RootedCON 2026, in its 16th edition, took place from March 5 to 7, in its usual venue at Ciudad de la Imagen, Kinépolis in Madrid, a cinema converted into the stage of the largest cybersecurity conference in Spain and the Spanish-speaking world. For three days, it was the meeting point for thousands of professionals, researchers, companies, and enthusiasts.
This year, I had the luck to attend and experience firsthand, together with another 9,000 attendees, this gathering where technology, cybersecurity, and the future are discussed. Based on my experience, I created a video review where there are moments from these days and interviews with organizers, speakers, sponsors, and attendees. Throughout the text, I will be adding links to the interviews, and at the end, you will find the full video.
RootedCON is driven by an independent non-profit organization, made up of industry professionals who, since 2010, have worked to promote the exchange of technical knowledge and the growth of the Spanish community. The first edition was held in 2010 at the Auditorium of the Mapfre Convention Center in Madrid. It had around 300 attendees and about 900 remained on the waiting list. Since then, an annual edition has been held in Madrid. Later, it expanded to Valencia, Málaga, and Portugal.
Its organizers are volunteers who dedicate many hours and passion to the creation of the event. They are highly qualified professionals in various areas of cybersecurity, risk management, software development, communication, and technological innovation. Their experience ranges from consulting and threat management to systems engineering and entrepreneurship, which allows them to bring a comprehensive vision to the conference. I take this opportunity to greet them and mention them: Arantxa Sanz, Román Ramírez, Alberto Rodríguez, Lucas Varela, Omar Benbouazza, Sergio Muñoz, Cristian Cantos, Irene Crespo, Joaquín Alonso, Jorge Martínez, and Miguel da Cruz.
One of the most important parts of RootedCON is, evidently, the content. And to know “first-hand” which were the most represented topics, I interviewed Román Ramírez. The conversation took place in one of the tracks, minutes before one of the afternoon sessions began. I took advantage of the “hacker” atmosphere of the stage, almost cinematic: low light, a projection of the event logo falling on our faces, shadows… we were only missing the hoodie.
He told me that the topics change according to trends, and that this year the most important were AI: more than 30% of the talks had an artificial intelligence component, and more than 20% were purely artificial intelligence. Interest in robots also increased, with 5 talks dedicated to the topic, such as: “Sultan returns: Attacks on the mobile network and the APIs of the military robot,” with Adrián Campazas Vega, member of the Robotics Group of the University of León, and Javier Valer, security researcher and pentester in mobile networks at ETHON SHIELD S.L. On this occasion, they addressed the security of robotic devices. Sultan had already been at RootedCON in its 2025 edition. The third major topic was defensive security: “the blue team beat the red team,” he said.
More than 160 talks were held simultaneously in the Rooted tracks, ROOTED: Hack The Music, and the partner tracks. As a curious fact, I always like to mention that the Rooted tracks do not have a lunch break and are always open. The partner tracks were the following: CRIPTORED, AI, AI & Cyberresilience, ISACA, PROTOCOLO286, PROTAAPP, SECURITERS, DIVULGARTE (Influencers), and ANON. Of course, the expected Hacker Night was not missing.
In an event with so many simultaneous options, it is important to choose a content route according to your interests. My route was focused on digital rights and the impact of technologies on our daily lives. In this way, I was able to navigate this plurality and make the most of the time.
I started with “Inside the Machine: The War on Digital Rights in Europe — and How Hackers Can Save Them” with Patrick Breyer. RootedCON has always positioned itself on the side of digital rights. Already in its 2025 edition, there was extensive debate about La Liga blocking measures, and they even took legal action in that regard; this year was no different. In an era where digitalization is present at all levels, it is important not only to master technical aspects, but also to know how to regulate them in order to use them to our advantage.
Patrick is a German digital rights activist, jurist, politician of the Pirate Party of Germany, and, from 2019 to 2024, a Member of the European Parliament (MEP). He has also been one of the voices warning and informing about the dangers of the so-called “Chat Control,” a European proposal that involved the scanning of private communications and that violates fundamental rights such as privacy and encryption. This regulation did not go forward in the vote held in March 2026. (https://www.patrick-breyer.de/en/end-of-chat-control-paving-the-way-for-genuine-child-protection/)
During the half hour of his talk, he made a call to action for hackers, telling them that: “fundamental rights and fundamental digital rights are at stake, and it is our duty to work to defend them. Not only are legal actions necessary, but also technical ones!”
My next stop was “Digital Legacy: Your Invisible Inheritance That No One Sees Coming,” by Leonardo Amor, a professional with more than 25 years of experience in information security. He is currently CISO at Telefónica Tech, although this talk was not linked to that company. Throughout his presentation, he reflected on something very everyday and for everyone: until recently, we stored our memories in photos, books, and records, but now these assets are digital, and we store them in subscription services, behind encryption and with access through secret passwords. This becomes a problem when leaving them to our loved ones. For this reason, he shared his solution to ensure that our digital assets can be inherited. A very interesting topic because it affects us all closely. However, few people understand that “de facto,” we no longer own that data. You can hear more details in a mini interview I did with Leonardo Amor, afterwards. For more references, you can consult this link: https://github.com/ItalyPaleAle/hereditas
Afterwards, I went to listen to: “It’s not phishing, it’s UX: when design pushes you to malware,” a case study by María Lázaro, Threat Intelligence Analyst at Zynap, and Elena Flores, Head of Product at Zynap. They connect user experience and cybersecurity to analyze how Roblox has created an ecosystem that pushes its players to jump outside the platform, opening the door to stealers, loaders, RATs, fraud, and grooming, without the need for a single technical vulnerability in between. Learn more about one of the speakers in this mini interview with María Lázaro.
I continued my route with Sara Martínez and “TMT: Threat Modeling Testing, from modeling to integration.” Sara has been working for more than 10 years in analysis and quality testing. In her presentation, she proposes to the community the concept of TMT (Threat Modeling Testing), an approach that directly connects threat modeling with technical security testing. From a real case, such as the exposure of sensitive data on the LineLeader platform due to a misconfigured Elasticsearch database, it is analyzed how the absence of tests derived from threat modeling allowed a known threat to end up in a real breach. I know Sara from the Valencia technological ecosystem, where I organized one of her sessions for the WordPress Valencia community; on that occasion, we talked about testing and WordPress. You can get to know her and learn about the community she has in Valencia in this mini interview (Sara Martínez).
I made several essential visits to the Divulgarte (Influencers) track organized by Rafa López and Antonio Fernandes, where influencers from the technology sector participated, and this environment was specifically discussed. They featured María Aperador Montoya, Mario Álvarez Fernández, Thomas O Neil Álvarez, Nacho García Egea, Ramón Carlos Rico Gómez, Daniel López Moreno, Sara Lasso de la Vega, Pablo F. Iglesias – Authority, Reputation and Anti-Fraud, Albert C., Juan Carlos Galindo, Pablo González Pérez, David Padilla Alvarado, Fanny Y. Pérez Santiago, Gustavo Lozano García, Ruben F., Juan García Galera, Alberto López Rodríguez. Listen to Rafa in this mini interview.
I could continue mentioning more presentations, for example: “I’m not lazy, I automate processes: n8n for cyber surveillance” by Pablo Asenjo, or the round table “The fit of people’s rights in the cyber sphere” with Ofelia Tejerina, Luis Fernández Delgado, Simona Levi, Borja Adsuara Varela, Cristóbal Gázquez, Jorge Dávila Muro, or 22,000 Meta ads analyzed: this is how fraud factories operate on Instagram, by María Aperador, or Influencers under attack: Anatomy of a digital hack by Pablo F. Iglesias, but there would be many.
On the other hand, I did not spend all the time in the comfortable seats of Kinépolis. RootedCON is the largest cybersecurity event in Spain, which means it is also the meeting point of the community, an ideal opportunity to follow a networking route. In this way, I greeted acquaintances and friends, bought books, took a photo with Chema Alonso, watched Pablo F. Iglesias record a live podcast, greeted Ofelia Tejerina and Gaby García, conducted interviews, and spoke with Quetzalcóatl Martínez, an attendee from Mexico who brought gifts for Rooted and Chema Alonso—you can see his interview here: Quetzalcóatl Martínez.
Of course, sponsors were also part of my route. I spoke with Tarlogic, Vargroup, Telefónica Tech, collected some merchandising, and had a coffee with croissants at Zepo. And best of all, I interviewed Ovanes Mikhaylov from AnyRun and Beatriz Pimenta from Zynap.
Yes, the hallway networking is also an important reason for joining the event, as confirmed by Omar Benbouazza, one of the organizers responsible for communications, in this short interview.
After three intense days of learning, RootedCON came to an end, once again demonstrating why it is a benchmark in the sector. Once again, it combined a solid technical program, high-level research, and an active community that drives knowledge exchange and anticipates trends, in a context marked by artificial intelligence, surveillance, and the growing complexity of threats. Its content reflected current innovations and challenges in cybersecurity and connected them, as usual, with society. Concern for the responsible use of technology is always a theme that is introduced transversally throughout the conference.
Finally, attendees left updated, with evolving ideas and the certainty that cybersecurity is no longer just a discipline, but a constantly transforming movement that must be part of our lives and our common sense.
Thank you very much for your work, RootedCON. The organization of the next edition has already begun. See you very soon!
Watch the full review:
