An Institute Dedicated to Cybersecurity

Q: Where did the idea to create an educational platform come from?

A: While working for other companies, my partners and I ran recognized that there were not enough skilled people in tech security, which was a problem. Every time we had to contract someone for a particular job, we could not find the person who quite met our needs in terms of both tech skills and a strong knowledge of legal norms. At my previous company, we had an internal training program. Eventually, we created a civil association dedicated to this. At first, we started offering courses on information security. This was done through WordPress and later Google. We offered only paid content but that did not perform as well as we expected, so we decided to start offering free content as well. Part of the issue was that we were too focused on ethical hacking. In 2017, we decided to include new material on advanced defensive security, protection of critical infrastructure and data security. Now, we do free content but if someone wants a certificate, we do charge a fee. The content includes workshops and other activities.

Q: How have you adapted to changing demands?

A: Last year, we had someone with a background in forensic cybercrime join the team. He helped us focus our program more strongly on the national cybersecurity strategy. We studied this and adapted our content. The Olimpia Law, for example, punishes people who share intimate content without permission. We researched the law and created content for prevention. One of the first states that implemented the law, Guanajuato, responded to our content and began using it. To date, there have been 261 claims there but only six people have gone to jail. With our research, we have been able to generate more understanding of what issues exist that inhibit the effective application of the law. We continue to add to our content as we learn.

Q: How do your consulting services work?

A: Through our free trainings, we realized that we had access to people who were directors, chief information officers and other decision-makers in organizations. They asked us to implement certain things they saw on our platform. This is how our consulting started. Later, they had questions regarding which technology they should acquire. In the beginning, we simply worked with the technology they had. Suppliers then began to seek us out and we built relationships with them. The majority of our suppliers are from Latin America.

Q: Why do you work with Latin American tech providers and what advantages does this provide?

A: Part of our motivation is that we want to show that Latin America is also capable of designing very good software. At the moment, we have a supplier of a firewall solution from Brazil. We also work with an Argentinean company dedicated to awareness training. Another technology relates to analysis and management of risks and vulnerabilities. It comes from Chili.

Apart from offering quality technology, there are major benefits in terms of price. This can be affected by exchange rates but companies can charge half or a third of what others do. A firewall from Sophos or Fortinet can cost over US$800. Our Brazilian partner charges around US$200. When we first heard that, we thought there must be some kind of miscommunication. This kind of affordability is very attractive to companies in the region.

Q: Have you established partnerships in Mexico?

A: Despite our efforts, this has not really happened. I think it is related to the culture of malinchismo, where Mexicans think everything from abroad is better than what we have here. The truth is, we can make excellent-quality products at any level. It may also be a lack of entrepreneurship in this area. Our institute also wants to delve into this, although we do not know in which area yet. We are creating alliances with schools and universities, such as Universidad Autónoma de Coahuila and Instituto Tecnológico del Estado de México. In the area of forensics, we are considering developing a methodology with software at its root that would facilitate forensic investigation of cybercrime incidents, adapted to Mexico’s legal framework.

Q: How is your institute financed?

A: Besides our certificates, we have started offering a paid subscription to SMEs that want to receive training and participate in our workshops. These people will use their experience and the technology we provide to improve their cybersecurity strategy. We can also offer consulting for foreign companies, as well as Mexican companies that go to the EU or US and need knowledge and training in legal guidelines and frameworks.

Instituto de Ciberseguridad, also known as ICS, is a civil association dedicated to raising awareness and training people in information security. The institute also provides consulting services and distributes technology to organizations seeking to strengthen their cybersecurity defenses