S21sec: the ethical hacking pioneers noticed by Thales Group

Interview with Igor Unanue, CTO de S21sec

S21sec was one of the first companies to use ethical hacking techniques. They were born in the middle of the bursting of the dotcom bubble, but it didn’t take them long to make the market understand the importance of cybersecurity and the capacity and specialization of their professionals. They were born in Donostia-San Sebastian, but the financial support of the Navarran Administration led them to change their headquarters to Navarra a few years later. Recently, the Thales group became interested in the potential that S21sec’s cybersecurity line could offer them in the event of an acquisition. The group closed the purchase in October 2022 and the integration has been exemplary, according to Igor Unanue, the firm’s CTO.

What is the origin of S21sec? What were the early years of this firm like?

S21sec began operating in 2000 in the field of cybersecurity. At that time it was not yet known as cybersecurity, but IT security. We started with hacking techniques, which was completely new at the time. There was no other company that offered hacking services to attack companies and discover their vulnerabilities. The idea came from Miguel Fernandez, comany’s founder, and the firm was initially located in Donostia-San Sebastian. We brought people from different regions of Spain to San Sebastian and that’s where we started to grow.

So your value proposition was to use hackers to improve security systems?

Exactly. At that time, yes. At the beginning we hired people specialized in cybersecurity who knew how to perform hacking techniques. They were able to access company servers without any previous data, just with their name and website. We tried to access their internal networks and in most cases we were 100% successful. We even accessed the president’s PC if necessary. We would put a photo on it and that was proof that we had gained access. That was what they were buying from us, to detect vulnerabilities and then implement corrective actions. This was one of the services we offered, but we also provided advice on the implementation of security systems.

In 2006, Sodena became one of your shareholders. It injected 6 million euros, an operation that facilitated the start-up of a security operations center and an R&D&I center. How do you assess this initial boost and the public-private collaboration in the region?

This operation was very important. It allowed the company to start R&D projects. We have always carried out innovation policies, but we did not have a center as such, a cybersecurity research laboratory. We set up our first center in Spain here in Pamplona, in Navarra, with the support of the government. And it was really a very important leap to make the company grow in cybersecurity projects that have later led to services and technologies that we use for those services. Public-private collaboration always helps.

They were also very positive years . Between 2006 and 2012, the workforce doubled and turnover increased 20-fold. How do you remember those years? What aspects led to this rapid growth?

The context was very positive, because the rise of the Internet, especially in the business environment, made cybersecurity more popular. The more we use the Internet to do business, the more threats are going to emerge and this is going to require more cybersecurity.

Those years in particular saw the boom in products such as online banking. We already had a lot of experience in security in these environments, so we grew naturally hand in hand with the big companies that were moving into these areas.

Subsequently we have continued to grow, albeit in a different order, but we have done so because the economy continues to grow. The cloud is now boosting and this makes the business grow in this segment as well.

Recently, the French multinational Thales closed the acquisition of the company. How has this integration process been? How has S21sec fitted into the strategic plans of this multinational?

The integration is going very smoothly. We have not performed a total integration. S21sec continues to offer its services in the market. We have integrated certain parts of the company, for example in areas such as accounting, but we continue to operate under our S21sec brand. And the idea is to continue the same, because the Thales brand in the field of cybersecurity in Spain and Portugal does not have the visibility that we have.

So I understand that for the next few years you still have your own business plan.

That’s it, we are continuing according to plan. The only modification is that we added the Thales market, their customer portfolio, which is very important for us. That is obviously already included in our plan.

Let's also talk about the future. In the year 2000 there was not even the concept of digital identity. Where can cybersecurity trends go now that cybercrime has become almost a business and any type of small business, no matter its size or sector, can be the target of a cyberattack?

The context has changed a lot. In 2000, when we were starting out, there were hackers, but right now there are no longer individuals, but entire organizations that work using hacking technology. And they make a lot of money. That is a problem, because it leads us to think that, in the future, these organizations, the gangs, will continue to grow in the market and will use new methodologies and techniques, to get more revenue.

Today, for example, ransomware is being widely used and we foresee a very high growth because it secures a lot of money for the gangs. Currently, organizations encrypt data and then ask for ransom, but there are other ways that are being explored and that are obtaining more revenue.

One technique that is working well now and we believe will continue to grow is the threat of making information public. So the gangs infect the company with ransomware, obtain its information and threaten to make it public, ensuring a double ransom. One is for decryption and the other is for not publishing your information.

Talking about Navarra, the digital transition is one of the cross-cutting vectors of the Smart Specialization strategy of the region. What is your diagnosis of the progress of the ICT industry here?

I know of initiatives such as the Atana Cluster and the Innovation Pole, which are working quite well. I believe that ICT here is growing because there are a multitude of sectors and very important multinationals operating here, which means that ICT companies working with them are growing. Navarra is a small territory, but it offers diversity, which allows ICT to grow. But it is important that we support these starting companies to make them grow.

One of Navarra's main competitive advantages is talent and universities. Do you think Navarra is competitive in this area and has room for improvement?

No doubt about it. Navarra has good universities, they have always been very prestigious. I believe that Navarre has reached an important development in the fields of telecommunications and information technology. We work with the talent here because of that, because Navarra has always had good talent. We have incorporated them in R&D projects and we have worked very well with them.

We have talked about the strengths, but what tasks are still pending for the Comunidad Foral to become a benchmark in the ICT field?

I believe that one of the areas that still requires progress is investment support. Investment is important to get ICT companies to grow. Otherwise, it is not easy. We need to look for more support in the form of subsidies and direct aid. In infrastructure, however, I think we are doing very well. We have good networks and communications, a suitable environment for ICT companies to grow.

Igor Unanue
CTO at S21sec