Hacking the Future: How Juan Turned Childhood Curiosity into a Cyber Career 

In line with Echelon’s value of People with Personality, we are excited to continue our Cybersecurity Champion series, where we spotlight the incredible individuals who make up our team. Each month, we share the stories of professionals whose talent, dedication, and unique perspectives help keep organizations secure. 

Meet Juan Hernandez, an Offensive Security Consultant at Echelon. His path into cybersecurity began with a fascination with hacking, as seen in movies, and grew into a career built on skill, resilience, and a passion for solving complex problems. From government roles to international consulting. Juan’s journey is proof that determination and curiosity can open doors to unexpected opportunities. 

1. What initially drew you to cybersecurity, and how did that lead you to Echelon? 

   JH: The topic of hacking had been a dream of mine since childhood. I used to watch movies with those black screens and green letters, where characters talked about vulnerabilities, exploits, and firewalls, and I thought, That’s so cool! I want to do that someday.
   
   In university, I learned that there were companies hiring hackers to assess the security posture of other organizations. During that time, I received a scholarship to study in France and was fortunate to attend the only school in the country at the time that trained hackers.
   
   When I returned to my hometown of Tabasco, where offensive security was practically nonexistent, I worked for the state government for a couple of years before moving to Mexico City. There, I found a position at Deloitte for entry-level consultants, and that’s how my career began. Eventually, that path led me to where I am today.
    

2. Are there any cybersecurity trends or emerging technologies that you are particularly excited (or concerned) about, and why? 

   JH: Artificial intelligence is something that excites me and concerns me. I’m fascinated by how many tasks it can perform. For example, creating a script for a web application test might take me one or two hours, but with AI, I can do it in 15 minutes or less.  At the same time, I’m concerned about how malicious actors are using AI to refine attacks, create new tools, or identify vulnerabilities more quickly. It’s powerful.
    

3. What is one piece of advice you would give to someone aspiring to get into cybersecurity today? 

   JH: Take advantage of the many free resources available online before investing in costly courses or certifications. For example, for those starting in web penetration testing, I always recommend PortSwigger, which offers a free course with labs created by the makers of Burp Suite. Once you have a solid foundation and know it’s something you’re passionate about, then it’s worth investing in a certification.
    

4. Are there any tools or techniques you always rely on during a test that you would recommend to others? 

   JH: Burp Suite is an essential tool for web penetration testing. It’s a Proxy that allows you to capture, analyze, and modify HTTP traffic. I’ve found the Autorizer extension especially useful for identifying Broken Access Control vulnerabilities, which are often critical because they’re easy to exploit and can grant unauthorized access to sensitive data. 
    

5. What is something you have come to appreciate about being part of Echelon?

   JH: I appreciate how Echelon works to integrate everyone as a team. It’s not just about events like Echecon or conferences; it’s also about having the opportunity to participate in different projects based on our interests. 
    

6. You have worked in government, big consulting firms, and international companies. What is something each taught you that you still carry with you? 

   JH: Having worked in government, consulting firms, and international companies, I’ve taken valuable lessons from each. In government, I learned that costly licenses aren’t always necessary; open-source software can be an excellent alternative. In the private sector in Mexico, I discovered the importance of complementing technical skills with strong report writing and clear explanations of test results. From my time in international companies, I learned that there are kind people all over the world.

    

7. Outside of work, how do you like spending your time? Any hobbies or interests that you are passionate about? 

   JH: I enjoy good storytelling in all forms: movies, series, anime, video games, books, and comics. Lately, I’ve also started enjoying hands-on work, doing small plumbing or electrical projects at home.

    

8. What does being a Cybersecurity Champion mean to you? 

   JH: For me, it’s both an honor and a responsibility. It’s a way to share my journey in cybersecurity, offer practical advice, and encourage others who are just starting.