Chema Alonso

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article may incorporate text from a large language model. It may include hallucinated information, copyright violations, claims not verified in cited sources, original research, or fictitious references. Any such material should be removed, and content with an unencyclopedic tone should be rewritten. (December 2025) (Learn how and when to remove this message) This article contains wording that promotes the subject in a subjective manner without imparting real information. Please remove or replace such wording and instead of making proclamations about a subject's importance, use facts and attribution to demonstrate that importance. (December 2025) (Learn how and when to remove this message) This article contains weasel words: vague phrasing that often accompanies biased or unverifiable information. Such statements should be clarified or removed. (December 2025) This biography of a living person needs additional citations for verification. Please help by adding reliable sources. Contentious material about living persons that is unsourced or poorly sourced must be removed immediately from the article and its talk page, especially if potentially libelous. Find sources: "Chema Alonso" – news · newspapers · books · scholar · JSTOR (November 2025) (Learn how and when to remove this message) This article contains promotional content. Please help improve it by removing promotional language and inappropriate external links, and by adding encyclopedic text written from a neutral point of view. (November 2025) (Learn how and when to remove this message) (Learn how and when to remove this message)

Chema Alonso
Alonso speaking at a cyber‑security conference (2019)
Born	José María Alonso Cebrián 1975 (age 49–50) Madrid, Spain
Alma mater	Polytechnic University of Madrid (B.Eng.) Rey Juan Carlos University (M.Sc., Ph.D.)
Occupations	Computer‑security researcher; technology executive
Known for	ElevenPaths; FOCA metadata tool; Latch app; Cloudflare executive
Awards	Civil Guard Cross of Merit (2017); Forbes World’s 50 Most Influential CMOs (2022)
Website	elladodelmal.com

José María "Chema" Alonso Cebrián (born 1975) is a Spanish computer‑security researcher and technology executive. He founded Telefónica’s cyber‑security unit ElevenPaths in 2013 and later served on the executive committee of Telefónica as Chief Data Officer and Chief Digital Officer (2016–2025).^[1][2]

In August 2025 he joined Cloudflare as Vice President, Head of International Development.^[3][4] Alonso is a frequent speaker at international security conferences (including Black Hat, DEF CON and Troopers) and is associated with research and tools such as the FOCA metadata‑analysis suite, the Latch “digital padlock” app, and work on connection‑string parameter pollution.^[5][6][7]

Alonso was born in 1975 and grew up in Móstoles, in Spain’s Community of Madrid.^[8][9] He holds a B.Eng. in Computer Systems Engineering from the Polytechnic University of Madrid and an M.Sc./Ph.D. in Computer Security from the Rey Juan Carlos University.^[10][11]

In June 2013 Telefónica created the cyber‑security unit ElevenPaths and appointed Alonso as its chief executive; the new unit drew staff from his earlier consultancy Informática 64.^[12][13] At ElevenPaths he increased awareness about tools and products such as the FOCA (Fingerprinting Organizations with Collected Archives) metadata‑analysis suite,^[14] and Latch, a mobile “digital padlock” that lets users toggle access to online services.^[15]

Alonso joined Telefónica’s executive committee in 2016 as Chief Data Officer, later serving as Chief Digital Consumer Officer and then Chief Digital Officer.^[16] In this period he spoke publicly about returning control of personal data to users and Telefónica’s “fourth platform”.^[17] From 2023, he was a prominent executive voice around the GSMA Open Gateway programme, which exposes standardised network APIs; Telefónica and the GSMA announced deployments and partnerships during MWC Barcelona.^[18][19]

Telefónica was among the first large companies affected when the WannaCry ransomware attack began on 12 May 2017.^[20]

In August 2025 Alonso joined Cloudflare as Vice President, Head of International Development.^[21][22] The move was followed by his resignation, after two weeks, from an advisory role on artificial intelligence at Spain’s Technical Committee of Referees (CTA).^[23]

• DirtyTooth (2017): co‑disclosure of a Bluetooth issue affecting iOS whereby a paired speaker could switch from A2DP to PBAP and exfiltrate contacts without user awareness; presented at ToorCon 19.^[24][25]
• RansomCloud (2017–2018): a proof‑of‑concept demonstrating how a rogue OAuth application could encrypt email in cloud services such as Office 365 in real time; later popularised in demos with Kevin Mitnick.^[26]

Alonso has appeared frequently in Spanish‑language media to explain cyber‑security topics, including demonstrations on the TV show El Hormiguero.^[27] He also hosted the 12‑episode web series Risk Alert (Atresmedia/Flooxer, 2018).^[28]

• Civil Guard Cross of Merit (Distintivo Blanco, 2017).^[29]
• Doctor honoris causa, Rey Juan Carlos University (2020).^[30]
• #16 on Forbes World’s 50 Most Influential CMOs list (2022).^[31]

• Telefónica
• Cloudflare
• DEF CON
• Black Hat Briefings

• Official website