Formal education

2024 - PhD degree Computer Science, University of São Paulo (USP)
2023 - 2024 Master's degree Management and Technology, Centro Paula Souza (CPS/FATEC-SP)
2022 - 2023 Postgraduate degree Digital Forensics and Cyber Investigation, IDESP
2022 - 2022 Postgraduate degree Ethical Hacking and Cyber Security, UNICIV
2019 - 2022 Bachelor of Technology Computer Systems Networking, IFRN
2018 - 2019 Certificate program Electronics, IMD
2015 - 2018 Certificate programInformatics, IFRN

Professional experience

[2023 - Present] Digital Forensics and Incident Response Specialist - Kaspersky Lab

  • Joined Kaspersky's Global Emergency Response Team (GERT).

[2021 - 2023] Cyber Security Consultant & Professor - Daryus Consultoria e Treinamento

  • Conducted penetration testing in web applications, infrastructures, and mobile applications.
  • Performed reverse engineering of PE and APK files.
  • Conducted computer forensics investigations.
  • Conducted cloud computing audits to ensure security best practices were followed.
  • Provided guidance on secure development practices.
  • Led red team exercises to identify vulnerabilities in organizations' security defenses.
  • Designed and executed phishing campaigns to raise awareness and test employees' security awareness.
  • Led the creation and implementation of robust incident response playbooks, optimizing response strategies for swift and effective resolution.
  • Actively contributed to ISO 27001 audits, ensuring adherence to information security standards.
  • Conducted audits of critical systems to ensure they meet security standards.
  • As a professor of post-graduate courses, instructed students in various topics related to information security, including: Malware analysis and reverse engineering; Mobile and wireless penetration testing; Incident response; Windows & Linux security; Secure programming; Network security; and IoT security.
  • Instructed courses in web application security, secure programming, and ethical hacking, with a focus on the following topics: OWASP Top 10 and Secure Coding Practices; OWASP Proactive Controls and API Security; SAST, DAST, and SCA techniques; DevOps and DevSecOps methodologies; Threat modeling for software security; Network, web application, and wireless network penetration testing.
  • Additionally, taught other related courses, such as Penetration Testing, Open-source Intelligence (OSINT), Ethical Hacking Foundation, Secure Programming Foundation, and NIST Cyber Security Framework.

[2016 - 2022] Researcher, R&D Software Developer, and Tutor - Federal Institute of Rio Grande do Norte

  • Conducted research in information security, focusing on malware analysis and detection, software-defined networks, and moving target defense.
  • Authored and published research papers in multiple conferences and journals to share findings and contribute to advancements in the fields.
  • Conducted research in computer vision and image processing and developed practical applications in the field.
  • Designed and developed an ALPR (Automatic License Plate Recognition) application for embedded hardware, with a patent application filed.
  • Developed an OCR (Optical Character Recognition) application to extract text from images.
  • Created a deep learning-based face recognition application and API.
  • Main programming languages: Java and Python.
  • Other technologies: OpenCV, dlib, REST, Flask, MySQL, RFID.
  • Provided support to students studying operating systems, offering guidance and assistance with course materials.
  • Provided assistance to students studying algorithms and data structures, offering guidance and support with course materials.

[2020 - 2021] Back-end Developer - SutHub

  • Designed and developed multiple Robotic Process Automation (RPA) tools to automate repetitive tasks and improve productivity.
  • Conducted Static Application Security Testing (SAST) in the core system to identify and mitigate potential security risks.
  • Main programming language: Python.
  • Other technologies: Selenium, AWS (EC2, CloudWatch, and S3), MySQL.

[2018 - 2019] Information Security Analyst - Actions Security

  • Helped develop a Web Application Firewall (WAF).
  • Utilized Elastic Stack, Docker containers, and reverse proxies to achieve project goals.
  • Successfully implemented an OpenStack infrastructure, enabling increased efficiency and scalability.
  • Conducted penetration tests in web applications to identify security vulnerabilities.
  • Main programming languages: Python and C.
  • Other tools and technologies: OWASP Top 10, AWS, OpenStack, ModSecurity, Linux.

Research interests

Certifications

Certified Information Systems Security Professional (CISSP) (ISC)² Credential ID: 1068081
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) SANS Institute Credential ID: 4045
GIAC Reverse Engineering Malware (GREM) SANS Institute Credential ID: 9604
GIAC Certified Forensic Analyst (GCFA) SANS Institute Credential ID: 23066
GIAC Response and Industrial Defense (GRID) SANS Institute Credential ID: 2290
GIAC Certified Incident Handler Certification (GCIH) SANS Institute Credential ID: 50983
GIAC Cyber Threat Intelligence (GCTI) SANS Institute Credential ID: 4606
CompTIA Advanced Security Practitioner (CASP+) CompTIA Credential ID: WSLN0QL5NME1115Z
ISO/IEC 27001 Lead Auditor PECB Credential ID: ISLA1119651-2023-06
Certified Computer Hacking Forensics Investigator (CHFI) EC-Council Credential ID: ECC9027651384
Certified Ethical Hacker (Practical) EC-Council Credential ID: ECC5379860241
Certified Ethical Hacker (CEH) EC-Council Credential ID: ECC8169403257
Pentest+ CompTIA Credential ID: 1035ZEWSF1Q415WQ
BSD Specialist Linux Professional Institute Credential ID: LPI000393801
LPIC-3: Security Linux Professional Institute Credential ID: LPI000393801
LPIC-2: Linux Engineer Linux Professional Institute Credential ID: LPI000393801
LPIC-1: Linux Administrator Linux Professional Institute Credential ID: LPI000393801
Linux+ CompTIA Credential ID: 9BSTQ4TM5LEE1GKT
Certified in Cybersecurity (ISC)² Credential ID: 1068081

Skills

Honors & Awards

2025 Youth Digital Ambassador, Global Digital Forum
2025 Top-3 Nominees, Global Digital Forum
2025 Outstanding Reviewer Award, XLIII SBRC
2024 GIAC Advisory Board
2023 CEH Master
2022 Academic Honors Diploma (Summa Cum Laude)
2022 Distinguished Paper Award, XL SBRC
2019 CVE-2019-7634
2018 Capture The Wave (CTW/CTF) Champion

Patents & Software

BR 10 2018 015493 1 Patent Embedded System for Automatic License Plate Recognition
BR 51 2024 001975 8 Software Heimdall-NG - Interface administrativa
BR 51 2024 000157 3 Software Heimdall: Solução para detecção de artefatos maliciosos em ambientes IoT por meio de machine learning
BR 51 2022 002010 6 Software PhishKiller
BR 51 2019 000141 9 Software NAVI Face Recognition API
BR 51 2019 000143 5 Software NAVI RPi Face Recognition
BR 51 2019 000144 3 Software NAVI-ALPR
BR 51 2019 000140 0 Software Embedded System for Rainfall Measurement and SNMP Management
BR 51 2018 000086 0 Software OCR-NAVI

Volunteering

[2022 - Present] OWASP Foundation

  • As chapter leader, my responsibilities include efficiently maintaining the chapter, organizing engaging information security meetings, and conducting workshops.

[2015 - 2016] Federal Institute of Rio Grande do Norte

  • Volunteered to develop a mobile app for monitoring water usage at IFRN (campus Natal Central).

CV