Bio - Cristian Souza

Formal education

2024 -	PhD degree	Computer Science, University of São Paulo (USP)
2023 - 2024	Master's degree	Management and Technology, Centro Paula Souza (CPS/FATEC-SP)
2022 - 2023	Postgraduate degree	Digital Forensics and Cyber Investigation, IDESP
2022 - 2022	Postgraduate degree	Ethical Hacking and Cyber Security, UNICIV
2019 - 2022	Bachelor of Technology	Computer Systems Networking, IFRN
2018 - 2019	Certificate program	Electronics, IMD
2015 - 2018	Certificate program	Informatics, IFRN

Professional experience

[2023 - Present] Digital Forensics and Incident Response Specialist - Kaspersky Lab

Joined Kaspersky's Global Emergency Response Team (GERT).

[2021 - 2023] Cyber Security Consultant & Professor - Daryus Consultoria e Treinamento

Conducted penetration testing in web applications, infrastructures, and mobile applications.
Performed reverse engineering of PE and APK files.
Conducted computer forensics investigations.
Conducted cloud computing audits to ensure security best practices were followed.
Provided guidance on secure development practices.
Led red team exercises to identify vulnerabilities in organizations' security defenses.
Designed and executed phishing campaigns to raise awareness and test employees' security awareness.
Led the creation and implementation of robust incident response playbooks, optimizing response strategies for swift and effective resolution.
Actively contributed to ISO 27001 audits, ensuring adherence to information security standards.
Conducted audits of critical systems to ensure they meet security standards.

As a professor of post-graduate courses, instructed students in various topics related to information security, including: Malware analysis and reverse engineering; Mobile and wireless penetration testing; Incident response; Windows & Linux security; Secure programming; Network security; and IoT security.
Instructed courses in web application security, secure programming, and ethical hacking, with a focus on the following topics: OWASP Top 10 and Secure Coding Practices; OWASP Proactive Controls and API Security; SAST, DAST, and SCA techniques; DevOps and DevSecOps methodologies; Threat modeling for software security; Network, web application, and wireless network penetration testing.
Additionally, taught other related courses, such as Penetration Testing, Open-source Intelligence (OSINT), Ethical Hacking Foundation, Secure Programming Foundation, and NIST Cyber Security Framework.

[2016 - 2022] Researcher, R&D Software Developer, and Tutor - Federal Institute of Rio Grande do Norte

Conducted research in information security, focusing on malware analysis and detection, software-defined networks, and moving target defense.
Authored and published research papers in multiple conferences and journals to share findings and contribute to advancements in the fields.

Conducted research in computer vision and image processing and developed practical applications in the field.
Designed and developed an ALPR (Automatic License Plate Recognition) application for embedded hardware, with a patent application filed.
Developed an OCR (Optical Character Recognition) application to extract text from images.
Created a deep learning-based face recognition application and API.
Main programming languages: Java and Python.
Other technologies: OpenCV, dlib, REST, Flask, MySQL, RFID.

Provided support to students studying operating systems, offering guidance and assistance with course materials.
Provided assistance to students studying algorithms and data structures, offering guidance and support with course materials.

[2020 - 2021] Back-end Developer - SutHub

Designed and developed multiple Robotic Process Automation (RPA) tools to automate repetitive tasks and improve productivity.
Conducted Static Application Security Testing (SAST) in the core system to identify and mitigate potential security risks.
Main programming language: Python.
Other technologies: Selenium, AWS (EC2, CloudWatch, and S3), MySQL.

[2018 - 2019] Information Security Analyst - Actions Security

Helped develop a Web Application Firewall (WAF).
Utilized Elastic Stack, Docker containers, and reverse proxies to achieve project goals.
Successfully implemented an OpenStack infrastructure, enabling increased efficiency and scalability.
Conducted penetration tests in web applications to identify security vulnerabilities.
Main programming languages: Python and C.
Other tools and technologies: OWASP Top 10, AWS, OpenStack, ModSecurity, Linux.

Research interests

Information Security
Malware Analysis
Privacy
Artificial Intelligence
Software-Defined Networking

Certifications

Certified Information Systems Security Professional (CISSP)	(ISC)²	Credential ID: 1068081
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)	SANS Institute	Credential ID: 4045
GIAC Reverse Engineering Malware (GREM)	SANS Institute	Credential ID: 9604
GIAC Certified Forensic Analyst (GCFA)	SANS Institute	Credential ID: 23066
GIAC Response and Industrial Defense (GRID)	SANS Institute	Credential ID: 2290
GIAC Certified Incident Handler (GCIH)	SANS Institute	Credential ID: 50983
GIAC Cyber Threat Intelligence (GCTI)	SANS Institute	Credential ID: 4606
CompTIA Advanced Security Practitioner (CASP+)	CompTIA	Credential ID: WSLN0QL5NME1115Z
ISO/IEC 27001 Lead Auditor	PECB	Credential ID: ISLA1119651-2023-06
Certified Computer Hacking Forensics Investigator (CHFI)	EC-Council	Credential ID: ECC9027651384
Certified Ethical Hacker (Practical)	EC-Council	Credential ID: ECC5379860241
Certified Ethical Hacker (CEH)	EC-Council	Credential ID: ECC8169403257
Pentest+	CompTIA	Credential ID: 1035ZEWSF1Q415WQ
BSD Specialist	Linux Professional Institute	Credential ID: LPI000393801
LPIC-3: Security	Linux Professional Institute	Credential ID: LPI000393801
LPIC-2: Linux Engineer	Linux Professional Institute	Credential ID: LPI000393801
LPIC-1: Linux Administrator	Linux Professional Institute	Credential ID: LPI000393801
Linux+	CompTIA	Credential ID: 9BSTQ4TM5LEE1GKT
Certified in Cybersecurity	(ISC)²	Credential ID: 1068081

Skills

Languages:
- Portuguese (Native)
- English (Advanced level)
- Spanish (Basic level)
Programming languages:
- C
- Python
- Java
Other:
- Penetration Testing, Computer Forensics, Malware Analysis, Reverse Engineering, FTK, OWASP Top 10, Linux Administration, AWS, Git, Docker, Elastic Stack, Flask, REST.

Honors & Awards

2025	Youth Digital Ambassador, Global Digital Forum
2025	Top-3 Nominees, Global Digital Forum
2025	Outstanding Reviewer Award, XLIII SBRC
2024	GIAC Advisory Board
2023	CEH Master
2022	Academic Honors Diploma (Summa Cum Laude)
2022	Distinguished Paper Award, XL SBRC
2018	Capture The Wave (CTW/CTF) Champion

Vulnerability disclosures

2025	CVE-2025-7771
2019	CVE-2019-7634

Patents & Software

BR 10 2018 015493 1	Patent	Embedded System for Automatic License Plate Recognition
BR 51 2024 001975 8	Software	Heimdall-NG - Interface administrativa
BR 51 2024 000157 3	Software	Heimdall: Solução para detecção de artefatos maliciosos em ambientes IoT por meio de machine learning
BR 51 2022 002010 6	Software	PhishKiller
BR 51 2019 000141 9	Software	NAVI Face Recognition API
BR 51 2019 000143 5	Software	NAVI RPi Face Recognition
BR 51 2019 000144 3	Software	NAVI-ALPR
BR 51 2019 000140 0	Software	Embedded System for Rainfall Measurement and SNMP Management
BR 51 2018 000086 0	Software	OCR-NAVI

Academic service

Reviewer	Computer Communications - Elsevier
Reviewer	International Journal of Cognitive Computing in Engineering (IJCCE) - Elsevier
Reviewer	XXV Brazilian Symposium on Cybersecurity (SBSeg 2025)
Reviewer	XLIII Brazilian Symposium on Computer Networks and Distributed Systems (SBRC 2025)

Volunteering

[2022 - Present] OWASP Foundation

As chapter leader, my responsibilities include efficiently maintaining the chapter, organizing engaging information security meetings, and conducting workshops.

[2015 - 2016] Federal Institute of Rio Grande do Norte

Volunteered to develop a mobile app for monitoring water usage at IFRN (campus Natal Central).

CV

View CV