Cycura's Chief Technology Officer, Joel Eriksson, operates on a completely different plane than most CTOs.
Mr. Eriksson understands both computer code and the inner workings of the operating system that are in use today. Most importantly, to truly understand IT security, his first instinct is always to delve deeper.
It is this profound understanding of cyber security that drives him—and is a huge benefit to Cycura clients. It’s the difference between “What do I want to know?” and “What do you want me to know?” He has been working in the IT security field for 19 years.
Mr. Eriksson’s specialties include: vulnerability research, including “zero-day” vulnerabilities
; application security assessments; source code review of systems with very high security requirements, including embedded and mobile-oriented systems (both on the application-OS side, the baseband, secure bootloader and TrustZone apps
); reverse engineering, exploit development [think of an exploit as a door for hackers]; malware analysis; and systems development. He is quickly able to identify flaws and potential solutions in systems, from the design level down to the raw bits-and-bytes.
Mr. Eriksson also understands cryptography on a level that allows him to discover common flaws in cryptosystems, and what kind of cryptographic primitives should be used and which ones should be avoided. Today, cryptography
is basically a mix of math and computer science.
He is always on the lookout for expertise within vulnerability research, exploit development and reverse-engineering, both in Sweden and internationally.
He obtained a perfect test score (36/36) using just half the time allotted for Raven's Advanced Progressive Matrices, set II
, an intelligence test for Mensa
, the society for high intelligence. The tests were originally developed by John C. Raven in 1936. In each test item, the subject is asked to identify the missing element that completes a pattern. Many patterns are presented in the form of 3 x 3 matrixes, giving the test its name, and are essential to both cracking malicious code and building very secure code.
To keep learning, to challenge himself, and to have fun, Mr. Eriksson regularly participates in international security and cyber hacking competitions, both individually and in small teams.
In the individual category, Mr. Eriksson was the winner of Boxen in November 2015, a Swedish challenge for IT professionals. More than 170,000 people have attempted the challenge, and so far only three people have completed it. He won SweCTF in 2015 and the Black Knight challenge in 2013 [nSense].
In the team category, Mr. Eriksson’s team placed fifth in the DefCamp finals in Romania in November 2015, second in Codegate Quals (2014), third in the SECUINSIDE Finals in South Korea (2013), fourth in 30C3 CTF (2013), and sixth in 6th Codegate CTF Finals in South Korea in 2014. In 2011, he and his team mates in HackingForSoju won PlaidCTF
, which involved solving challenges related to exploit development, reverse-engineering, forensics, and cryptanalysis.
Always first in line for a challenge, Mr. Eriksson quickly became immersed in Cicada 3301
, a month-long, international hacking puzzle on cyber steroids, in January 2012. He did solve the puzzle
, but time zones got in the way. There was a second Cicada puzzle in 2013. The two most puzzling questions that still remain about Cicada 3301 are: Who is behind it? And why? Speculation has ranged from a recruiting test for the CIA
, or Britain’s MI6
, to Microsoft. Or, it may be a group affiliated with the crypto anarchy movement. It could even be linked to organized crime and left-wing religious groups. To-date, no one has claimed authorship and so the mystery continues.
In 2011, Mr. Eriksson founded ClevCode, a company focusing mainly on vulnerability research, exploit development, and reverse-engineering. He also started a blog
with the same name, where he has published write-ups on some of the challenges he has participated in since then.
In 2007, he spoke at BlackHat Europe
, BlackHat USA
, DefCon and UNCON on the subject of “Kernel Wars”—kernel-mode exploitation
[kernels are key parts of a computer’s operating system]. In 2008, he spoke at the RSA Conference about "Hacking the Hacker.”
In 2006, he co-founded Bitsec and served as its Chief Technology Officer until 2011. Many of Bitsec’s clients are in the military and intelligence sectors. In 2003, he co-founded Bitnux and served as its CEO.
He started freelancing in 1996 for IT security, systems administration, and systems development.
Mr. Eriksson lives in Uppsala, Sweden, and started writing computer code at age seven—an autodidact. He has a degree in computer engineering from the University of Gävle, Sweden; he also studied natural sciences at Polhemsskolan, Gävle, Sweden. He speaks Swedish, English, and is now learning Japanese.
Call Joel Eriksson at +46.760.152.942 or email firstname.lastname@example.org