David Mariano Email and Phone Number
David Mariano work email
- Valid
David Mariano personal email
Information Security Analyst specializing in black box security testing of web and mobile applications following OWASP guidelines.In 2021 I carried out Information Security consultancy (Red Team/Pentest) under the APIs of public companies, among them, the Tocantins Finance Secretariat (SEFAZ-TO), Public Security Secretariat (SSP-TO), Court of Auditors of the State of Tocantins (TCE-TO), Military Police of Tocantins (PM-TO) and I have already reported failures to private companies, such as: Banco do Brasil, KingHost, Vester and through the “HackerOne” failure reward platform, among The reported flaws are vulnerabilities that I found on the PayPal payments website. All reports are available for consultation upon signing a confidentiality agreement and have sensitive data hidden.Fluent in English, trained at the CNA teaching school, and have a certificate of proficiency from the University of Cambridge. Furthermore, I participated in the largest Information Security conference on the South American continent, “RoadSec”, with lectures and hacking competitions in São Paulo, in 2018 and I participated in one of the largest cybersecurity conferences in Latin America, “Mind The Sec”, in the years 2020 and 2021.I write ethical hacking content and classes on security testing on my blog (https://filosofiahacker.wordpress.com), as well as developing the "Red Team Framework" tool (https://github.com/david-botelho-mariano ), authorial system that, through a graphical interface, automates the use of security testing tools. The tool has the ability to enumerate subdomains, check open ports, capture screenshots of websites and store the results of each test performed.Professional experience in:- Teach security to the developer team (Security Champions).- Handling security incidents according to the NIST methodology.- DAST: Burp Suite and OWASP ZAP.- Manual security test (Pentest).- SCA: OWASP Dependency Track and Synk.- Threat modeling using the STRIDE methodology.- SAST: SonarQube and Synk.- Code review and analysis of security requirements.- Kubernetes/container/IaC security with tools such as Trivy and Checkov.- Monitoring through AWS DataDog and WAF logs.
Gupy
View- Website:
- gupy.com.br
- Employees:
- 1095
-
Analista De Segurança Da Informação Iii (Appsec).GupyPalmas, To, Br
-
Information Security Analyst Iii (Appsec).Gupy Nov 2023 - Present- Guide and develop people on the team.- Lead problem solving effectively and in accordance with technology principles and strategies.
-
Information Security Analyst Ii (Appsec).Gupy Jun 2022 - Present- Perform threat modeling.- Define security requirements for development.- Help evaluate and define secure software architecture (SDLC).- Perform code review.- Assist in fixing vulnerabilities.- Assist in the implementation of secure development processes.- Run vulnerability assessment tools.- Carry out penetration tests on the application.- Security Champions Program and automated security tests (SAST and DAST).
-
Security Engineer I (Redteam).Cloudwalk, Inc. Apr 2022 - Jun 2022- Execution of Red Team Operations (penetration tests).- Threat modeling in various aspects of infrastructure and products.- Development of Red Team open source projects and implementation of internal tools.- Publication of Red Team reports describing attack techniques and other technical concepts. -
Information Security Consulting (Pentest).Freelancer Oct 2021 - Mar 2022- Information Security Consultancy in public companies: Tocantins Health Department, Tocantins Public Security Secretariat, Tocantins Audit Court, and Tocantins Military Police.- Bug bounty in the following private companies: Banco do Brasil, KingHost, Vestter, PayPal, among others.
-
Internship In Information Security.Court Of Auditors Of The State Of Tocantins (Tce-To) Oct 2019 - Sep 2021- Monitor projects through ISO 27001 and LGPD (General Personal Data Protection Law), prepare audit and risk assessment reports.- Assist the team of security experts in conducting and monitoring cybersecurity projects.- Monitoring of risk indicators as well as monitoring the execution status of projects related to vulnerability management, pen tests, risk assessment, external reviews, auditing, among others.- Assist in risk assessment, monitoring points for improvement, carrying out control tests and monitoring the quality of information in the risk management and controls system.
David Mariano Education Details
-
It/Software Technology
Frequently Asked Questions about David Mariano
What company does David Mariano work for?
David Mariano works for Gupy
What is David Mariano's role at the current company?
David Mariano's current role is Analista de Segurança da Informação III (AppSec)..
What is David Mariano's email address?
David Mariano's email address is da****@****.com.br
What schools did David Mariano attend?
David Mariano attended Tocantins State University.
Who are David Mariano's colleagues?
David Mariano's colleagues are Safyre Onigkeit, Elisangela Silva Elisângela Silva, Ana Simplicio, Henrique Procaci Knop, Gabriela Sena, Lucian Nort, Gabriele Dias.
Not the David Mariano you were looking for?
-
David Mariano
Assistente Administrativo Agente De Prevenção À Fraude & Analise De Créditodocumentoscopia // Grafoscopia Técnico De Administração Certificadocertificado De InformáticaSão Paulo, Sp -
1fortes.ind.br -
-
Free Chrome Extension
Find emails, phones & company data instantly
Aero Online
Your AI prospecting assistant
Select data to include:
0 records × $0.02 per record
Download 750 million emails and 100 million phone numbers
Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.
Start your free trial