Sunday, February 7, 2016

Raul Siles: "In Spain the experienced seniors aren't well considered"

Raul Siles. Founder of DinoSec.


Raul Siles is a natural born teacher who will leave us wanting to hear more stories and opinions, acquired in very different fields, from him at the end of the interview. He is from Madrid, 0 years old and with 2 sons, he studied in the Computing Faculty of the Universidad Politécnica de Madrid and, until he became in a cybersecurity independent professional, he learnt the rest on the way, in interesting projects like Honeynet España or SANS Institute.

Raul seems that kind of person who works hard and well, without making noise, which means he doesn't like talking about it: he has written articles and he gave a lot of talks and conventions, the next one on the RootedCon, with the attractive title of "La cena de los IdIoTas" (Dinner for Schmucks). On 2008, he co-founded DinoSec, company called by himself "a SME very S" because they only have two employees. We add, with love, it is "small but powerful", because governments and large corporations are among their clients.


- Why and how did you enter in the cybersecurity world?

- I started in the Computing Faculty. Concretely in a course, given out of the schedule by the Student Union (I think), about Internet servers, in the time whens a progressive adoption of the DNS, Mail, FTP, Web servers was starting... back in 1994 (wow... 20 years ago!).

Later, and professionally, I entered in the cybersecurity on HP (Hewlett-Packard), because on 2000 it was founded in Spain a small team (the HP Security Center) to offer security services to HP Mission Critical clients. It was a team in which we tried to be very specialized in the technical and technological aspects of the cybersecurity and where we had high goals and aspirations on a worldwide level.

- Where did you learn what you know?

- Thinking deeply, I think it's a very very very long list ;) On one hand, I think the familiar and educational environment is crucial to create in the children this endless desire for learning, discovering and deepening in the most little details during their life.

On the other hand, I learnt a lot thanks to my access to a computer in my home since the 80's thanks to my father, to the little informal courses given by people who wanted to share their knowledge on cybersecurity conferences, to SANS courses and preparing the associated certifications (specially in the 2,5 years we worked hard to obtain the GSE), but specially reading a lot, day after day, books and researches, blog articles, presentations, etc., and what it's even more important, implementing all this knowledge from a practical point of view. Having contact with real and complex environments in my work has allowed me to understand how things work in real world, and it has always been very useful.

To learn is fundamental having the desire to understand how things work and don't stop until understanding things with the needed level of detail, for example, to explain them to others in a simple and clear way. I have learnt a lot preparing and giving information, and trying to transmit my knowledge, although this can seem paradoxical.

-  You have your own company, small but with large clients. What do you "sell" them, what are you good at?

- DinoSec is a very small company with great aspirations and in an international area. From its beginning the objective has been to offer advanced and specialized cybersecurity technical services  , , characterized by a high level of knowledge and experience. We like to know how technologies work, which are their weakness and how to attack and protect them. I shouldn't say that, but I think our clients also value our professionalism, seriousness, level of responsibility, meticulousness, exhaustive and constancy through time. On the other hand we love challenges, and that's why we are always open to proposals which allows us to keep learning.

- You give the impression of being the kind of person who prefer to work by yourself. Was this the motivation to create your own company?

- There are moments in your professional careers when important changes happen, in many cases because of external factors, and this are good moments to take decisions. In our sector and specially on Spain, the experienced seniors don't highlight so much, and even aren't well considered. If you want to dedicate to the technical part and not the managing, the two main options are going outcontry or creating your
own company.

If you have luck, and the possibility, the support of your family, and the appropriate circumstances to take this adventure, you mustn't doubt it. I think it's very important to work in something you like, and it's better if you love it. If you also have the flexibility given by owning your company, and it's economically possible, what is better than working enjoying and enjoying working?

- You're also a great speaker and I think when you research by your own you prefer researching about cybersecurity in mobile devices, is that right?

- Almost from their beginning, the mobile technologies (and now the Internet of Things, IoT) attracts my attention, because it had in "one" technology the rest of technologies, and for deepening on them it's necessary knowing the rest of technologies, like network and communications, operating systems, programming, and web applications, binary analysis, wireless technologies, etc.

-  Why is so unsure the mobile world?

-We're repeating the same security mistakes as we did with other past technologies, and it seems we don't learn from history. The complexity of mobile environments, and the converge of so many technologies and different solutions, make them potentially more exposed to security vulnerabilities.

Despite it's true that in the last version of mobile platforms (finally, and after almost 10 years), and the services which sustain them, a lot has improved from the security point of view , they are still vulnerable (and unfortunately, not everybody has the last versions). The world of Internet and the new technologies moves fastar than the real world (if we can differentiate them), the cybersecurity world moves more faster, and the mobile cybersecurity world even more, because the speed of the technological evolution, with new versions of the operating systems, devices, capabilities and services launched each 6-9 months at most. With this rhythm it seems the world doesn't invest what it should on cybersecurity.

-The regulation which gives "hacker licenses" to authorize the work in this field is trending topic. What do you think?

- I think that professionalising the sector could be positive, but it depends on how we do it and the real objectives behind this step. On the other hand, I think  the market is smart enough to highlight the qualified person without licenses. I know that someone isn't a hacker only for his licenses. My question would be: Is the hacker born or made...or a little bit of both?

-What's your opinion about the Spanish cybersecurity community?

- No doubt on Spain we have first level professionals and researchers, who helps to value the talent of our country around the world through their researches, success, conventions, tools and publications. A good example, but sad because of the work conditions on Spain in the last years, is how many experts are being attracted by foreign companies, which appreciate their knowledge and abilities.

- Have you entered in a computer without the authorization of his owner? What does it feel?

- I entered many times on external systems, computers and devices without being "supposedly" authorized, but with the authorization of his owner, for example, as part of the many intrusion test made through the years. The feeling is hardly describable, specially when it has been a difficult  task, really tricky, and which made you improve yourself. The advantage of doing it legally is you can enjoy the technological and intellectual challenge and the emotion associated, knowing that this night you'll sleep in your bed calmly... ;)

- We finish feeling we leave haven´t mentioned so many interesting things, but we only have space for a quote.

- I propose these. One of them is a Chinese proverb by Confucio and it has the direct application when we want acquire new knowledge: "They told me and I forgot it; I saw it and I understood it; I made it and I learnt it". The other one is "Carpe diem".
Texto: Mercè Molist

0 comments:

Post a Comment