Guille Hartek is a spanish computer engineer working in security. I met him a year ago when he accepted to give a speech in a security event which our privacy and digital rights awareness group organized. He writes about security in “Follow the White Rabbit”, a spanish blog about security which won a national prize. Today, I’m writing down a quick interview with him. As he doesn’t want me to put a picture of him, I will leave here this vague sketch I made:

Me: First of all, I’d like to ask, what made you specialize in security? Guille: Actually, it was a trial, I always liked better systems and networks than development, for example, and when I was finishing the grade I decided to take some courses and self path studying in cybersecurity, which was the most interesting topic, and I loved it.

M: Ah! ‘cause you are such evil. Speaking of which, what kind of security expert are you, jedi, grey jedi or sith? G: … M: let’s just say the force is strong in you then! G: yeah!

M: Black, grey or white, security is such a hard field to cover. It’s mostly frustrating, as I heard, always taking new challenges. Which is the most difficult project you worked in? G: Speaking about difficulty, I remember I recently had to write about KRACK, based directly in the paper, because there was very few truth worthy published material, and I had to read it over and over to make sense of it so I could write about it… Actually, investigation is the “hardest” part, because you usually won’t find as many help as in how to use different tools, for example.

M: That sucks, actually when I think about it, I get scared about trying to get into the security field.Anyway, relating to your job, what OS do you use? (I wont judge…) G: Hard question coming from you. At work I rely on specific tools and so I use Windows, but for more complex projects or personal development I normally use Antergos (Linux).

M: Ah, I really don’t know how is it to work in security with Windows. Not joking, I never tried, I heard there are some useful tools, tho. I think I know the answer of this one but, what do you like the most in security field? G: I like pure technical, leaving administration and risk assessment, I’m more comfortable managing and analyzing security systems or doing some ethical hacking tasks.

M: So as I mentioned you write in “Follow the White Rabbit”. Which is your favourite article? (that you wrote, I mean) G: Apart from my beloved movement sensor Tiranosaurus and gas-meter a.k.a Fartmeter (it’s funnier in Spanish), I think the most awesome one was the KRACK one, I also like the one I wrote about PGP and Thunderbird, not so long ago.

M: So, speaking of difficult tasks, what do you do when you get stuck in a problem at work? In case you did get stuck. G: I’m actually very stubborn and stay in front of my task almost literally breaking my head in the keyboard, but what usually works the best for me is to work in a different task for a while or go have a coffee.

M: What would you recommend to anyone who is starting in the security field. G: pray a lot. And eat vegetables. M: That can be managed. G: Also, dedicate some time in staying fresh about what’s new in the field, what are the new tendencies and try many things so you can correctly decide on what to focus and work on it.

M: When wannacry attacked so many computers, companies and governments panicked. In Spain, the government even thought of creating a sleep HACKING JUSTICE LEAGUE (no joke but it’s so funny, tho). Anyway, until now some companies seemed to be careless about security, is this true? or is it a myth? G: Traditionally, security has been focused in access restriction and perimetral security, and less focused in protection and software testing against errors, these new attacks that appeared (there were already many attacks before, but not such huge) brings more awareness. For example, in the awake of these huge leaks and security errors triggered by the employees, forensics are getting more and more importance inside the companies in order to discover the source of these problems.

And that’s it! an interesting chat about the security field. Hope you guys enjoyed!

Also written in: https://dev.to/terceranexus6/security-sprint-week-78-a-chat-with-a-security-expert-44l9

Security Sprint: Week 10 : 11 - Bluetooth hacking experiment and open tools

I've been quite in many things lately, which didn't allow me to study all I wanted to. I'm mainly in two things, distributed ledger exper...… Continuar leyendo