At just 21 years of age, the IMDEA Software Institute student David Mateos Romero has been selected as backup of the Spanish team that will compete in the European Cyber Security Challenge (ECSC), from September 13 to 16, an initiative of the European Union Agency for Network and Information Security (ENISA) in which 27 European countries that organize national cybersecurity competitions participate.
It is the largest technical championship at the European level in cybersecurity, in which the best young talents from the different participating countries compete, selected through their different national competitions. The National Cybersecurity Institute (INCIBE) is in charge of organizing a competition every year to select the Spanish team.
From a very young age, David has always liked computers, and his father, computer scientist by profession, instilled this in him. But it was online games that sparked his passion for computer security. When he was about 15 years old, he wanted to win by cheating and for that he needed to know how it worked, its guts. Thanks to high doses of curiosity and Youtube video tutorials, Mateos, from Granada, began to “hack” games.
When he arrived at the University of Granada, he immediately joined the Hacking group (Hackiit), which not only allowed him to meet other students with similar interests and learn, but he also discovered the competitions. Playing with his classmates in competitions such as Capture the Flag (CTFs) is what has allowed him to participate in the national INCIBE competition.
David Mateos’ adventure at IMDEA Software ends in a couple of weeks, he must return to Granada to finish his degree, but his time at the Institute has allowed him to get to know the world of research firsthand and it is clear to him that he would like to dedicate himself in the future to vulnerability research and exploit development (programs to exploit those vulnerabilities). As he says: “What I like most is the creative process of applying the technical knowledge you have to take advantage of a vulnerability and develop an exploit. Many times, you have to know the system better than the developers themselves to find and exploit vulnerabilities”.