Hacker Mindset: Breaking With Industry Norms Spurs Growth

Q: Ethical hacking remains largely misunderstood. How does this “mentality” inform the development of cybersecurity norms?

A: This mentality serves as a principal pillar at Hackmetrix. We view it as a way of thinking aimed at finding alternative solutions and methodologies that are not only capable of meeting the desired objective, but doing so more efficiently.

As a company, we have noticed that the traditional industry recommends security practices based on how things have always been done, thereby emulating corporate behavior, which does not fit small and medium-sized businesses that have no need for lengthy security induction processes. In other words, the normative practices that the cybersecurity industry has distilled over the years are too bureaucratic for the business models of small and medium-sized businesses. Now with cloud services, we can simplify, automate and centralize solutions for SMEs so they can focus on growing their businesses.

Another aspect of this thought process stems from exploiting human error in coding programs because whatever failure may arise within a system comes from humans — and hackers intrinsically know this. Therefore, in the context of an era defined by instant gratification and a global race toward digitalization, programmers have been pressured to prioritize functionality over safety, which, in turn, increases the probability of miscalculation. This is what security professionals call the eighth layer, or the error between the chair and the keyboard.

This hacker mindset, which assumes the presence of human error, is continuously in search of vulnerabilities within the existing normative procedures that guide security practices.

Q: The company started off oriented toward startups. What unexpected sectors have since emerged as growth targets?

A: Although our focus was initially centered on startups, new market opportunities incidentally sprang up, coming to us directly. Among the first were software factories with servers that store codes and data for large third-party corporations. They have had to build a security infrastructure to maintain these client relationships. This has been in addition to traditional consulting companies that have had to digitalize over the past years, and since their business models are premised on the generation of data, security infrastructure is saliently important. Ultimately, in the age of digitalization, regardless of permanence, any service company that uses information now requires a security infrastructure. This includes the public sector.

Within all these market niches, Hackmetrix has acted as a partner to these unspecialized small and medium-sized businesses by providing them with simple added-value security solutions according to their business needs. Hackmetrix’s portfolio has grown significantly over the past two years in unexpected ways.

Q: Mexico’s Fintech Law and Chile’s RAN 20-10 require companies to have a security committee. What functions and responsibilities should companies consider in this regard?

A: The most valuable information in the 21st century is data-generated insight, which is derived from personal information. Since federal governments recognized that this information can and has been weaponized, there has been a concerted effort on their behalf to protect consumers, placing new security standards on businesses of all sizes. However, small and medium-sized companies often cannot compete with the security budgets of large corporations, such as Santander or Softbank. The infrastructures of SMEs and large corporations are inherently different. Large corporations have a much larger attack surface compared to small businesses; therefore, security measures should be proportional to the risk-level and size of the company.

Q: Hackmetrix recently raised US$1.5 million in venture capital. How will the company use these funds?

A: Our main objective is to expand our business, starting with aggressively scaling within Mexico and then across Latin America, looking squarely at Colombia. This effort will be driven by an extensive marketing campaign and producing specific security solutions for the small and medium-sized businesses within the Mexican market. In numbers, we are looking to grow our client portfolio to at least 150 clients in 2022. In five years, our goal is to be the principal cybersecurity company in all of Latin America, from Tijuana to Tierra del Fuego.

Hackmetrix, established in 2017, offers cybersecurity services oriented specifically toward startups.