This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article may incorporate text from a large language model, which is prohibited in Wikipedia articles. It may include hallucinated information, copyright violations, claims not verified in cited sources, original research, or fictitious references. Any such material should be removed. (December 2025) (Learn how and when to remove this message) This article is an orphan, as no other articles link to it. Please introduce links to this page from related articles. (January 2026) This biographical article is written like a résumé. Please help improve it by revising it to be neutral and encyclopedic. (January 2026) This biography of a living person needs additional citations for verification. Please help by adding reliable sources. Contentious material about living persons that is unsourced or poorly sourced must be removed immediately from the article and its talk page, especially if potentially libelous. Find sources: "Chema Alonso" – news · newspapers · books · scholar · JSTOR (November 2025) (Learn how and when to remove this message) (Learn how and when to remove this message)

Chema Alonso
Alonso speaking at a cyber‑security conference in 2019
Born	José María Alonso Cebrián 1975 (age 50–51) Madrid, Spain
Alma mater	Polytechnic University of Madrid (BEng) Rey Juan Carlos University (MSc, PhD)
Occupations	Computer‑security researcher technology executive
Known for	ElevenPaths FOCA metadata tool Latch app Cloudflare executive
Awards	Civil Guard Cross of Merit (2017) Forbes World’s 50 Most Influential CMOs (2022)
Website	elladodelmal.com

José María "Chema" Alonso Cebrián (born 1975) is a Spanish computer‑security researcher and technology executive. He led Telefónica's cybersecurity unit ElevenPaths in 2013 and later served on the company's executive committee as Chief Data Officer and Chief Digital Officer between 2016 and 2025.

In August 2025, Alonso joined Cloudflare as vice president and head of international development.^[1][2] Alonso is a frequent speaker at international security conferences (including Black Hat, DEF CON and Troopers). He has worked on connection-string parameter pollution and has been involved in tools such as the FOCA metadata-analysis suite and the Latch “digital padlock” app.^[3][4][5]

Alonso was born in 1975 and grew up in Móstoles, in Community of Madrid, Spain^[6][7] He holds a B.Eng. in Computer Systems Engineering from the Polytechnic University of Madrid and an M.Sc./Ph.D. in Computer Security from the Rey Juan Carlos University.^[8][9]

In June 2013, Telefónica created the cyber‑security unit ElevenPaths and appointed Alonso as its Chief Executive; the new unit drew staff from his earlier consultancy Informática 64.^[10][11] At ElevenPaths, he increased awareness about tools and products such as the FOCA (Fingerprinting Organizations with Collected Archives) metadata‑analysis suite,^[12] and Latch, a mobile “digital padlock” that lets users toggle access to online services.^[13]

Alonso joined Telefónica's executive committee in 2016 as Chief Data Officer, later serving as Chief Digital Consumer Officer and then Chief Digital Officer.^[14] In this period, he spoke publicly about returning control of personal data to users and Telefónica's “fourth platform”.^[15] From 2023, he was a prominent executive voice around the GSMA Open Gateway programme, which exposes standardised network APIs; Telefónica and the GSMA announced deployments and partnerships during MWC Barcelona.^[16][17]

Telefónica was among the first large companies affected when the WannaCry ransomware attack began on 12 May 2017.^[18]

In August 2025, Alonso joined Cloudflare as vice president, Head of International Development.^[19][20] The move was followed, two weeks later, by his resignation from an advisory role on artificial intelligence at Spain's Technical Committee of Referees (CTA).^[21]

• DirtyTooth (2017): co‑disclosure of a Bluetooth issue affecting iOS whereby a paired speaker could switch from A2DP to PBAP and exfiltrate contacts without user awareness; presented at ToorCon 19.^[22][23]
• RansomCloud (2017–2018): a proof‑of‑concept demonstrating how a rogue OAuth application could encrypt email in cloud services such as Office 365 in real time, which was later popularised through demonstrations with Kevin Mitnick.^[24]

Alonso has appeared in Spanish‑language media as a subject-matter expert on cybersecurity topics, including demonstrations on the TV show El Hormiguero.^[25] He also hosted the 12‑episode web series Risk Alert (Atresmedia/Flooxer, 2018).^[26]

• Civil Guard Cross of Merit (Distintivo Blanco, 2017).^[27]
• Doctor Honoris Causa, Rey Juan Carlos University (2020).^[28]
• #16 on Forbes World’s 50 Most Influential CMOs list (2022).^[29]

• Telefónica
• Cloudflare
• DEF CON
• Black Hat Briefings

• Official website