Improving SingleStore's AppSec posture.▪ Implemented a security review process for new product features and changes, introduced threat modeling and pentests into those reviews, and currently leading the charge in conducting them, having reviewed all major features released by SingleStore in 2023 and 2024;▪ Carrying out the implementation of OWASP SAMM and promoting the development of a security-centric engineering culture;▪ Improved and redesigned product vulnerability management processes at SingleStore and currently enforcing those same processes. Moreover, I have developed an automation bot (python, AWS Lambda) to help tracking and managing vulnerabilities internally;▪ Implemented SingleStore's current Pentesting Program and responsible for conducting internal pentesting for new major features and coordinating yearly pentests with service providers;▪ Carrying out security IR activities and providing guidance on IR for product-related events when these arise;▪ Implemented Application Security training for 140+ engineers;▪ Implemented SingleStore's Responsible Disclosure Program (in partnership with HackerOne);▪ Kept supporting ISO27k1 and SOC2T2 audits, enabling consistently positive results.Most relevant technologies: Kubernetes, Containers, Golang, Python, Gitlab, AWS, GCP, Azure, multiple open-source SAST and SCA tools (e.g. grype, kics, semgrep, flawfinder, gosec), Kali, Burp Suite, Crowdstrike, Knowbe4, Tenable, Nessus, ELK, Grafana, HackerOne, automations and scripting.

Product and Enterprise Security plus compliance management.▪ Created SingleStore's foundational framework for vulnerability management (policy dev+implementation, deployed scanning tools namely Tenable and open-source SAST, SCA, secrets and IaC scanning, implemented an annual pentesting program);▪ Successfully led SingleStore as interim GRC manager achieving positive results in the ISO27k1 2nd year surveillance audit and the SOC2 Type 2 and HIPAA 2022 audit;▪ Handled supplier security management, screening and risk assessments for over 200 vendors;▪ Supported Sales and PM wrt to Product Security matters, enabling positive relationships with at least 5 key customers for SingleStore.▪ Delivered Information Security awareness training (including running simulated phishing and smishing tests company wide) to over 400 employees.

I freelance as an instructor for SCUBA diving and freediving in the coast of continental Portugal. I'm also a certified gas blender (Nx and Tx), equipment service technician and hold a local skipper license.

Led implementation of Information Security at Unbabel from both the enterprise and product areas:▪ Assumed the role of the ISMS Manager and led Information Security processes implementation, maintenance and improvement, in preparation for ISO27001 certification which was successful enabling Unbabel to get certified;▪ Provided guidance and aided in the implementation of security controls in corporate and product environments;▪ Managed vulnerability, bug bounty and pentesting programs liaising w/ SRE, TechOps and Engineering teams successfully enforcing a stable growing trend of vulnerability remediation;▪ Implemented Unbabel's SIRT, led the team and ran successful IR tests;▪ Coordinated with the DPO in privacy and data protection issues (GDPR, CCPA, others);▪ Jointly implemented supplier security management processes w/ Legal and conducted vendor screening for over 150 vendors;▪ Developed and provided security awareness training company-wide to 200 users;▪ Internal/external interface in all security aspects related to Unbabel, namely with customers;▪ Helped define the roadmap for the merger between Unbabel and Lingo24 wrt to Information Security.Most relevant technologies: Fortiguard, Gophish, Eramba, ELK, logz.io, strongDM, Dashlane, 1Password.

Led the Cybersecurity team of the Secure E-Solutions department in Portugal. Stepped up to manage operations, people and commercial activities within this area.

Provided Information Security consultancy for national and European organizations in the space and aviation industries (ESA and EUROCONTROL), banking (IADB and BNI Europa) and IT companies, having performed various activities:▪ ISMS implementation and maintenance based on ISO27k1 and NIST;▪ Information security, business continuity, privacy and compliance assessments and mitigation plans;▪ Definition and guidance on information security requirements and controls;▪ Vulnerability management;▪ Technical security review of systems, networks and software architecture;▪ SecDevOps and Secure SDLC implementation and guidance;▪ Technology scouting and implementation of software-based security solutions.Most relevant technologies: Microsoft 365 security, Checkmarx, ArcSight, IBM QRadar, Kali, Burp, Fortinet, FireEye, PAM (Privileged Access Management) software, custom software.

Led and supported multiple software engineering and cybersecurity small scale projects.

Developed secure web and mobile applications for several public administration and banking projects, for national (Lisbon City Hall, AICEP) and international customers (ESA, IADB).Most relevant technologies: .NET/C#, Sharepoint, Cordova, PHP (LAMP stack), JS.

Supported security monitoring and incident handling operations for the Galileo GNSS programme infrastructure as a contractor through GMV.

Curricular internship program. Built a mobile cross-platform app meant to provide business intelligence to the energy sector in Cape Verde.Most relevant technologies: Cordova, Ionic, AngularJS, sqlite.