reached the hacking sector before, during the golden era.

- How many hours do you sleep on daily basis?

- Uffff, less and less. My head still processes when I go to bed. As I normally say, there are nights that I do not sleep, I fade.

- You, who likes cars, ¿have you ever thought about reproducing the Chrysler hack? 

- You have made a good point there. I love cars! Yago, Jesus and I were talking about an unsuccessful investigation about cars hacking. We do not reject it for the future, if there is something to hack in any Brand.

- As a hardware hacker, which of your inventions make you feel the proudest?

- I believe things, no matter their size, have more value when you have few resources to produce them. When I was at university we had a subject with some robotic with micropics 16F84. There was a sumo fight between robots with much liberty. The starting robot had two engines (one on each front wheel) and a back wheel similar to the ones used in office chairs. Obviously, strength and power were necessary. During that period of time, the Quattro drive by Audi stole my sleep, so I suggested adding it to the robot. For that, I grabbed an old remote controlled car (a Ferrari F-40, which was really fast… it even had a position on the remote for “Turbo Charging”, so no more words are needed) and I broke it in halves.

- (Pause to breath during Lawwaits energy :)

- I took the back axel and moved the engine to a structure I made for the robot, with pieces of a Meccano. I also had to design a new driver plate, which should receive the signal from a pair of exits from the Micropic, to action the engine in a way, or another. It was great, since up to programming level  we had to create a routine for the challenge, which detected whether the robot did not moved forward, even if the front engines pushed, then he drank a magic potion and actioned the back engine. The problem was its consumption, and that we had to feed the engine with batteries wrapped in tape, just when needed, because it consumed the batteries energy as if it was a real Ferrari.

- (Another little break :)

- Now doing the same will take me less time, but in 2000, with less knowledge and worse resources, the result was an impressive robot…. The first fight we won it because of that engine. On the second one, they beat us being cleverer than us, but the answer will be for those with curiosity that ask.

Lorenzo, Claudio Caracciolo y Jaime Andrés Restrepo
- You are known for your conferences, many of them, in places I didn’t even know they existed.

- Neither did I. My conferences about forensic expert´s report can help others in order to know what to look for in a SO, which involvement is doubtful. Others have been for personal craziness or as a result of an investigation.

- And not happy with Spain, you keep giving more and more conferences over Latin America. How is cybersecurity over there? 

- My first conference was at LATAM, back in 2012, in Manizales, Colombia. From that point, I met colleagues, which shared my job, and we became friends, which invited me to give conferences in their home countries. I have been twice in Ekiparty, in 2012 and 2014. There are very good professionals in LATAM, but when talking about awareness of enterprises and citizens, things are as bad, or worse than here.

- Managing your own business #eshacking? ¿What was the hardest thing?

- With no doubt the amount of taxes, paperwork, and problems one has to face if they want to work. In my case I did not have investors, people who placed money on the table and said to me: for your needs. I start it by my own, with my savings, sweating my t-shirt and losing a lot of hair. But the experience is still worthy and I recommend it. As well, I highly recommend seeking for a good manager.

Archuser, María José Montes y Lawwait
- Is there a typical client for Spanish SMEs of cybersecurity?

- The truth is that no. We give services to clients from many different sector: from the editing world, media, gaming, law firms, to big engineering or renewable resources enterprises with international presence, insurance or even Spanish public administration entities.

- Training is the highest demanded?

- At the start I gave courses by demand. Online courses started casually. In between various colleagues, while having dinner in Bolivia, we decided to start with a forensic online course. I got into it some friends from here and we started. It was successful so we decided to continue. I had the experience of having attended online courses organized by Criptored.

- Which courses are more successful?

- It is something quite trendy. The forensic analysis and the expert’s report is something everyone is curious about, and the good job opportunities generated as an expert. Last year’s crown jewel was the Revesing and Exploiting on Windows and Linux course with cracks such as Pancake, Newlog, Ricardo Rodriguez, Yago Jesus and Nigtherman. This year we took risk with a course that didn’t have the best expectations: Hardening Windows and Linux systems. Basically, people like breaking in, everyone wants to be like Messi, skill pass defenders and score. But no one wants to be a defender and having proper security systems. But big mistake: it has been the course with the most attendance up to date, most attendants came from enterprises.

Text: Mercè Molist


Post a Comment