Monday, May 2, 2016

Luis Fernández: "The Spanish SMEs are drifting on cybersecurity"

Luis Fernández Delgado. SIC Magazine Director and Securmática Congress co-organizer

The Securmática 27th edition has just closed, gathering the most important of the Spanish cybersecurity
as always. Administration, big companies and good professionals assist, because all of them know being in SIC and Securmática is good for their business image. Today as yesterday, our curiosity asks itself: how two musicians dressed as journalists have achieved that?


- How did you know Pepe de la Peña? 

- We are university colleagues. We studied Journalism on the CEU and in those times we had a tuning; even our musical taste. Years after our professional trajectory joined together in Ifema and then, more than 5 years later, we decided to start together our business adventure, maybe a little wild in those times, creating a magazine specialized in cybersecurity. The truth is I like to say we hit the bull's eye.

- How did you start on cybersecurity?

During my professional period on the Madrid fair, at the beginning of the 90's, I took contact with the "origins" of this field, through conferences which talked timidly about this matter, in the physic security fair, the Sicur technical conferences.

- Being SIC editor since 1992 you'd have seen too many people passing...

-That's right, I've seen everything. From extreme unconsciousness attitudes or paranoia regarding to this matter, in this 25 years we have passed from the general ignorance, with disrespect and underestimated to the field an its "exotic" matter, to a reasonable awareness and appreciation, fueled mainly by being on board of a "connected" society misconstructed with the need of "cyber fire-fighting".

-The Apple and FBI case, a tech company refusing a judge order was something that never happened before. What is your opinion?

- Here converge pretty transcendental matters, but not only the ethical matter but, above all, it reveals a fierce economic and survival struggle against the informative supremacy on one side, the espionage and vigilance, stubborn on controlling the society, in a excessive way, and who clearly fears that, for the first time on the history, the technology can turn against it giving to the normal citizen powerful confidential mechanisms for their privacy defense. A messy barrier can't be domesticate and it blocks an easy control.

Anyway, Huxley and Orwell were right. The perverse privacy/security dichotomy, seeing the recent terrorist attacks on 'civilized' lands, makes us fear the balance will till to the last one, at least during many time. We hope they will create enough control and supervision elements for the intrusion on the private sphere so it would be the less possible and always for a justified cause. But, with the recent adoption of the European Protection Rules and with the creation of the plane passenger data registers, we can predict how the future will be.

- Has Spain achieved to create a strong business network not only of the cybersecurity, but IT too?

-No. In our country we haven't understood or been capable of creating a modern business network, one of the 21st century, which could project us beyond tourism, construction and football. We had a gold opportunity on the many governments of this last two decades to create a serious projection strategy using IT as modernization tool, but the actions taken were poor. They existed honorable and interesting exceptions but very limited, for example, the divulging effort of the last INCIBE.

Even today the political parties only include a few lines for this matter or they don't have a person in charge who knows something on this matter. Cheating the society saying we are 'cool' because startups and fintechs without a real opportunity of succeed are growing is pathetic.

If the matter is not introduced in study plans in a general and coordinated mode from an early age, if we don´t encourage talent and privacy awarness, we are walking the wrong way. It´s the same with the need of cybersecurity experts. Everything suggest we will need thousands of specialists in the different protection techniques: massive analysis, sensors and objects, wereables, Smart cities, e-health, critical scenario's, mobility... We are shouting in the desert...

- Talking about Spanish companies in general, have the awareness about security?

- We can not generalize; big and medium companies are part of a collective which has made its homework and there are the SME, badly attended and suffering cyberblackmailing, ramsonware and every kind of malware which beat their tries to improve their digitization. There is  huge difference between both worlds and we, since our beginning, only aim to the corporate world, to inform, train and help to reinforce a strategic sector to avoid the information society collapsing over it´s poor basements because a short term myopia and an imperative greed. It corresponds to others, and we know who are they, to knuckle down and better to protect this collective of small and medium companies ant the citizens, because they have enough with getting ahead with their own activities.


- Securmatica has just ended. How was this pioneer congress born?

- It was born 26 years ago, exploring which path could have these little computing machines, fat and reachable by only a few in those times, and universally generalized today, jibaized until they became a kind of semi intelligent almost prostheses with a high capacity and a cool look in the Whole Wide World.  In this century quarter, so dizzy in the technological level, we have analyzed how the powerful mechanism of the evolutive IT affects the business world and the society, and how can we protect them from the dark side which, attracted by the sweet smell of honey, I mean the data and valuable information, perpetrates any kind of cybercrimes. Everything as their main characters tell by themselves: the responsible of driving cybersecurity and privacy, amos¡ng with the rest of the actors who contribute to the settlement of this specialty through the legal, regulatory, social, international and, of course, technological ways.

- Do you remember the first edition?

- Of course, as I all ready said, there were some conferences inside the Sicur 1990 fair. At that time, there were talks like "Security en MVS, PC´s and Lans in Unix and electronic payment methods", "Risks Analysis"...  and there were showed the firsts steps to a affordable and wide spreaded cryptography. Everything in a primary and basic way.

- The idea was, even then, to pull toghether sector´s giants like Banks, power companies, big consulting firms... or it came later?

- At the beginning, they came experts pioneers in this "exotic" fields from different origins, who studied in other countries, in "big five" consulting firms or concrete proto i+D university Projects... Here, as always, the path was opened by pioneer characters and them, as the sector settles down, come the rest of the cybersecurity players.
The fact is the orientation and most of the congress content was selected by ourselves, completing it with big users companies and prescriptors, integrators an services providers with a contrasted pedigree on the matter, ready to make constructive contributions which can serve as an example and show the way of how and where this, non trivial by the way, challenges can be managed. Securmatica has a special seal about which we feel humbly proud, because there are not many approaches like it.


- As co director of the congress, you should know many amazing stories. Do you particularly remember any of them?

- All short of things have happened:  from speakers who got complete blank to CISOs who suffered a robbery at home last night or the coat during the congress, or has a fainting attack durng the coffee break. I´d like to specifically remember one of my apreciated partners, CISO on the former Amena, who, even suffering a severe illness, did not hesitate in sharing a last conference in Securmatica in his last moments.

We are proud to say that in this congress more tan 500  Projects have been presented, and more tan 7.500 experts have past through its pannels to grow in their professional knowledge, knowing how to identify and choose a quality cybersecutity, from the other one, cheap and low quality wide spreaded today.

- One last question: How can we mix cybersecutity and music coming from the soul without dizziness?

- Everything is just a matter of setting your heart, head and hands to it and submitting with conviction to every one of the things that life places in our path, without overlapping and taking, of course, a "micebrina" from time to time. In musicians slang, being "tuned" is not defying; This must be the objective of every one of our efforts, including cybersecurity.


Text: Mercè Molist

0 comments:

Post a Comment