Formal education
| 2024 - | PhD degree | Computer Science, University of São Paulo (USP) |
| 2023 - 2024 | Master's degree | Management and Technology, Centro Paula Souza (CPS/FATEC-SP) |
| 2022 - 2023 | Postgraduate degree | Digital Forensics and Cyber Investigation, IDESP |
| 2022 - 2022 | Postgraduate degree | Ethical Hacking and Cyber Security, UNICIV |
| 2019 - 2022 | Bachelor of Technology | Computer Systems Networking, IFRN |
| 2018 - 2019 | Certificate program | Electronics, IMD |
| 2015 - 2018 | Certificate program | Informatics, IFRN |
Professional experience
[2023 - Present] Digital Forensics and Incident Response Specialist - Kaspersky Lab
- Joined Kaspersky's Global Emergency Response Team (GERT).
[2021 - 2023] Cyber Security Consultant & Professor - Daryus Consultoria e Treinamento
- Conducted penetration testing in web applications, infrastructures, and mobile applications.
- Performed reverse engineering of PE and APK files.
- Conducted computer forensics investigations.
- Conducted cloud computing audits to ensure security best practices were followed.
- Provided guidance on secure development practices.
- Led red team exercises to identify vulnerabilities in organizations' security defenses.
- Designed and executed phishing campaigns to raise awareness and test employees' security awareness.
- Led the creation and implementation of robust incident response playbooks, optimizing response strategies for swift and effective resolution.
- Actively contributed to ISO 27001 audits, ensuring adherence to information security standards.
- Conducted audits of critical systems to ensure they meet security standards.
- As a professor of post-graduate courses, instructed students in various topics related to information security, including: Malware analysis and reverse engineering; Mobile and wireless penetration testing; Incident response; Windows & Linux security; Secure programming; Network security; and IoT security.
- Instructed courses in web application security, secure programming, and ethical hacking, with a focus on the following topics: OWASP Top 10 and Secure Coding Practices; OWASP Proactive Controls and API Security; SAST, DAST, and SCA techniques; DevOps and DevSecOps methodologies; Threat modeling for software security; Network, web application, and wireless network penetration testing.
- Additionally, taught other related courses, such as Penetration Testing, Open-source Intelligence (OSINT), Ethical Hacking Foundation, Secure Programming Foundation, and NIST Cyber Security Framework.
[2016 - 2022] Researcher, R&D Software Developer, and Tutor - Federal Institute of Rio Grande do Norte
- Conducted research in information security, focusing on malware analysis and detection, software-defined networks, and moving target defense.
- Authored and published research papers in multiple conferences and journals to share findings and contribute to advancements in the fields.
- Conducted research in computer vision and image processing and developed practical applications in the field.
- Designed and developed an ALPR (Automatic License Plate Recognition) application for embedded hardware, with a patent application filed.
- Developed an OCR (Optical Character Recognition) application to extract text from images.
- Created a deep learning-based face recognition application and API.
- Main programming languages: Java and Python.
- Other technologies: OpenCV, dlib, REST, Flask, MySQL, RFID.
- Provided support to students studying operating systems, offering guidance and assistance with course materials.
- Provided assistance to students studying algorithms and data structures, offering guidance and support with course materials.
[2020 - 2021] Back-end Developer - SutHub
- Designed and developed multiple Robotic Process Automation (RPA) tools to automate repetitive tasks and improve productivity.
- Conducted Static Application Security Testing (SAST) in the core system to identify and mitigate potential security risks.
- Main programming language: Python.
- Other technologies: Selenium, AWS (EC2, CloudWatch, and S3), MySQL.
[2018 - 2019] Information Security Analyst - Actions Security
- Helped develop a Web Application Firewall (WAF).
- Utilized Elastic Stack, Docker containers, and reverse proxies to achieve project goals.
- Successfully implemented an OpenStack infrastructure, enabling increased efficiency and scalability.
- Conducted penetration tests in web applications to identify security vulnerabilities.
- Main programming languages: Python and C.
- Other tools and technologies: OWASP Top 10, AWS, OpenStack, ModSecurity, Linux.
Research interests
Information Security
Malware Analysis
Privacy
Artificial Intelligence
Software-Defined Networking
Certifications
| Certified Information Systems Security Professional (CISSP) | (ISC)² | Credential ID: 1068081 |
| GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) | SANS Institute | Credential ID: 4045 |
| GIAC Reverse Engineering Malware (GREM) | SANS Institute | Credential ID: 9604 |
| GIAC Certified Forensic Analyst (GCFA) | SANS Institute | Credential ID: 23066 |
| GIAC Response and Industrial Defense (GRID) | SANS Institute | Credential ID: 2290 |
| GIAC Certified Incident Handler Certification (GCIH) | SANS Institute | Credential ID: 50983 |
| GIAC Cyber Threat Intelligence (GCTI) | SANS Institute | Credential ID: 4606 |
| CompTIA Advanced Security Practitioner (CASP+) | CompTIA | Credential ID: WSLN0QL5NME1115Z |
| ISO/IEC 27001 Lead Auditor | PECB | Credential ID: ISLA1119651-2023-06 |
| Certified Computer Hacking Forensics Investigator (CHFI) | EC-Council | Credential ID: ECC9027651384 |
| Certified Ethical Hacker (Practical) | EC-Council | Credential ID: ECC5379860241 |
| Certified Ethical Hacker (CEH) | EC-Council | Credential ID: ECC8169403257 |
| Pentest+ | CompTIA | Credential ID: 1035ZEWSF1Q415WQ |
| BSD Specialist | Linux Professional Institute | Credential ID: LPI000393801 |
| LPIC-3: Security | Linux Professional Institute | Credential ID: LPI000393801 |
| LPIC-2: Linux Engineer | Linux Professional Institute | Credential ID: LPI000393801 |
| LPIC-1: Linux Administrator | Linux Professional Institute | Credential ID: LPI000393801 |
| Linux+ | CompTIA | Credential ID: 9BSTQ4TM5LEE1GKT |
| Certified in Cybersecurity | (ISC)² | Credential ID: 1068081 |
Skills
- Languages:
Portuguese (Native)
English (Advanced level)
Spanish (Basic level)
- Programming languages:
C
Python
Java
- Other:
- Penetration Testing, Computer Forensics, Malware Analysis, Reverse Engineering, FTK, OWASP Top 10, Linux Administration, AWS, Git, Docker, Elastic Stack, Flask, REST.
Honors & Awards
| 2025 | Outstanding Reviewer Award, XLIII SBRC |
| 2024 | GIAC Advisory Board |
| 2023 | CEH Master |
| 2022 | Academic Honors Diploma (Summa Cum Laude) |
| 2022 | Distinguished Paper Award, XL SBRC |
| 2019 | CVE-2019-7634 |
| 2018 | Capture The Wave (CTW/CTF) Champion |
Patents & Software
| BR 10 2018 015493 1 | Patent | Embedded System for Automatic License Plate Recognition |
| BR 51 2024 001975 8 | Software | Heimdall-NG - Interface administrativa |
| BR 51 2024 000157 3 | Software | Heimdall: Solução para detecção de artefatos maliciosos em ambientes IoT por meio de machine learning |
| BR 51 2022 002010 6 | Software | PhishKiller |
| BR 51 2019 000141 9 | Software | NAVI Face Recognition API |
| BR 51 2019 000143 5 | Software | NAVI RPi Face Recognition |
| BR 51 2019 000144 3 | Software | NAVI-ALPR |
| BR 51 2019 000140 0 | Software | Embedded System for Rainfall Measurement and SNMP Management |
| BR 51 2018 000086 0 | Software | OCR-NAVI |
Volunteering
[2022 - Present] OWASP Foundation
- As chapter leader, my responsibilities include efficiently maintaining the chapter, organizing engaging information security meetings, and conducting workshops.
[2015 - 2016] Federal Institute of Rio Grande do Norte
- Volunteered to develop a mobile app for monitoring water usage at IFRN (campus Natal Central).