Why Nominated: A top security consultant who has dedicated himself to improving security for over 15 years, Alejandro Hernández was responsible for uncovering major security flaws in stock trading technologies.
Profile: Alejandro Hernández, who presented new, ground-breaking research regarding security flaws in stock trading technologies during the 2018 Black Hat conference, also discovered significant stock trading vulnerabilities that bad actors could use to gain access to consumer’s personal banking information. The flaws would also allow attackers to steal money as well as be privy to net worth and investment strategies. He found vulnerabilities such as unencrypted authentication, communications, passwords and trading data, in addition to remote Denial of Service (DoS). The financial industry, he found, was riddled with weak password policies, hardcoded secrets and poor session management.
Hernández disclosed his findings to all vendors affect and intended his research to server as a wake-up call for the financial industry – he advocates for the industry to adopt stronger security controls and to follow best practices when they create apps for trading stock.
A top security consultant, he has sought to improve security for more than 15 years. In his current position at IOActive, he advises Global 500 companies in different countries including Mexico, South Africa, Germany, China, Netherlands, United States, South Korea and England. Before joining IOActive, he founded Chatsubo Security Labs, which focused on vulnerability and exploit development, and was a senior IT security advisor for KPMG.
What colleagues say: “An enthusiast of fuzzing and programming, Alejandro is also a pioneer in the exploration of security risks in brain waves technologies. He has spoken in security conferences around the world, such as Black Hat, DEF CON, CODE BLUE (Tokyo), BruCON (Belgium), DragonJARCon (Colombia), Campus Party (Mexico and Colombia) and BugCON (Mexico). While he travels around the world helping companies to improve cybersecurity, he is continuously searching for new threats which often leads to ideas for innovative research about threats overlooked by most security researchers.” – Cesar Cerrudo, CTO of IOActive and Founder of Securing Smart Cities