'I was already a hacker at ten years old in my pueblo'

María Rojo (Aranda de Duero, 1984) is one of the few, very few women in charge of a cybersecurity company in Spain. She is the founder and CEO of Enthec Solutions, a cyber intelligence firm that has just closed investment deals amounting to 1m euros. The pandemic turned her into a digital nomad and she has been living in Coín for nearly one year. From there she heads up her company and also another non-profit initiative: We Are Cyber Girls, an association that seeks to break down stereotypes associated with the cybersecurity industry, bringing it closer to schoolgirls and young women to encourage more women to opt for this profession.

–When did you move to Malaga province, to Coín, and why?

–I've been here since August last year. Coín was the only place where I managed to find a rental house that we liked and from which we would not be kicked out in summer. And we love it! I lived in Madrid for 18 years (too many) and, coinciding with the start of the pandemic, I created my company, Enthec Solutions, which operates 100% via teleworking. So I said to myself: why can't we enjoy this too?

–What started your passion for cyber security?

–I started very young on PCs, at the age of eight. I was an absolute terror at school, a teacher's worst nightmare. I was so bored! When I got home I would take stuff apart. My brother lent me his computer, I think he did it to stop me wrecking his Walkman.

–What did you use the computer for?

– I had a ton of video games, but they took an eternity to load. So I went to the black screen to see what it did. I discovered the Help command, I learned to add more things... A year later the internet arrived, those routers that made horrible noises and you paid by the hour. I discovered what was called the BBS (bulletin board systems), which were the precursor to chat forums and social networks. People posted all kinds of text files there.... That was the birthplace of the world of 'hacking'. I didn't have a clue what I was doing; I just wanted free internet. If you read some of the accounts of that time, you will see that there was a 'hacker' who was never uncovered. That was me, a 10-year-old girl from a town in the back of beyond!

–What name did you use?

–I will never tell!

–Did you have any run-ins with the law in those early days as a hacker?

–Once, when I was 12 or 14 years old, officers from the Guardia Civil knocked on our door. They asked my mother: "Ma'am, do you have a computer at home?" She told them yes, but that it was me who was using it. Imagine that big tough guy towering over a little girl. He leaned in and spoke to me, wagging his finger: "Don't do it any more." I'm still wondering what I must have done right to have had that good man come to my house.

–During this time is when you learnt programming?

–I created my first web page when I was 9 or 10. It was about Stephen King. I would post synopses of his books and the site received a ton of clicks. I'd started with pure HTML, it was all that there was. Very clunky. I kept on learning and advancing on my own; there was nothing like it at school.

–And from there, off to study computer science ...

–First thing I did was a training course and, at the same time, I started working in a financial markets company. Later I went to University, combining my studies with other jobs in Santander Bank, Indra, BBVA...

–You started working in cybersecurity when it didn't even exist as a department?

–I have never worked as a programmer; I'm not that organised. I have always been in areas connected to innovation. Cybersecurity did not exist. I went to Indra because they set up a cyber department, they had a SOC (Security Operations Centre), but nothing else. Three of us started as the 'cats' hunting down the 'mice'. I specialised in hacking mobile applications. From there I went to BBVA, then to Airbus' military section. They let me do whatever I wanted in the area of innovation. But, in the end, I decided that working for a big company was not for me.

–So, you set about creating your own company, Enthec Solutions. The company is described as 'deep tech'. Can you explain what you do in layman's terms?

–Picture the castles from 'Game of Thrones'. That is conventional cybersecurity. We build thicker and thicker walls and add more guards. But the bad guys end up getting in. Why? Because the guy with the keys has his keys stolen. Or because you don't realise there's a hole in one of the walls. What have we forgotten? The watchtower, which warns you where the attackers are coming from. That's us. Our competition is in the USA and Israel. We have robots 'sniffing' out information about our customers on the general internet, the deep web and the dark web. We have artificial intelligence engines that filter all that information and show the client everything that could pose a risk to them.

–Tell me about We Are Cybergirls, your other brainchild.

– I met three 'startup' founders in the Incibe fast-track programme. We ended up talking about the low female presence in the sector and decided to do something about it. And so the association was born. We work with girls from 9 to 15 years and try to remove the stigma that cybersecurity is, firstly, something for guys and, secondly, for weird people. We organise very lively workshops in which they get to see it all: hacking mobile phones, social engineering, tracking personalities through social networks, 'malware', viruses... Last weekend we held the first Cyber Girls Day in Malaga and it was a total success.