Hi, everybody, Ed Amoroso here, and for today's video interview, I have a long time friend and colleague of mine. His name is Roger Piqueras Jover, did I say that right? >> Yes, yes, very good. >> Roger is a cyber security researcher and security architect at Bloomberg. >> Yep. >> That's a great job wow! >> Yeah, it's pretty cool. >> It's two different jobs, same jobs or? >> Yeah, I kind of do like both things. I do researcher like kind of open-ended projects and also I do things that are more like close-ended like specific like security architecture. >> Now lets go all the way back. Tell us a little bit about how if you got interested in technology, and how did you get to the point you're at now? >> Well my grandfather would say that when I was a kid I was very interested in like machines. Trains and cars and trucks, the bigger it was and the more noise it made, the more I liked it. And I also started playing with Legos very, very young. My parents were afraid that I would actually swallow the little pieces because they recommend. There's an age on the box that says like 3 to 7 years and I was away playing with ones for 12 year old. But technology itself I would like to say, you have to fast forward a bit to when I was an undergrad, I was never a teenager. There wasn't teenagers that I heard and learned coding, Then one day at 15, I was not like that, I was playing soccer and video games. But when I went to undergrad, didn't really know what to study, I knew I wanted to do engineering but I didn't know what type. I ended up going for electrical engineering and I remember one day that changed my life. That is the day, so the first year of my undergrad was mostly like math, physics, very basic math and physics. But on the second year, I started having more specific things like wireless communications, like things like that. I remember the day that I learned the Fourier transform. And I understood how a radio in the car works and those numbers on the radio of the car. And how you can separate things or plug things in frequency as opposed to in time. And that kind of like blew my mind, and that day I knew I was in the right place. And ever since then I've been very happy in terms of technology and what not. >> That's fantastic, wireless has been an area you've been particularly interested in. >> Yeah, you're correct. >> Did you ever predict that it would become as important? This mobility's going to change the world the last ten years from now. >> Yeah I know, when I was an undergrad. So when I started as an undergrad, people say I look young, but I'm not that young. When I started as an undergrad, a friend and I did not have a cell phone, which would be unthinkable today. I think I had my first cell phone when I was in my third year of undergrad. So people would make fun of me because I was learning how to cell phones work but I didn't have a cell phone myself. But now back then I was not even aware how I wouldn't even imagined that a cell phone would be something that would be so. You cannot walk out of your apartment without your phone. Back then actually when I got my first cell phone, I didn't really want to carry it sometimes I would leave it at home. And my girlfriend at the time and also my mom, they were complaining because they couldn't reach me. But now, if I leave my phone at home, I literally freak out. So no I would have never expected things to end up the way that they did. But I'm happy that I ended up in the right place yeah. >> kind of data security, the intersection of wireless, and mobility, and security has been particularly fruitful, right? And we've been look at those threats a long time. >> Yeah, that was pure chance, my background has always been wireless communications, processing, networking, things like that. And then, fast forward a few years, and I got an offer to go to work for AT&T at a security research lab. And they just told me you know very well how cell phones work and cellular networks work, can you come with ways to make it not work? And I was like I guess I could do that and that's how I got into security. But it was pure chance, I was not really ever thinking about working security. And again,same story again it just the right place to be because now mobility and security are two of the biggest things happening right now. >> Do you worry about threats and mobility? Do you think that it's a maybe a potentially consequential area? >> So I've done a lot of work on mobile security and I've seen a lot of things so people ask me, should I be afraid of using online banking on my phone, things like that. So I always think that I'm like a nobody, so I shouldn't be to concerned about what's going to happen to my phone. But for example I don't do mobile banking on my phone really. No, maybe I would, but I definitely would not do it on my phone in GSM, for example. That's what I tell everybody. The only moment you should really be concerned is in terms of somebody, intercepting your traffic or like doing something other than blocking the cell service. If you're concerned about somebody stealing something from you, I would just say be careful when you're going to the GSM. Other than that I'm not too concerned but again, it's because I'm a nobody. If I was the President of the US, I will definitely not use an Android phone. >> [LAUGH] >> Like I've heard he's using but that's a different topic. >> I've heard as well. [LAUGH] So the progression kind of from early generation mobility. >> Mm-hm. >> 1G, 2G through GSM and other, say 2G, 3G kind of progressions to LT and 5G. It seems like the security literarly ramps up with each generation, am I reading that right? >> Well so whenever I give a talk about my research, I always have the same slide at the beginning that kind of gives a timeline of security. >> Getting better each step. >> in the line I work. >> Yeah. >> And I have a thing that highlights in the first generation of mobile networks. There was not even support for encryption so I always argue that we were not off to a good start. In 2G there was encryption, but the G is very well known, there was only authentication from the network to your phone. So you claim that you are any provider, and the phone believes you, and you can do a lot of bad things. And then it became very well known that you could do instant caching and other things on GSM. 3G so bad, there's mutual authentication, strong encryption, same with LT. And then, although it's much better, and it's definitely been getting better, I always kind of like, what one of the. I have a slide that kind of quotes myself, that's a funny story. >> [LAUGH] >> Because once I gave a talk and I made a statement, and somebody told me, you should actually quote yourself on that. So now in my talks I always quote myself on that, which is something, I forgot the specific quote. But it's something like that, although people assume that in LT all these problems don't happen. That you won't have instant caching, you can have railway stations, you actually can. You cannot really do a full man in the middle connection. But essentially any LTE device will exchange a substantial amount of messages with anything that came through an LTE based station. And although eventually there will be an authentication handshake, and there you will see, no, that's not a railway station. Until that moment it's about messages going back and forth, and you can scoop them, tweak them, change them, do lots of things. You can denial the service on a phone. >> Denial of service, clearly. >> You can block the phone and you can cache the entries. You don't need to be in GSM to do any of the caching. So definitely security has gotten much, much, much better, but I always say, and I've been talking with some folks at the FCC. I always tell them that I still believe there's a lot of work to do. >> Do you have confidence that encryption can't be defeated, do you think that's okay? >> I'm not a cryptographer myself, and I don't know that there's been any partial breaks of the encryption. >> That's rarely the weakness, right? >> Yeah. >> It's usually the protocols around thngs. >> Yeah, so now I've been working security for almost eight years. And my experience tells me that crypto is usually what does not break. >> Right. >> It's like really, really smart people working many, many hours on designing things that I barely understand. I always get to the slide with Alice and Barbara and once they go past that it's like okay whatever. I trust you, but usually that's the part that stands, that doesn't really break, usually it's other things. In this case, for example, I'll go into the same example. Encryption is very strong, but the problem is before you do encryption, the phone will blindly trust anything that comes from the network. So you have to, before we actually started as an encryption between you and I, we have to introduce each other. You say you're Ed, and I say I'm Roger. Well you, if you were an LP point, if I tell them my name is, I don't know, Michael Jackson, you will be, okay and you'll believe me. And that's the problem, before you actually do the crypto, which hasn't been broken, that's when they should ask. >> That's interesting, we have a lot of young people who are part of our learning community here. What advice would you have for them? They're probably watching, saying wow I would love to be a security researcher at Bloomberg. If you were sitting with them right now, what advice would you have? Say for somebody maybe in high school or early college years, what would you tell them? >> Well from high school, I think that I would say is that when I was in high school, I had a lot of good friends that were classic stories. Somebody who drums off high school because they think it's not going to be useful, and whatnot. I have to say, as of now, I'm still grateful and lucky that I worked hard in high school. You can work hard in high school and still play soccer in the evening, I play video game. I played a lot of video games. And that definitely helped me to do a good job in undergrad and definitely going to college. If you want to work in technology, going to college is very, very important. I'm not saying that you cannot learn things on your own. I actually today I'm learning a lot of things I never learned by just reading books. But college is definitely something that is very important that prepares you for a job in technology. And I would also encourage people to go to grad school. Because that exposes you a little bit to research. In college or in high school you have a class, you learn a topic. And then you have an exam and everything. You have a lot of like, everything is well-directed, you know what you have to do. In grad school, once you get involved in research, it's more like, well this topic, there's this area. There might be issues that you can find something to do. So it gives you more, you learn to be independent and to like single out and analyze world problems. And I think, although this might sound contradictory, I think that when you're in college and grad school. And you're done with your classes where you're learning things, that's when you learn to learn things the best. Like you're facing a problem, a new area, you don't know about something, you have to get a book, read related papers and learn things. So I would definitely encourage people to do that. I'm happy that that's like the path that I like, so. And everything for me was like out of chance. When I was finishing undergrad back home in Barcelona, I was not [INAUDIBLE] to go to grad school. But a friend of mine who I'm still friends with, he lives in New York. He told me that he thought it would be a good idea for me to apply for a scholarship, do some grad school. And so I applied, and actually I got the scholarship, and that's what brought me here to the US. So I don't know, I would say you should try to think what you want to do and find things that are fun to do. One thing that I'm very happy is that I really enjoy my job. >> Mm-hm. >> And it's not a common thing, but I feel that I've reached that point because I kind of explored the path. I went to college, then grad school, I tried different things and I don't know, eventually things worked out. >> It's a great story, great advice, thanks on behalf of our whole group, our whole learning period. Thanks for stopping by NYU here. >> You're welcome, no problem, I love coming here. >> It was great to see you Roger. >> Great to see you. >> Thank you very much. >> No problem. >> We'll see you next time.
