Monday, July 18, 2016

José Luis Gilpérez: "I´m worried about the use of the Network as a propaganda tool"

José Luis Gilpérez. Defense, Security and Big Data Director at Telefónica.


It´s a pleasure to see a high executive who started at the bottom, in José Luis Gilpérez,s case since 1990, when he started working as networks technician in the company so called Telefónica of Spain. And he has not gone out from there until he reached, nowadays, the position of  Defense, Security and Big Data Director.

- I see in LinkedIn that you have cybersecurity responsibilities in Telefónica since 2002.

- Indeed, I've spent more than half live working in this world, specially in the last 15 year, dedicated to big projects with customers.  Because this is a world about which I feel strongly. I feel lucky because I can work on what I like.

- There are some who learned attacking Telefónica and those who learned about security working on Telefónica. It's clear you belong to the second group :) Did you have a teacher o some teachers? How did you learn?

Infosec has always been a priority for Telefónica, to protect our actives and infrastructures and those belonging to our customers too. Our role as leading operator and critical infrastructure in many countries implies a high responsibility. So we always try to anticipate possible risks and menaces and we invert on innovative solutions and the learning and development of our staff. Many companies have studied our model and try to imitate it. Talking about teachers, I've always tried to absorb the best of the big professional of this sector so it would be unfair to cite one of them.

- You have passed through almost every security speciality without going out of Telefónica: Cloud, networks, mobile, national security, you have setted up SOCs and even Telefónica's CERT... Is there an area that has you liked the most?   

- As you said, I've passed through all the specialities, It's difficult for me to highlight one. I'm interested in Big Data issues lately, that have recently fallen under my responsability in Spain. It´s a field in which there are many things to do and there is a convergence with the  field of security in a number of aspects: intelligence, physical security vertical solutions and others.

- If I´m not wrong, you are now the national Defense, Security and Big Data Director. What´s the relationship between Telefónica and the National Security?

- Telefónica is the Spanish National Security main technological solutions partner. We have and specialized and dedicated team with more than one hundred people to attend our customers in the Defense Ministry and the Ministry of Internal Affairs. We collaborate, of course, in all the aspects related to data networks, which have special characteristics, and increasingly in TI.

- If you talk to me about National Cibersecurity I think of critical infrastructures. How are we managing this chapter in Spain? 

- Telefónica itself is a critical infrastructure and it's part of the  Internal Affairs Ministry partner agencies (CNPIC). As I said, our main mission is to anticipate the possible menaces and respond to them.  But also to collaborate with the rest of agencies wich operate critical infrastructures.

- And I´m thinking on cyberwar too, in population monitoring  by the Government and the companies, in censorship, in network neutrality... Everything has become very complicated, hasn't it? The network was much clear in the 90's... 

- If we talk about the Network it really was les complicated because the presence of companies institutions and users was much lower. However, all the menaces which exist today on the network were a reality on the 90´s, so what has changed is our network dependence on many basic services, the so called "digital transformation". Our mission is to make possible this transformation without assuming more risks than in the analogic or physical world.

- Despite the resources invested, it gives the impression that  teh governments of  most of the countries are clueless when they create rules for the cyberworld. Does it look normal to you to try to illegalize cryptography, declaring 0days as a war weapon, putting in jail those who advises you about a hole...? 

- Technology is the axis of digital transformation and a very useful tool if it's used properly and looking for everybody benefits. As with the laws, it´s not good to generalize so we have to look to each specific case.

For example, we can´t stigmatize the hackers collective when most of them are just people passionate about technology and interested in researching and putting security and security associated intelligence at government's, companie´s and institution´s service, and the weakest link, the user.

That´s why, Telefónica in 2012, made a big bet on cybersecurity in the digital transformation of the company, with the acquisition on Informática 64, now known as Eleven Paths, which allowed us to position us in the market as one of the main actors and partners to be taken into account on the matter.

- Cybersecurity is a matter of money today? 

- No, it´s a risks matter. The cost of cybersecurity depends on the risk itself.

-  The insecurity sensation related to cyber is growing bigger. We live in a kind of arms race to see who can make the fatest. Can we be wrong in our defense approach and in general cybersecurity? 

- No, I don't think there is more insecurity than before, it has just evolved as technology did. Remember the fear all we had when the cold war and the possibility of becoming victims of a nuclear attack.

- Which is the worst menace of cyberworld for you? And if possible don´t talk me about trending topics, but about what really afraid you. 

- One of the most worrying issues is the use of Internet and the social networks as a propaganda and recruiting tool of radical elements, by the different terrorist groups. The software industry is starting to work on this issue and there are public-private working groups on the international stage to discuss a serie of joint actions.

- Information stealing is also a serious danger for the system. It's Snowden, it's Panamá and it´s Wikileaks. Why it's so easy  the data breach for the attacker and what kind of advices would you give to a company to avoid them? 

- All the examples you mention are consequence of an insider work. I'd recommend to follow the ortodoxia in the data access controls, avoiding the concentration of authorizations in a few people hands   and avoiding them to have access to sensitive data that they don´t need for their work.

- At last: the cybersecurity profession requires a constant study. How do you update yourself? 

- Indeed, cybersecurity is like medicine, if you´re not updated you can´t fulfill your role properly. This requires to read a lot about new researches, analysis reports, and keep a finger on the pulse over the new technological products.

Mercè Molist


Post a Comment