Protecting customers and Nubankers by detecting anomalies behavior and mitigating security incidents. Responsible for part of Nubank Security Operation working closely to the strategy of Threat Detection, Incident Response (CSIRT) and Cyber Intelligence teams. Nubank is the largest independent digital bank in the world with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States) and Berlin (Germany) and a rapidly growing customer base of over 60 million.

Leading the Nubank Security Operation to detect and contain anomalies through the Threat Detection and CSIRT teams.

Writing and research about hacking, attacks, vulnerabilities and other security-related issues

Conducting Threat Modeling to identify meaningful risks to customers lined up with business focus, providing the opportunity to anticipate appropriate countermeasures to decrease or improve the management of associated risks;Leads the integration of security activities into SDLC, such as threat modeling, code review, testing, and vulnerability assessment;Helps customers to formulate and implement a strategy for software security guided by maturity models (SAMM) and that is tailored to the specific risks facing of organization;Responsible for test planning and communication with stakeholders to clarify the requirements and details (scope, techniques, limitations, etc.);Responsible for knowledge transfer and presentation the test results to board directors and all stakeholders;Providing mentoring and guidance to staff member’s team.

Applying industry standard testing tools and in-depth knowledge of the methods and techniques used during automated and manual penetration testing (such as scanning, scripting, mapping, exploitation, brute force attacks, SQL injections, fuzz testing, buffer overflows, session hijacking, pass the hash, rogue AP's, phishing, etc.);Conducting vulnerability assessment scans and penetration testing, exposing security vulnerabilities and risks, and recommending solutions to mitigate such vulnerabilities;Contributes to building and delivering services, solutions and processes that enable security defects to found, fixed or avoided before applications are released to production;Tracks public and privately released vulnerabilities and assists in the corporate triage process including: identification, criticality evaluation, remediation planning, communications and resolution;Providing mentoring and guidance to Jr, Mid, and senior staff members by creating and teaching latest techniques in ethical hacking and vulnerability analysis;Risk and compliance assessment activities to ensure adherence to regulatory requirements of HIPPA.

Conducting vulnerability assessment scans and penetration testing, exposing meaningful risks to clients lined up with business focus and recommendations solutions to mitigate related vulnerabilities;Using creative approaches and industry standard testing tools to identify vulnerabilities and assess applications for issues surrounding Authentication, Authorization, User management, Session management, Data validation, including all common attacks such as SQL injection, Cross-site scripting, Command injection and Error handling;Applying security within the development life cycles through SDLC Methodology;Defining security requirements by evaluating business strategies and requirements, researching security standards, conducting risk assessments, performing threat modeling, identifying integration issues and reviewing open risk items;Threat Modeling throughout a software development project using Security Patterns and Security Methodologies (e.g STRIDE, DREAD, OSSTMM and OWASP);Writing hardening baselines for Linux operating systems and windows, Webserver Apache, Databases MySQL and other applications;Writing blog posts, participate at conferences, and represent Conviso's research efforts in the public eye.

Focused on Sourcefire's IPS and the Barracuda Web Application Firewall, attending all the technical process of the company, from pre-sales meetings and Kick-off to deployment, customization and product support. I also taught trainings focused on SFCP (Sourcefire Certified Professional) Certification to customers and resellers.

- Network and Security Solutions- Specialist Aker Security Solution ( www.aker.com.br )

I was Support Analist of many services and tools, like this firewall, DNS, E-mail, VPN, quality of service (QoS), IDS and network security.After that I grow up to Network Administration at BRConnection.BRConnection is a company that supports Open Source solutions, where all computers using solutions and S.O Open Source, at the moment the most computers are using Centos and Debian.

Analist Support and responsible for linux at FIT ( Faculdade Impacta Tecnologia )

I deploy Sonicwall and Cisco Router in public schools. I participated the project MC Internet at MC Donald's.