Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Now IronSpider - Go hard or Go home, I'm an Ironman!

Probably in the same period I started at Trustwave SpiderLabs I decided to start my training for an Ironman race.

First what is an Ironman?

An Ironman Triathlon is one of a series of long-distance triathlon races organized by the World Triathlon Corporation (WTC) consisting of a 2.4-mile (3.86 km) swim, a 112-mile (180.25 km) bike and a marathon 26.2-mile (42.2 km) run, raced in that order and without a break. Most Ironman events have a strict time limit of 17 hours to complete the race, where the Ironman race starts at 7:00 AM, the mandatory swim cut off for the 2.4-mile (3.9 km) swim is 2 hours 20 minutes, the bike cut off time is 5:30 PM, and all finishers must complete their marathon by midnight.

You probably thinking - are you insane? or what are you trying to prove?

That's the point. I like challenges in any subject. Besides health and INSANE training, Ironman is much more than that and some stuff I could enumerate:

  • Focus
  • Long Term Planning
  • Discipline
  • Goal
  • Mind/Mental Trainings

If we compare with our daily security work it's pretty similar since we need to split into different parts to get the result.

Ironman is the scope - 140.6 miles or 226 km

Training is the Enumeration/Reconnaissance

Swimming is the very first step to get into next level, we need to own this swim distance to achieve the next goal. We have a time-line of 2h30m (more than enough but if something goes wrong your race could be over at this point)

Biking second and large stage here you need to have a balance about good performance (correct tools in PenTest) and save energy for a marathon right after (not lot of noise)

Running is probably the privilege escalation/exploitation where you are pretty close to the goal but you need to get the finish line and LOT of stuff could go wrong.

Writing this blog post is the report =)

As I told I started to train to this race 2 years ago. It's not easy task for me and my family... I missed lot of beers, parties and family time to do insane trainings all weekend. This video is funny but mostly true.

After long trainings, hours and hours the race day arrived. I was nervous since it's a very long race and you never know how your body will behave but my goal was to arrive at finish line in any time before 17h. In my plans I was thinking about a 12h race.

First the swin part. The race start is MAGIC ... 7:00 am and the race started. Around 2000 athletes with the same goal. If you see this video from a helicopter you will see how nuts and beautiful it's.

I swam as planned. It's important to say that family support in the start is something that make the difference.

After that just went to transition area and picked up my bike and start to ride my back. That's the longest part and where people usually ride too fast and could not run after. I did my bike track exactly as planned in 6h02m. I was pretty good to start my run.


I started my run and all was doing fine as planned but after 12km running, my abdomen started hurting and I could not run anymore only walk. I thought that will be hard but I looked into my watch and saw I have 7 more hours to finish the race. So I started my mental battle so walk that distance after all swim and bike. This marathon took forever to my, my coach as afraid since only walking I could have some problems with my body temperature and never finish the race.


BUT I did ... after 14h06m I arrived in the finish line and now I'M an IRONMAN!!!!


Thanks for all that support me and understand when I said NO for beer, party or whatever because I need to wake up early for trainings. This was the most insane thing I ever tried in my life and I learned too much with trainings, race problems and during all this period.

Ready for next challenge!!! I'm a SpiderLabs team member and I only try HARD.