I work at the intersection of offensive security and application security, helping teams identify exploitable vulnerabilities, understand real-world impact, prioritize remediation, and reduce risk across web, mobile, cloud, and infrastructure environments.
📍 Buenos Aires, Argentina
🛠️ Senior Security Engineer with a strong Offensive Security background
🎯 Focused on Application Security, vulnerability management, cloud security, and practical remediation
🔍 7+ years of hands-on experience across web, mobile, internal, external, and cloud security assessments
🧠 I like turning offensive findings into clear risk, actionable recommendations, and security improvements that technical teams can actually use
📱 Application Security: Web and mobile application testing, vulnerability analysis, remediation guidance, and secure coding discussions.
☁️ Cloud & Infrastructure Security: Cloud, internal, external, and infrastructure security assessments.
🧠 Vulnerability Management: Exploitability validation, impact analysis, prioritization, false-positive reduction, and remediation follow-up.
🧰 Offensive Security: Penetration testing, attack path discovery, privilege escalation, post-exploitation, and realistic risk demonstration.
⚙️ Security Automation: Scripts and workflows to reduce repetitive work, improve consistency, and support security assessment processes.
I’m currently focused on applying my offensive security background to Application Security Engineering: vulnerability triage, secure SDLC practices, AppSec testing, cloud security, automation, and collaboration with development teams.
I approach SAST, DAST, SCA, and CI/CD security workflows as part of a broader AppSec process: validating findings, reducing noise, prioritizing exploitable issues, and helping teams move from detection to remediation.
PowerShell · JavaScript · Node.js · n8n · Wireshark · Frida · jadx · MobSF · Checkov · Prowler · Terraform · Kubernetes
- CodeBlue: From Network to Network: Hands-On Pivoting Techniques in Internal Environments | 🎥 Video | 📊 Slides
- Ekoparty: Red Team Space: Breaking the Cover: Advanced TOR Deanonymization Techniques and Real-World Attacks | 🎥 Video | 📊 Slides
- Ekoparty: Red Team Space: From Network to Network: Hands-On Pivoting Techniques in Internal Environments | 📊 Slides
- DEFCON: Red Team Village: From Network to Network: Hands-On Pivoting Techniques in Internal Environments | 📊 Slides
- Ekoparty: Red Team Space: From Network to Network: Hands-On Pivoting Techniques in Internal Environments | 📊 Slides
- GNUno: Hacking 101 | 🎥 Video | 📊 Slides
- DragonJARCon: Active Directory: Post Exploitation Attacks | 🎥 Video | 📊 Slides
- DragonJARCon: Hacking RF for Physical Security | 🎥 Video | 📊 Slides
- OWASP Latam Tour: Understanding the Same-Origin Policy and CORS | 🎥 Video | 📊 Slides
- Ekoparty: Summer Workshops: Active Directory: Post Exploitation Attacks | 🎥 Video | 📊 Slides
- BugCon: Understanding the Same-Origin Policy and CORS | 📊 Slides
- 8.8 Andina: Hacking RF for Physical Security | 📊 Slides