I hold a Telecommunications Engineering degree from The University of Alcala de Henares in Madrid. I was the founder of Dinoflux, a cybersecurity product specialized in threat intelligence generation and distribution to different cybersecurity systems (IDS, Firewalls, IPS, SIEM, etc), boosting pre-existing technologies in order to provide a wider range of threat detections. From 2018 onwards, Dinoflux became one of the partners of the cybersecurity area of the company Telefonica.

Beginnings…

My Academic Background and Freelancing Journey

I studied telecommunications engineering in Madrid, and while studying at university, some classmates and I started our first steps as entrepreneurs providing cybersecurity services on ethical hacking, website issues and error alleviation reports for multiple clients.

Thanks to the experience gained during this time, I expanded my vision and detected several gaps in other areas of cybersecurity and threat intelligence, such as the way malware detection and protection systems identified, classified and consequently blocked malicious information, which I envisioned as a “business opportunity”.

How I Focused on Threat Intelligence

This led me to develop a more detailed analysis of malware which through a sample managed to extract all the intelligence contained in it (where it connects, what functions it has in the Windows system, if it creates files, if it opens directories, and other activities that the malware can do) in order to create a profile of the malware that could be exported in different formats (STIX, snort, etc.) to be consumed not only by IDS, Firewalls, IPS, SIEM technologies but also by antiviruses.

By the time I was working as a freelancer in 2014, different kinds of technologies helping to protect companies from cyberattacks were developed, “technologies such as IDS, Firewalls, IPS, SIEM, among others…”. From all of the cybersecurity systems available at that time, the antivirus systems already had databases rich enough to provide information for detecting malicious content. The more recent malware detection systems, unlike this, did not have evolved much and lacked a rich database. These systems also had old IOC (indicators of compromise) “blacklists” that used a hash (static identification) standard with 100% similarity recognition that narrowed the possibilities to detect more malware threats.

When Dinoflux Was Finally Conceived

During 2014 I created a PoC with Guillermo Campillo and in 2015 I designed and developed Dinoflux with Cristian Sandoval who helped me in the past to develop drainware.

The idea of creating Dinoflux arose initially when a client asked me to generate intelligence and malware identification reports manually. Consequently, I generated rules of IDS in snort format, rules of file identification in YARA format, and generic rules in STIX format. I realized this could be useful for other clients who also wanted to generate intelligence. In order to help me do this, I developed a small, basic program making use of a “sandbox” (a security mechanism that allows you to run programs and malware in a controlled environment without compromising your equipment). Through the constant evolution of this, I had somehow created Dinoflux.

How It Works

The intelligence reports of Dinoflux provide detailed information on threats that enrich the system’s databases which through the “attribution of an actor” (in other words, the identification of who is behind the creation of the threat and the behavior analysis) can recognize similar behavior in future threats.

What Dinoflux does is provide any cybersecurity product, for instance IDS, with extra intelligence. IOC of Dinoflux are more advanced and more descriptive which enables it to detect a wider range of threats.

Demos

Dinoflux Overview

Dinoflux IDS Integration

When and How Dinoflux Began to Be Offered as a Consolidated Tool

As I explained, Dinoflux already had a database that was updated daily and autonomously, and which could be consulted by customers at any time. Although something that adds even more value to the way Dinoflux system is enriched is that the client can also contribute to the database and, if they so wish, publicly share what has been reported, allowing intelligence to be generated for all other clients.

By the time Dinoflux was already more established as a cybersecurity platform, its subscription price amounted to USD 80,000 per year with the option to try a free trial before paying the annual subscription.

Even before it was finished, Dinoflux services could already deliver value from the first moment, this motivated me to start offering it to different clients upon subscription. All the intelligence generated by Dinoflux is stored in the cloud, therefore, not only is the intelligence that the clients’ system collects, on top of that they could also consult the database that we have updated in the cloud, in addition to the daily intelligence reports that we gave them. This was something that customers valued a lot.

Dinoflux as a Promising Startup and INCIBE

After offering Dinoflux to several clients to give a boost to threat detection devices, I decided to venture into new challenges and position Dinoflux to another level. It was at that moment when I was suggested to participate in INCIBE’s cybersecurity startup program “Cybersecurity Ventures” in 2017.

INCIBE is the National Institute of Cybersecurity of Spain (INCIBE) which, in collaboration with the Junta de Castilla y León, through the Institute for Business Competitiveness of Castilla y León (ICE), and the Leonese Institute for Development, Training and Employment (ILDEFE) launched the Cybersecurity Ventures International Acceleration Program for Cybersecurity Startups. The program has a duration of a year in which the participating projects must meet a number of activities.

Source: https://www.incibe.es/ventures

My Experience in the “Cybersecurity Ventures” Program

Each startup had 2 minutes to pitch their idea and how you were going to execute it as a business, there were experts from different companies in front that the people from INCIBE had hired, we went phase by phase with the highest valuation. That was very motivating. In addition to the fact that we were learning because during the program you are getting mentors who explain to you what approach you can give to your project, they help you define the price that is most appropriate, marketing strategies, how to scale as a company. The business part I evolved a lot thanks to the startup program. We were in contact with the main companies of the IBEX 35. It was almost like a master because we had courses from different areas of the legal part, human resources, strategy, and best of all is that we had master classes in which successful entrepreneurs came to teach the master class.

Dinoflux and Telefonica

During the time that Dinoflux was participating in the INCIBE program, my team and I had contact with the Telefonica company, which had shown interest in Dinoflux. Although we had been approached by other companies, Telefonica was the one with the largest portfolio of clients in Spain, the United Kingdom, Germany, the United States and Latin America.

At that time Dinoflux had grown significantly therefore maintaining the servers was too expensive.

We had employed 15 maximum-capacity servers with 64 gigabytes of RAM. That was expensive to maintain and at the moment we had no clients, the first big client we could try to get was Telefonica.

A few months before concluding our participation in the “Cybersecurity Ventures” program, Telefonica reiterated its interest in Dinoflux, which would be a great relief for me and my partners to have a client such as Telefonica. Surprisingly, the company approached not with the intention of becoming a client but to buy the startup.

A few months after Telefonica’s approach to Dinoflux, the program ended. Of the almost 100 participants, Dinoflux obtained second place, thus receiving a prize of EUR 24,000. Thanks to Dinoflux’s successful participation in this program, the Telefonica company reaffirmed its interest in acquiring Dinoflux.

Despite the high costs that Dinoflux generated for me, the idea of selling was never contemplated, but finding myself in a somewhat complicated economic situation in which Dinoflux was self-financed, was becoming increasingly costly, market competition was growing and Dinoflux’s client portfolio was not yet so large (since being in talks and negotiations with Telefonica, among the conditions was not acquiring more clients until we had an agreement), the idea of selling was not so inadmissible in the end.

To have continued like this, it would have been a “suicide”. Thanks to the second position in the INCIBE program we got some money and could pay for some of the things, but even so it was all very much to the limit. An incredible job had to be done because, if we did not win any position, Telefónica would also lose interest in us.

After the approach by Telefonica in the spring of 2017 and after a year of various negotiations, the agreement was finally closed in July 2018 when Dinoflux was acquired to become part of the ElevenPaths portfolio of products and services. ElevenPaths is the Telefónica Group’s cybersecurity unit which combines startup innovation and the experience of a company that has been consolidated for years.

After the acquisition by Telefonica, Dinoflux was able to grow much more as a product, but also as a company since it worked with better capabilities, which allowed it to renew itself and adapt to the changes that occurred in the future.

My Experiences as an Entrepreneur

During all the time that I worked as a freelancer and since Dinoflux was taking shape until reaching what it is today, I had to go through many economic challenges that never discouraged me or made me stop on my journey as an entrepreneur. If not, all of this led me to work even harder and educate myself on business to take my product to the next level.

Before INCIBE and during the beginnings of Dinoflux, I participated in various entrepreneurship workshops in which, in a way, they helped me train and be prepared for what I would later experience in my year in the INCIBE program.

This matter of entrepreneurship had been calling my attention for many years, so I traveled almost every year to San Francisco, which is the birthplace of startups, everything is there. I used to go to an event that helped me a lot, the RSA Conference.

I participated in events such as the Palo Alto Startup Weekend in which I learned innovative methodologies such as Lean Startup, very useful for the development of a product and which I and my partners applied a lot during the development of Dinoflux and which later we would also apply during the INCIBE program. Among other methodologies learned was the Business Model Canvas.

On the Canvas you draw who are key partners, key activities, value proposition, customer relationship, customer segment, key resources, distribution segment, cost structure and revenue stream and once these are identified, each certain period of time you update the information to get a clear idea of your business. For a startup that is starting, this topic is super critical. In Lean Startup, you make an assumption, for example “I think that companies in Spain need extra cybersecurity intelligence for their products, therefore, to get to them I am going to do these experiments”, so you are creating a product with what is known an MVP (minimum viable product) that is the minimum, the cheapest thing you have to do to fulfill that need. You are teaching this product to unfinished customers while they give you feedback, so if there is something they don’t like, you redo it or modify it. The idea is to pivot until you come up with a good idea that your customers validate.

According to my experience, we relied heavily on these two methodologies to develop Dinoflux, which saved us a lot of money and at the same time benefited us when we arrived at the INCIBE cybersecurity program, since we participated in other events and workshops for startups such as Lean Startup Madrid, Philippines Startup Weekend and the aforementioned RSA Conference and Palo Alto Startup Weekend. Even at some point it was thought to take Dinoflux to the entrepreneurship program carried out by Telefonica, the same company that acquired us years later, this in the end was not possible because the Telefonica program supported the development of companies in earlier stages and Dinoflux, being an already advanced product, no longer met the requirements requested by Telefonica.

An important part of my experience as an entrepreneur was working in the ideal place where I could take a break and relax from the stress that can come from starting a project by myself. I found this space in the Philippines, a place I always returned to restart and find the concentration necessary to continue.

It was one of the best things I could have done. I would have liked to live my whole life there, but for work reasons and because from 2017 it was a continuous negotiation process, at the end I had to return to Spain, but between 2015 and beginning of 2017, I can say that I was very happy.

What’s Next?

I worked remotely by contract as Vice-President of Threat Intelligence of Telefonica. This was arranged under my conditions as a “vesting contract” in which basically I was subjected to commit compulsory with three years in the company. Although at that time I found myself in a very comfortable situation in terms of stability, I was hoping to keep doing what I liked the most “start a project” in which I could focus all my energy and passion, just like I did with Dinoflux.