You know you’re a technical security consultant when you can say the best part of your job is breaking things.
Javier Moreno is passionate about improving enterprise security – and to make a technology better, he breaks it first. The thrill of figuring out a software’s weakness drives Javier, but also the knowledge that he’s providing secure technology to the customer.
As a Senior Security Consultant, Javier is one of our experts in F-Secure’s Cyber Security Services (CSS) unit. CSS helps organizations enhance their overall security to protect against cyber attacks. (And they’re hiring! Interested in joining them as they strive to be the leading and most trustworthy security assessment team in Europe? Check out our open positions.)
So what’s it like to work in CSS? I asked Javier about his job, what he likes about F-Secure, and how he ended up here in the first place.
I perform security assessments of all sorts of technologies. In short, either break them or know where they will break, and then help improve those technologies. Fortunately, our internal processes are quite optimized so we don’t have to deal with much bureaucracy. That means I can focus on the work that I am most interested in. For me, that’s reading code, disassembling binaries, thinking about how a framework will break or will be misused, and programming small tools to aid my process. It takes patience! I really enjoy figuring out new things.
CSS is about establishing a trust relationship with our customers and challenging them to improve their security, while providing them with the necessary information and tools to have an advantage. We perform technical assessments for our customers, and also advise the C-level and counsel them on security and risk management. We’ve grown to cover many topics: application and network security, incident response, embedded systems, transportation security and more.
For me the best part of CSS is the people on the team. We all rely on each other, learn from each other, and in the end we provide the best results to our customers. Our team in CSS is big and skilled enough to cover many facets. We really love security.
“End users should not be expected to understand
the consequences of technologies, so it’s our task
to provide them with things that are secure and
safe by default.”
As a security consultant, I have to say it – it’s when something breaks! It’s the thrill of working on something that is obscure and difficult to understand at first, and how that untangles to the point where you can control it.
The technologies the modern world is built on require security to run properly. Whether we like or not, end users should not be expected to understand the consequences of technologies, so it’s our task to provide them with things that are secure and safe by default – built-in! I am not a savior of anything, but I sure like to do my job well and put a lot of effort into it. Our passion is what makes the difference for our customers and users.
I don’t think there’s an “ultimate” job. I try to do the best I can in every area: offensive, defensive, designer, builder, breaker, conceiver of next step. I always try to mix consulting with research and the latter is what is more interesting to me.
My background, rather than being in computer science, is in telecommunications engineering. The University in Spain was much more theoretical than practical and it covered a lot of topics, so I ended up with quite a multidisciplinary profile, something in between hardware and software. I started in the space field, but infosec was my hobby for a long time and soon I started doing it full time, moving away from the typical engineering path. In any case, in this field, degrees and certifications generally mean nothing – they are just enablers, a jumpstart. Infosec is a very broad field of work and requires passion, maybe even obsession, if you want to cover enough aspects and be good enough. In 2010, I moved to Germany to pursue a more interesting security market and have been part of F-Secure’s CSS Germany team for over a year now.
Want to learn more about a career with F-Secure Cyber Security Services? View our various open positions in sales, risk/security management, technical consulting, and people management.
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
What the hell happened? On May 12, 2017 multiple organizations were hit by crypto-ransomware called WannaCry. Infected…
May 13, 2017