Interview with Israel Torres

Israel Torres is an enterprise cybersecurity professional with experience in software engineering, reverse engineering, integration & automation, information systems & technology, research & development, and technical writing. In addition, he has earned and currently maintains three GIAC certifications, GREM, GCDA, GPYC, and is also a member of the GIAC Advisory Board and is actively working on earning the GIME certification.

Professionally, Israel Torres is Principal Malware Research Engineer at SecureMac, Inc. and resides in Mission Viejo, Orange County, Southern California, USA. 

Learn more about him at his personal website and communicate with him at and connect professionally on LinkedIn at - words and opinions are his own.

Tell our readers more about yourself, your background, and your career.

I feel I am an individual with a passion for solving my curiosities, and always learning something new. I started these curiosities with the world of electronics, way before I was interested in computers. I took apart everything I could put my hands on and created quite a number of interesting and questionable things that led me into the world of radio. 

Along the way, I had a number of mentors that brought me closer to the world of computers, computer programming, voice and network communications, information security and plenty of trouble to shake a transistor at. However, the lines were a lot more blurred and gray back in the day. Things were pretty good as long as you left them in the same condition if not better than when you found them. 

I’ve always been a hacker at heart and don’t see that changing, even to this day. Most about me is self-taught, I’ve spent most of my time in libraries when I couldn’t afford books, and now have hundreds and hundreds of books in my personal library to call my own. My father taught me early on that information was power, and before the Internet, you’d get that from reading all that you could get your hands on. 

The most important part of this I’d like to share with the youth of today is to read and understand the basics and fundamentals of how things work before advancing to platforms (both physical and abstract) that have been built for you. Invest time into reading the RFCs, also known as the manuals of the technological world as it was created and runs today. 

Bundled all together, my career has covered too many roles to mention, always touching various facets of information security and cybersecurity, but from each one, I learned more and built from the cumulation and constant refinement of experiences. I can tell you it is true what is said, “Love what you do and you’ll never work a day in your life.”

Could you please tell us what inspires you at work?

My inspiration always starts at the top of the organization, understanding the vision of the leadership.  This empowers me to understand what is needed to get to the next level. This includes my team, who shares the same aspirations of building the future, sharing information with the community, and bringing awareness to enable others to defend themselves successfully. I can tell you that when your organization from top to bottom believes and practices the concept of Docendo discimus - "by teaching, we learn", everyone wins!

This issue is dedicated to ransomware. Would you mind sharing your knowledge on the topic?

I’ve long studied the psychology and technical mechanics of malware, and the drive needed to be emboldened to bring arbitrary and targeted individuals and organizations to their knees with ransomware. What we see today has always been around in one form or another, but organizations were better at hiding it and it was a matter of policies and laws that started to demand transparency that affected the masses. Naturally, as time and technology have evolved, so have the attitudes of individuals and entities on all sides of ransom, blackmail and extortion. It’s especially interesting now with the advent of practical AI operating on both sides of this evolution. 

Who are the targets of such attacks?

Targets can vary based on a number of attributes such as opportunistic low-hanging fruit, to nation state interests. Unfortunately, many small businesses have a set-it-and-forget-it mentality and let their defenses degrade over time and become part of this opportunistic targeting. No one is safe, which is why training and overall awareness is key to help keep these types of attacks at bay. With technology and how prevalent it is today with smart devices and IoT-everything, every individual, not just organizations, should be aware or be made aware of the danger of ransomware and how to defend themselves. Back in the day, we’d joke about computer users needing a type of license to “drive the information highway”, however, all joking aside, it’s coming to the point of where it’s something that is now an eventuality. Perhaps ISPs can create and maintain such a campaign, as this is often the core of where the most opportunistic targets come from.

Why are perpetrators more selective in their targeting of attacks, choosing high-value corporations instead of individual users?

It’s simple really - The larger the organization, the more customers they likely have to protect. 

Examples of how organizations implement more robust backups and incident response plans.

When ransomware hits, it’s not just a matter of being locked out of the data, but now also many concerns of how compromised the organization is. This is where now we are seeing a lot more extortion and blackmail popping up in the evolution of ransomware attacks. Not only is the organization and its infrastructure in trouble, but also its consumers and customers, as well as its partners and aligned business associates. A grave concern is lull time; how long have the attackers been in the organization’s infrastructure prior to detection, if at all prior to the ransomware attack? This is what keeps CISOs up at night, I guarantee it.

How could employee awareness and education initiatives be enhanced to tackle the dangers of ransomware?

Tabletop exercises are really the best way to harvest the gaps in an organization. It always starts with the employees, as this is the easiest way for an attacker to successfully activate their mission. This is really where you find out how complicated things are as teams turn against each other playing the blame game. In a successful series of tabletop exercises, the teams grow stronger, the defenses get better, and the attack vectors lessen. However, this takes years of pounding into shape and gets painful when there’s a lot of turnover, as that’s always a step backwards.

How are periodic backup services adding to a more secure data environment?

As mentioned prior, ransomware is becoming less of locking out your data, and more about extortion on the data found and whom it can affect and why. Additionally, many average organizations may try and do backups all the time, but never test them or try a full recovery. In my long experience, when we’ve run through that exercise there is always failure and disappointment. I certainly advocate running a tabletop exercise on a ransomware attack, or even just a major restoration. Success is often quite low, lots of finger-pointing, and more contempt and cursing than should be allowed.

In summary, what are the best ways to stay secure? Is that possible?

Don’t connect to anything or anyone, including the Internet. Seriously though, weigh the needs of connectivity, IoT and smart device use. Monitor and log your devices and when some type of anomaly appears, don’t count it out. It takes a lot of work to even become aware of all the types of attacks that exist, but it just takes the baddies one time to get it right and it’s game over.

During your career, what has been the most interesting thing you have encountered?

In short, how devious people are at the workplace when they believe they aren’t being watched. 

We would appreciate it if you could share your ideal advice for all those in this field.

No matter how old you are, never stop learning. Take notes, and review them again and again, and learn new things periodically; then incorporate them into what you know already. 

Learn the fundamentals, re-learn the fundamentals. Adopt the platforms out there to what you’ve learned. Figure out how you could do the same by your knowledge of fundamentals. If you don’t understand something, learn it. Build things, learn by teaching. Don’t let hubris get in the way.

With today’s Internet chock full of free information, and even now AI systems, you can have AI explain to you like you are five, it amazes me how folks still prefer to stay in the dark and stare at TikTok all day. If you aren’t learning, your time is burning. 

Thank you for your time and effort.

Thank you for having me!

May 4, 2023


eForensicsmag Team
Notify of

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023