Pedro Sánchez Cordero is a member of the Forensic Investigation ? and Analysis team of the Threat Response Area of Cybersecurity at Santander Bank.
CSO, The leading international specialist cybersecurity magazine published by IDG Communications, recently included Pedro in its list of the Top 25 Cyber Influencers during the Virtual Cybersecurity Conference 2020 in Spain.
Congratulations on your inclusion in the list of Top Cyber Influencers Pedro! Firstly, can you tell us how you made it onto this list?
Hello and thank you! ?
According to IDG Communications, “This award recognises people who are leading by example to help promote cybersecurity”. In my case, I specialise in forensic computer analysis and for the last few years I’ve been using Twitter to regularly publish news, advice and tools in this area.
How did you get to where you are now?
Over the course of my career I’ve worked for leading companies as a consultant specialising in Threat Hunting, Incident Response, Forensic Analysis, Threat Intelligence and Pen Testing. I have over 10 years’ experience implementing standards such as ISO 27001, CMMI (level 5), PCI-DSS and a whole range of security methodologies, particularly in the banking sector.
I’ve also worked with Threat Response to deal with incidents and perform forensic analysis, working together with different private organisations and state and law enforcement agencies such as the National Police Force ? and the Guardia Civil.
I participated in the Locked Shields workshops organised by NATO and was granted NATO Secret security clearance, as well as speaking at NATO conferences and other events specialising in cybersecurity.
I’m a lecturer ?? for a number of cybersecurity Master’s programmes offered by different Spanish universities and the Summer BootCamp of the Spanish National Cybersecurity Institute (INCIBE).
I’ve also worked in the field of Bitdefender Intelligence, firstly for Google during four years and then another four years with Deloitte as head of the team responsible for Incident Response.
That sounds amazing! How did your passion for cybersecurity arise?
Ever since I was small I loved assembling and disassembling things, particularly radios and TVs. At the age of 14 I got my first computer ?, which had no hard disk, 512K of RAM, a CGA graphics card and the MS-DOS operating system. I was studying basic school certificate at the time and when I came home one day to my computer I realised that some of the commands and options didn’t work correctly because they’d been infected with a virus. That’s when I really began to get interested in computers.
By the age of 15 I began thinking I could earn a living with computers. I designed my first home-made anti-virus and marketed it to friends and family. I also started studying computer science ??, and above all I spent the evenings researching, reading computer security books and learning both by myself and with the help of many friends who freely shared their knowledge, just as I’ve been trying to do for some time now.
Later on and due to my natural leaning towards technology, I began to search for errors and come up with new solutions and defence mechanisms.
You are part of the Forensic Research and Analysis team at Santander Bank, more specifically the Threat Response area (Cybersecurity). Can you tell us what your job involves?
We’ve all seen series like CSI which deal with police investigations of crimes with a certain technical perspective. We have a similar concept in the digital world. When a cybersecurity incident arises, we investigate based on the evidence available, seeking to identify the source of the problem. Then we need forensic images of computers and information sources, which we subsequently analyse to extract valuable information. Finally, the results of the analysis are sorted and presented so that they can be used to implement defence mechanisms ? to ensure these risks don’t arise in the future.
In other words, you’re on the ‘light side’ of the cyber security world … Have you ever been on the dark side? ?☠️
I’ve always followed the path of the light side, but I’m going to tell you a little secret: a long time ago while I was on the light side I gained access to certain resources using dark methods and it’s only in the last few years that I’ve finally been able to visit Russia again. A friend of mine who was a public prosecutor said to me at the time: “You’re lucky we don’t have an extradition treaty with them.” From that time on I swore I would never go to the dark side again.
Do you have any interesting anecdotes about threats which stand out for you?
Enough to fill a book! Some of them are very amusing and others not so much, but what I can say is that these attacks are becoming ever more calculated. They use techniques such as malware ❌ that performs operations and activities just like a person, making them very complicated to detect. You could say that the bad guys have honed their game, but what they don’t know is that Santander has a cybersecurity team which is more than ready to stop them.
If you had to define your career in three words, what would they be?
Three things have always characterised my work:
? Committed. I get involved in projects, sharing new developments and know-how and working on a daily basis to ensure all my team’s needs are met.
? Positive. I’m enthusiastic about the projects I work on, particularly when we have to deal with any difficulties that arise.
? Constructive. Due to the nature of my job, I’m an analytical person who tries to break problems down to make them simpler without losing focus.
In your experience, who is more vulnerable to cyber attacks, public authorities or private companies like Santander? Is the response to these attacks the same in both cases?
It might sound like a cliché but nowadays the vulnerability is widespread and it affects everyone. States ? are at risk of attacks made from other countries with the aim of destabilising the government and generating uncertainties with political and social objectives. Meanwhile, we face other types of cyber attacks which affect economic interests and reputation. In many cases, the same parties perpetrate attacks against both governments and private companies. This means the responses and solutions are complex. In my experience, I would say that we’re faced by such a big challenge that we need to create channels for cooperation and communication between public and private stakeholders. Otherwise, the threats will continue to increase, reducing the capacity that citizens and companies have to react to these cybercrimes.
What differences do you see between working in a 100% technological company like Google and working in a company that is investing in technology like Santander?
In reality, the two are quite similar. Technological progress has undoubtedly improved our lives in every way; it has changed the way we function, the way we travel and even the way we communicate. And it has also changed the way we work. The digitalisation process at Santander is a reflection of this technological progress.
Google decided to invest in technological innovation and Santander has also committed itself to this area, which will help us to present new ideas, reach a wider public, use special tools to organise and manage financial services, and above all create a better product to ensure our customers are happier ? and their daily lives are improved.
And what would you say makes us different compared to other companies in the Top Cybersecurity list?
The banking environment is a highly regulated ecosystem, meaning we have many more measures to meet our customers’ expectations which other organisations don’t have. On the other hand, in the words of our Executive Director: ? “Having the best technology means not only having the best infrastructure, applications and processes, but also the best people, the most innovative talent. We have an exceptional team at Santander and by incorporating more members in the teams of all our markets we will accelerate our digital and technological transformation.”
I believe that’s the main difference: the talent, the team of people we have here. That’s what really allows us to assume such a dominant role.
To cap off, can you reveal any tips for those of us looking to work in cybersecurity?
Master the basic principles of cybersecurity, learn as much as you can, specialise in an area and think of yourself as a hero ?♂️ defending the world from cyber attacks — ah, and above all be a good colleague and a good person!
This interview was hold online and from home ? with Alba Molina, from the Communications team at Technology & Operations to Pedro Sánchez, from the Forensic Investigation and Analysis team of the Threat Response Area of Cybersecurity at Santander Bank.
