January edition of MilliOnAir Global.
Ralph Echemendia Hollywood’s Ethical Hacker Interview by Elise Quevedo
01001000 01100101 01101100 01101100 01101111 Was that just a bunch of 1’s and 0’s or did it mean something? For most of us is just a bunch of numbers, but for any hacker they know it’s the basic encoding of the word “Hello”
As we enter 2018 and after all the cyber security scandals over the last few years, it was only logical to talk to one of the best experts in the field. I couldn’t think of anyone better than my good friend Hollywood Cyber Security Expert Ralph Echemendia aka The Ethical Hacker.
Life is moving at a very fast pace, and with technology & the digital world evolving faster than ever, the need for online security is more paramount than ever.
Think about it for a minute. We are constantly using cell devices & laptops to access some of the most sensitive data in our lives which includes banking, social networks, emails and confidential documents, but do we do it in a safe environment? Are we aware of how easily our data can be breached or hacked?
When was the last time you received a scam/phishing email? How many of you have by mistake clicked on a link because you thought came from a legit source but was actually malware? How many of you tape your laptop cameras for fear of remote access?
For those using a VPN, do you even know what VPN stands for? (Virtual Private Network if you were wondering)
There are too many different ways we can be hacked that we are not aware of! I mean, we can’t all be hackers but we should all aim to have the basic knowledge so we can protect ourselves. With state-sponsored attacks and new attack vectors it can be very overwhelming.
We are so used to using the technology that is available to us, that we don’t normally think of how to protect ourselves online. We can even become complacent and lazy when it comes to setting up something as simple as passwords or changing them.
These days there is a big demand for cyber security training and I believe over the next few years this industry is going to expand in many areas around the world. Because cyber security is not just for the tech industry as many believe, it applies to every industry! From film & music to health & fitness, it is a new cultural movement that is sweeping the planet.
So let me tell you a little bit about Ralph for those who don’t know him. Also, don’t let the super cool dude attitude fool you, Ralph will blow your mind with his knowledge of the cyber world, and yes he is one of the good hackers, thank god for that!
Ralph Echemendia is a world-renowned cyber security expert, known internationally by his alter ego “The Ethical Hacker.” For over 20 years, Ralph has delivered training on hacking and other security information to corporations including the US Marine Corps, NASA, Google, Microsoft, Oracle, AMEX, Intel, Boeing, Symantec, and IBM.
His portfolio of work and reputation as a leading professional across several industries has landed him the credibility to make appearances on CNN, Fox News, USA Today, and Forbes, to name a few. Ralph took his talents to Hollywood, California and has worked with award-winning Director Oliver Stone as a technical supervisor on films such as “Savages” and “Snowden” as well as other projects such as the film “Nerve” and award-winning TV series Mr. Robot.
He has now joined forces with some of the music industry and Hollywood’s most influential names and is working on cutting edge technology for consumer cyber security. Ralph has also been a featured speaker/panelist/keynote at events such as WoHiT in Barcelona, The Customer Contact Expo in London, Georgetown Law University Cyber Event, Raytheon’s Public Sector Cyber Security Summit in Washington, DC, Austin’s South by Southwest ® (SXSW ®), the LA Film Festival, the Tribeca Film Festival, Pioneers Festival 17 in Vienna and Web Summit to name a few.
His jaw dropping “Hacking Hollywood” appearance has been presented at Creative Artists Agency, the Digital Entertainment World Expo, the Content Protection & Piracy Summit, as well as the Anti-Piracy and Content Protection Summit.
Now is time to get to know The Ethical Hacker and get an insight into what he is up to these days.
So Ralph, I know your journey started at a very young age, how did it all start?, What got you interested in computers?
At around 13 my childhood best friend introduced me to ham radio. That got me interested in how radio frequencies worked, that opened my mind to the world of communications. Shortly after a magazine of sorts called 2600 made it to Miami where I grew up.
This magazine is known as “The Hacker Quarterly” and introduced me to phone phreaking. Shortly after I was using the phone system to make long distance calls to BBS’s (Bulletin board systems). It was on these BBS’s that I first met other “Hackers” and first read the Hacker Manifesto. I identified with these words and with the people I was meeting all over the world, digitally of course.
There is a big jump from the world of hacking as one of the top cyber security experts around and becoming Hollywood’s The Ethical Hacker, how did you get into the Hollywood scene?
I have always been around the arts; both my father and mother are musicians, they always exposed me to music, dance and film. My first company was when I was 15, I had a DJ and sound company providing sound systems and DJ services to the local Cuban community and many of Miami’s early night clubs. So I always had a love for music.
In 2006 I co-owned a ticketing company which did a number of music festivals in Miami and abroad. Through those relationships I met several of Bob Marley’s sons including Damian Marley who I spent a lot of time in the studio with. This gave me a view in to the production process and tech used. Of course coming from security I had a very different perspective on the “tech” and it’s vulnerabilities. This would later prove very useful.
Around 2006-2007 I was also providing expert witness digital forensic services to a case in LA (non-entertainment related) which made me spend a great deal of time in LA. At the same time Damian was recording a new album with NAS (Distant Relatives). I would work the case from 9am to 6pm and then be in the studio until late in the evenings. It was here I met many celebrities, all of which had many questions and issues.
Shortly after finishing that case I was being approached by “the industry” to do a reality TV show about hackers”, needless to say I turned it down. But this is how it went down, I was on a plane from Miami to LA for meetings with a production company, as soon as I landed in LA I had a message to call my colleagues immediately as a case had come up and it was time sensitive. So I called of course. He said we need you to fly to Detroit ASAP, we have a case where a famous hip hop artist has been hacked and his music is being leaked on the internet months before it’s intended release. I explained I could not get there until Saturday (it was Thursday morning) as I was booked and in meetings until then. So Saturday morning I flew into Detroit to begin my investigation on what is now known as the Eminem Recovery album case.
That was the beginnings of many projects in the entertainment space leading me to end up in LA permanently. I continue to work in the music space in different capacities and have worked as an expert in legal cases (Twilight: Breaking Dawn), a technical advisor / supervisor for Oliver Stone on Savages and Snowden. In addition the film Nerve and TV show Mr. Robot.
You just mentioned Snowden, what was it like to be the technical advisor for that?
Well prior to the Snowden disclosures, I took Oliver to Defcon in Las Vegas, as he expressed and interest in doing a film about this subject. A few months later Snowden came out with his disclosures.
That was one of the most extensive projects I have worked on to date. Not only was I the technical supervisor on the film, I worked very closely with Mr. Stone from the first drafts of the screenplay to working with just about every member of the crew.
In addition my team and I provided a customized secure communications platform for handling of all digital assets, as this was Oliver’s first film shot on digital. It was an experience I will never forget, and it was the catalyst to my coming to Europe since I was a child.
I want to talk about the cultural change you are embarking on, because when we think “hacker”, we imagine a nerdy kid in some basement with multiple computers who hardly interacts with people and when we think of hacking we think of just tech… ( hey, I’m not stereotyping but that is the way hackers are always portrayed in Hollywood right?! haha) .. but you are quite different. Not only do you dominate the tech world of course, you are involved within the Entertainment realm… music & film. Tell us more about this journey.
It has been a journey I could have never imagined. I never thought I would be doing this for a living, Much less working with artists who I have always admired. Hacking and computers were just a hobby first.
I didn’t graduate from high school nor did I ever go to college. I have always been blessed with a personality and the ability to communicate with others. My first job was as a secretary for PR firm in Miami. Turned out this firm handled Lexmark for South America. It was then that I met engineers from IBM, I showed them a few tricks on how I could make their printers do what I wanted without their software and they were blown away. They asked where I worked and I explained. They told me I should be a systems or network administrator or engineer with what I knew.
I further explained I did not have a degree, one said, that doesn’t matter, there are not enough knowledgeable people in the industry and that I could easily land one of those jobs. He gave me a recruiters name and number and I sent him my resume.
Within a few weeks I was the systems administrator for Oracle Latin America. A little over a year later I went to work for Editorial Televisa and not long after that Miami Children’s Hospital where I configured and deployed one the first electronic medical charting systems in the world.
It was there that security began to play a role, I discovered major vulnerabilities in in this system which lead to a title change from POC systems administrator to Security Officer. It was around this time that the Firewall came out and I became responsible for deploying and testing the security of all things medical.
A few years in, the internet happened and I was doing a little moonlighting 🙂 One of those gigs turned out to be for the United Nations, so for a while I ran both the hospital systems and deployed the UN Missions Web and email services. Shortly after and due to the fact that many of the people I met knew nothing about security I decided to write a class about how hacking ad security testing is done.
It was called Applied Penetration Testing. I went on to provide consulting services and training for many years before I went to work at Terremark (Now a Verizon company) where it lead to the entertainment industry and ultimately what I am doing now with Seguru.
I remember you saying, the cyber security world has 0 unemployment because there is a large demand for good hackers. Many people might read this and say, “hey I want to become a hacker”, what’s your advice?
Normally I say it’s never too late to start a new passion but this is not an industry where you learn it all and become elite in a couple of years.
There is a mass shortage of qualified professionals in this area, that being said, hacking takes knowledge of a lot of different tech. And it takes a creative mindset and approach.
Not everyone has these skills and traits. One must know how to learn without a teacher, learn deeply and quickly any technical subject matter. It takes a great deal of time and lots of frustration, hence also a lot of patience.
If you have these things and truly enjoy a challenge, then you could be a hacker. (Security professional) There will never be a shortage of jobs in this industry. It will continue to grow and the sooner you get started the better.
Looking back at when you started and how Social Media & Technology have infiltrated our lives, how do you think they have impacted the hacking world?
Well most importantly is that social media as we know it now is soooooocial…. Meaning that it’s not fact or fiction, it’s a social web of information that may or may not be of value to the greater good.
Information is not intelligence. It’s how we process that information, our analysis and understanding of it is what makes for a more intelligent human. We have certainly seen it’s impact, and I do not doubt that in the end it’s a major piece in the puzzle that is human evolution.
It’s impact on hacking specifically is simple. Where in the old days we had our own small social network and more was shared on a semi-private level, now it’s all out there forever.
The real truth of what is happening is grey, nothing is quite certain anymore. No doubt there has been many positive aspects. We can better communicate all around the world. But with the good comes the bad. It’s a matter of balance.
I love that you said that and I completely agree, It’s all about balance!. Now let’s get a bit technical. What’s the difference between a threat, vulnerability and a risk?
Well, the definition of a vulnerability is the quality or state of being exposed to the possibility of being attacked or harmed, either digitally , physically or emotionally. In todays connected world all of those are true of vulnerability. Risk has more to do with your exposure to danger.
We are all vulnerable in some way or another, but some of us are more exposed than others. In other words some run a higher risk of being hacked even of the vulnerabilities are the same. Most consumers run this higher risk as a result of their lack of knowledge and awareness. Make sense?
Absolutely! What is the top cyber security concern individuals & businesses face today?
Both are really the same, companies are constructs created by people for providing products and services to people. From what I see and hear, most are concerned with their data being accessible by un-authorized persons. We are also very concerned with the ransoming of data. In may organizations availability and the integrity of data are truly critical.
There are still many other issues, like anonymity and privacy that have yet to be properly addressed. Most don’t understand what these words mean in a digital world.
What can we expect in 2018 when it comes to cyber crime? Are we more ready to combat the attacks?
”Expect a lot more cybercrime in ways we have not yet seen. Keep in mind crime is a matter of what is defined by law as illegal. Legal does not define correct, nor does it define morally right.”
It is difficult to recall that during WW2 it was legal within the German law to do atrocious things to the Jewish people. What is illegal for people to do may not be illegal when a government does it. We are NOT ready to combat these attacks as we as consumers barely understand what is happening.
Awareness is the key to reducing risk.
One question we often see from parents is,” how can I protect my children from the nastiness of the cyber world?”. Your thoughts on this?
Once again Awareness is they key. Both parents and kids need to made more aware of the impact that their online activities have on their lives.
Does “total protection” exist online?
NO it does not nor will there even be such a thing. It does not exist in the physical world, the digital realm is only a reflection of it and us.
Most people are not cyber savvy, I mean most of us use cellphones & laptops but are not as security conscious, as we should be. What would be your top 3 security tips to do for anyone out there who wants to cover the basics?
#1 – Use common sense.
#2 – Ask questions ( use Google if you have to)
#3 – Pretend you were doing this in real physical life, ask yourself if you would give up the same information without knowing who and where it was going.
Why does it take so long to find out we’ve been hacked? What should be look out for? Are there any signs that let us know we may have been hacked?
It takes so long because hacks are designed to be covert. They use encryption to bypass detection in many cases. As a consumer you currently lack the tools to allow you to do anything about it. You would not know until it’s to late and usually its impact is extensive.
Soon you will have the tool to know what you currently don’t and that is the key, the signs if you will. We can not prevent certain kinds of hacks but we can reduce their impact by knowing sooner. Time is the factor by which risk is defined.
Over the last couple of years you have been more active in the international speaking circuit. Last year we both spoke at a couple of the same events. What made you want to speak in more stages and share your knowledge?
I felt that speaking strictly in technical conferences was much like talking to myself.
To really make an impact I realized I had to go outside of the typical tech conferences and bring knowledge to the masses, in an entertaining and digestible way, so I focused on that more.
It has been much more rewarding than “talking to myself”.
I second that! For anyone who has never seen Ralph speak live, I highly recommend you do. He will open your mind to a world that can be pretty scary, but he has a very relaxed approach to it and even if cyber security is not your field it will make you understand a bit more about what we should be aware of.
What would you say have been some of your most memorable moments in your career so far?
Certainly working for Eminem and with Oliver Stone. But more importantly is hearing my son and daughter say they were proud of what I have done. Showing them that they can do anything they love is by far the most memorable moments in my life.
Let’s talk about Seguru. A few weeks ago we were at WebSummit in beautiful Lisbon, Portugal where you did a pre announcement for your new security app. Can you tell us more about it for those who were not there and when will it be launched? How was Seguru born, who is it for?
”Seguru is an app/service for consumers and their mobile devices, it encrypts your data and monitors internet use for threats against your daily lives. Our mission is to provide a holistic and mindful approach towards a safer digital experience for everyone.”
I realized that no one was helping the consumer, while many “solutions” existed for companies, there was nothing your average consumer could use to reduce their risks. They are either to complex or provide no real value.
So I set out to create that tool, that solution, that which would give you the awareness and visual experience that anyone can understand. It’s about people and for the people.
Seguru was conceived in Los Angels but was born in Tallinn Estonia in early 2017. It will be launched globally May 2nd.
”Be mindful, Be safe, Seguru”
Here is a cool video of the pre announcement of Seguru
You also set up Seguru HQ in Europe, why that choice?
Seguru is headquartered in Tallinn Estonia. We chose Tallinn and Estonia for several reasons. I fell in love with Tallinn,
First I found it to be the most technically advanced country in the world today, with e-Residency and e-voting being a normal thing.
Secondly they provide incentives for companies like mine to thrive there, such as 0% income tax on corporations.
Third and most important, Estonians are smart and resilient people, I wanted to build a team like no other and I found Tallinn the place to do it.
So what’s next for Ralph Echemendia?
Provide Seguru to the world and make a real impact on peoples digital experience and lives. That’s my passion. I really want to help. II will continue to be involved with Hollywood on entertainment projects as well as music projects and how to bring these worlds together.
What or who inspires you in life?
My grandparents, mother and father.
What does Ralph enjoy doing on his spare time?
I truly enjoy spending time with my son Rafael and daughter Hennessy. Dad-a-ging my Hennessy’s music career is also something I enjoy very much. I get to see and hear her as she grows and develops. It’s a true blessing and she is an inspiration to me.
She sure is! Hennessy is a very talented young lady I have had the pleasure of listening to her live and I’m sure people would enjoy getting to know who she is, so let’s give them a sneak preview here.
With all the experience and wisdom you have gathered so far in life, what advice would you give to your younger self?
Expect the unexpected. Listen more. Travel more. Have fun.
Tell us something not many people know about you
I love Medieval and Renaissance festivals. 🙂
What countries would you like to visit that you have not been to as yet?
Russia, China and Japan.
And finally, what is the one item you cannot live without?
Thank you so much for your time Ralph. Always a pleasure chatting with you.
There you have it folks! An insight into the world of Ralph Echemendia, Hollywood’s Ethical Hacker. Ralph said it himself, be mindful & be safe.
The online world has no signs of slowing down. It keeps moving at a pace that is hard to keep up. So be mindful of your online activity and use common sense when it comes to protecting yourself.
If you’d like to keep up with Ralph, you can visit his site www.theethicalhacker.net
For queries about speaking bookings you can talk to his manager Jeffrey Goldberg at Jeff Goldberg Management firstname.lastname@example.org
Live, laugh, be bold, take risks & be super mega awesome
Elise Quevedo, aka The Digital Ghost Queen
Photo credit Aivo Pidim
Photo credit Zachary Balber