In an recent interview with SafetyDetectives, Enrique Serrano Aparicio, the innovative Founder & CEO of hackrocks, shared his fascinating journey and the unique ethos behind his venture. Starting his exploration into the realm of cybersecurity as a young teen with a newfound computer, Enrique’s curiosity about the workings of the internet propelled him into the world of cybersecurity. His early experience co-founding Mundo Hacker and participating in a groundbreaking TV show laid the groundwork for his professional strides at IBM Security and later at a pioneering Breach & Attack Simulation startup. Amidst the unexpected twists of the Covid-19 pandemic, he conceived hackrocks—a legal, practical platform aimed at refining the hacking skills of the tech community.
Can you share a bit about your journey into the cybersecurity field and what inspired you to start hackrocks?
I began my journey in cybersecurity at the age of 14. I received my first computer and I started to wonder, “How does this work? If the Internet is a network of networks, why can’t I connect to other computers?”
After co-founding Mundo Hacker, a hackers’ meeting to share hacking knowledge with some friends, we launched a TV show featuring hidden camera hacking in various countries and continents.
Later, I studied IT Engineering and joined IBM Security for over six years, concluding my tenure in the IBM X-Force team. Following that, I was one of the first employees at an innovative Breach & Attack Simulation startup, Cymulate.
Then, suddenly, Covid appeared. During the lockdown, I worked on the idea of creating a platform where it’s possible to learn hacking in a legal and practical way. And that’s hackrocks.
We provide cybersecurity training and assessments for technical profiles to address these questions:
- How do you detect the cybersecurity strengths and weaknesses of your technical team?
- How do you know whether someone is actually a hacker?
- How much risk are you assuming, knowing that your team needs to improve their cybersecurity skills every month?
What sets hackrocks apart from other cybersecurity training platforms in terms of its approach and offerings?
hackrocks differentiates itself by offering a customizable platform that integrates real-world cybersecurity challenges across various formats, including Capture The Flag (CTF) competitions.
These competitions are tailored for both individual participants and teams, providing realistic training scenarios that can be adapted to the specific needs of various organizations.
The platform allows for modifications such as language, logo, main colors, and specific competition details, ensuring a personalized experience that aligns with organizational goals and branding.
So, with hackrocks, you can have your own cybersecurity training platform. Of course, more detailed technical aspects are included, such as how we configure our VPN, among others.
Could you tell us about the structure and objectives of the Capture the Flag competitions at hackrocks. What skills and cybersecurity concepts do participants typically learn and practice during these CTF events?
hackrocks CTF competitions are structured in two main formats: Jeopardy and Attack vs Defense.
The Jeopardy format involves solving challenges to gain points and climb up the leaderboard.
The Attack vs Defense format involves participants protecting and attacking virtual machines or containers, aiming to control as many machines as possible by the end of the competition.
These competitions help participants develop critical cybersecurity skills, such as vulnerability assessment, network security, system exploitation, and defensive strategies.
For a newcomer to cybersecurity, what foundational skills do you believe are crucial to develop early in their education?
For newcomers to cybersecurity, building a solid foundation in networking, operating systems, and programming is crucial. Here’s a closer look at each area:
- Networking: Understanding the basics of how data moves across networks is fundamental.
- Operating Systems: A deep understanding of operating systems, especially their structure and security features. This includes knowledge of various OS architectures (Windows, Linux, macOS), with a focus on security mechanisms, user permissions, and file systems.
- Programming: While Python is a useful language for scripting and automation in cybersecurity, a solid grasp of C or other low-level languages (like Assembly) is invaluable. These languages provide a deeper understanding of how software interacts with hardware, memory management, etc.
What are some common misconceptions people have about cybersecurity?
A common misconception is that cybersecurity is solely the responsibility of IT departments. However, effective cybersecurity is a comprehensive organizational issue that requires a unified and coordinated approach across all departments to manage and mitigate risks effectively. In the event of a security incident, it’s essential for the response to involve not just IT, but also strategic leadership and various other departments such as Human Resources, Communications, Legal, and more.
How do you foresee artificial intelligence and machine learning impacting cybersecurity strategies and defenses?
AI and machine learning are improving cybersecurity defenses by automating complex processes for detecting, analyzing, and responding to threats more efficiently than human operators. They help in predicting potential threats based on data patterns, providing a proactive approach to security.
However, they also introduce new vulnerabilities and can be used by cybercriminals to launch sophisticated attacks. This causes the development of advanced defensive technologies that can adapt and respond to AI-driven threats. Because, if you have access to AI, cybercriminals do too!