Open main menu

Christina Kubecka[1] is an American, computer security researcher, and cyberwarfare specialist. In 2012, Kubecka was responsible for getting the Saudi Aramco network back up and running after it was hit by one of the world's most devastating Shamoon cyberattacks. Kubecka also helped halt a second wave of July 2009 cyberattacks against South Korea.[2] Kubecka has worked for the US Air Force, and the United States Space Command and is now CEO of HypaSec, a security firm she founded in 2015. She lives and works in the Netherlands.


Early lifeEdit

Kubecka's Puerto Rican mother became a robotics programmer and would take Kubecka to work with her because "she didn't have money for daycare". Kubecka said she "fell in love with programming" when she programmed a haunted house on the screen to say "boo". She continued learning how to program but at the age of 10 got into trouble when she hacked the US Department of Justice, then "was not allowed to use computers until she was 18," after which she was recruited by the US Air Force.[3][4][5]

Saudi Arabia security workEdit

In 2012, Kubecka became famous for rebuilding Saudi Aramco's network after it experienced one of the worst hacks in history. The Saudi Aramco network was flat and the hackers were able to roll through quickly and easily, hitting and infecting about 35,000 computers.[6] Kubecka was contacted by a Saudi Aramco rep and asked to come to Saudi Arabia. After a brief negotiation, Kubecka put together a team of experts and went to Saudi Arabia to rebuild the large oil company's network from scratch.[7][8][9] Facing the emergency and immediately following the hardware attack, Saudi Aramco was able to purchase 50,000 computer hard drives to save their company and to bring their business functions back up.[10]

In 2014, Kubecka worked to fix a ransomware attack on the Saudi Arabia Dutch embassy.[11][12]

After the hacks, Saudi Arabia and Saudi Aramco made security a top priority. Stanford University signed an MoU (memorandum of understanding) with one of the security colleges of Saudi Arabia in 2018.[13][14][15]


She worked for Saudi Aramco until mid-2015 when she founded HypaSec.[16] Kubecka is considered an expert and presents at conferences on security information and event management topics.[3][17] Kubecka was the keynote speaker at a security conference in London in 2017.[18]


  • Down the Rabbit Hole An OSINT Journey: Open Source Intelligence Gathering for Penetration Testing (2017)
  • Hack the World with OSINT. Learn how to discover and exploit IT, IOT and ICS SCADA systems with ease (2019)


  1. ^ "SANS Institute: Summit Archives". Retrieved 2019-09-07.
  2. ^ "PSU@Shamoon". Retrieved 2019-09-07.
  3. ^ a b "APPSEC Cali 2018 - Women In Security Panel". March 19, 2018 – via Internet Archive.
  4. ^ "Paul's Security Weekly #498 - Chris Kubecka, HypaSec" – via
  5. ^ "How A 10-Year-Old War Dialer Became A Top Cybersecurity Expert". July 11, 2019.
  6. ^ Jose Pagliery (2015-08-05). "The inside story of the biggest hack in history". Retrieved 2012-08-19.
  7. ^ "Black Hat USA 2015 Highlights". The State of Security. August 11, 2015.
  8. ^ "Black Hat 2015: Rebuilding IT security after a cyber disaster". Retrieved 2019-09-07.
  9. ^ "Shamoon – Darknet Diaries".
  10. ^ Pagliery, Jose (August 5, 2015). "The inside story of the biggest hack in history". CNNMoney.
  11. ^ "Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security". CyberScoop. August 8, 2019.
  12. ^ J.M. Porup. "Inside the 2014 hack of a Saudi embassy". CSO Online. Retrieved 2019-09-07.
  13. ^ "Prince Mohammed bin Salman College of Cybersecurity and Stanford University Sign MoU The official Saudi Press Agency". Retrieved 2019-09-07.
  14. ^ Yang, Daniel; Knowles, Hannah (April 25, 2019). "Despite political tensions, Stanford's Saudi partnerships continue with little scrutiny".
  15. ^ "Prince Muhammed Bin Salman College signs key pact with Stanford University". Saudi Gazette. Retrieved 2019-09-07.
  16. ^ "Ladies in Cyber Security by DefCamp".
  17. ^ "28c3: Security Log Visualization with a Correlation Engine". December 29, 2011. Retrieved 2017-11-04.
  18. ^ "Cybersecurity pros: We'd help the government, but can't". Sky News.

External linksEdit