Today at Inprosec Human Capital we present to you Manuel Bañobre, our Consultant in Information Security projects and Information Security Manager.
What is your function within Inprosec?
I basically perform three main functions within the company. I mainly carry out the work of consultant in Information Security projects in general, both at a strategic and technical level. I specialise in carrying out Information Security Audits for client companies, based on various reference standards (ISO 27011, National Security Scheme, VDA-ISA, etc.) I have also been heavily involved in other strategic security projects, such as the development of Business Continuity Plans. On the technical side, I have participated in Intrusion Test projects for clients, with the aim of detecting security GAPs in terms of system security configuration, and try to violate them as if they were a “hacker”. Internally, I have been working as Information Security Manager at Inprosec for over a year, ensuring compliance with Security Policies and Procedures, and carrying out projects and actions for continuous improvement. From another perspective, I also carry out the management of security projects both at client and internal level, and I am responsible for two workers within the company.
Of the roles you play in the company: consultant, RSI and manager, which one brings you the most?
On a continuous learning level, the role that brings me the most is that of a consultant, since I am involved in different projects and the experience I have accumulated has significantly increased my capabilities over time. In fact, analysing the path I have followed since I started in the company until today, I have realised that the need to adapt again and again to different environments forces me to make great progress in terms of knowledge in a very short time, which is a motivating and rewarding factor. On the other hand, I like the role of managing people within Inprosec and the enriching experience of helping staff to achieve their goals and in their training as professionals. By this I do not mean that I do not like the role of Security Manager, but that it is a more routine function and I spend less time on it.
What has Inprosec meant to your professional career?
As far as my professional career is concerned, it has meant everything up to now, as I have been with the company for more than 5 years, and this is also my first job. Thanks to the trust and support of the organization, I have been able to develop as a multidisciplinary consultant in several areas of information security, both at a strategic and technical level. The truth is that in my case I have been very lucky, since as soon as I wanted to specialize and finished a Master’s degree in Information Security, after 2 months I was contacted by Inprosec, who were interested in my CV. It was a surprise, since unlike 90% of the job offers that can be found daily on the Internet, no previous work experience was required, since people are usually trained from 0, so that they assimilate the way of working from the beginning.
On the other hand, I am proud to have participated in the development of the Information Security department and to have helped it grow, since from 1st person when I started, the team has been growing, multiplying by 6 this figure.
How do you manage to reconcile your personal and professional life?
So far I have had no problem reconciling my personal and professional life. I have not had great difficulties since I do not have children at the moment, but the company policy in this regard gives a lot of flexibility, especially in terms of hours and the possibility of working remotely.
Tell us an anecdote that has drawn your attention to a situation at one stage in Inprosec.
At times, due to our eagerness to discover security vulnerabilities, we have come to exploit “too much” of them, even fearing that it was a real attack. Fortunately, our customer communication strategy helped ensure that there were no problems. I also remember that, due to a small detail that was passed on to one of our clients, we were able to “sneak” into their internal network without making an attack, thanks to the fact that their firewall had the default credentials activated (user: admin / password: admin), so we were able to enable a direct VPN connection. The most difficult part was to make the client understand how we had come to enter 😊.
What do you value most about working for a company like Inprosec?
Without a doubt, the opportunity (and need) to learn very quickly thanks to the involvement in many different types of projects. The company gives us the opportunity to continuously progress by taking on more and more complex projects, which helps us to never settle in our tasks, and work is a daily challenge and a very motivating factor. In addition, the atmosphere and treatment with other colleagues is very pleasant and helps a lot to be comfortable and work better. Since this is my first job, I have not been able to make a comparison, but listening to other people and situations they have had to go through, you realize that in terms of the work environment there is a big difference between Inprosec and the vast majority of companies. On the other hand, our efforts and achievements in projects are regularly recognized, which is a satisfaction and an incentive to continue and improve.
As an employee of a company that specializes in cybersecurity, what is your advice to any entrepreneur who is starting out with respect to their systems?
Without a doubt, to undertake a business needs analysis to evaluate the best options to implement in terms of functionality/security, and from there to request advice for the configuration of the same, also making a technical analysis before putting it into production.
What are your hobbies at the end of the working day?
I usually play sports every day (in my case before the start of the working day). I am also a great music lover, not only listening but also playing instruments since I was 10 years old. On weekends I usually meet friends, go out with my girlfriend, etc. And if I’m at home, in my spare time, I’ll entertain myself by watching movies or series. I love learning new things every day, so I try to spend time reading as well, even though I read a lot less than I would like to.
Who do you ”nominate” to interview next and why?
I nominate Bernardo Viqueira, as he is the company’s technical security and hacking consultant and his knowledge brings a lot to the rest of the team. In addition, he has been my mentor since my beginnings in the company, and thanks to his support, confidence and guidance I have reached my current professional level. I am sure that your comments will contribute a lot to the vision of security at a global level.