Nubank stands out as a leading fintech in Latin America, offering innovative and accessible digital financial services such as credit cards, digital accounts, and investments. With a strong focus on customer experience, it redefines how people engage with banking.Responsible for leading the Vulnerability and Threat Emulation unit, comprehending Offensive Security and Vulnerability Management teams.• Leading real-world attack simulations (Red Team engagements), identifying critical vulnerabilities in high-risk areas and improving Nubank’s resilience against sophisticated cyber threats;• Implementing a risk-based vulnerability management approach, translating technical vulnerabilities into business risks to guide strategic decision-making and prioritize remediation efforts;• Automating repetitive vulnerability management processes, increasing efficiency and reducing manual workload, allowing the team to focus on high-impact security tasks;• Integrating market algorithms, such as CISA KEV and EPSS, to prioritize vulnerabilities based on risk and real-world exploitability, optimizing the team's focus on the most critical threats;• Promoting seamless collaboration between Vulnerability and Threat Emulation teams and other security groups, resulting in more effective threat responses and stronger alignment with company-wide security initiatives.

Responsible for managing Nubank's Offensive Security team, proactively hunting potential security threats by simulating real-world attacks.• Building and structuring the team and testing methodology to ensure 100% of Nubank's most critical products are tested before public launch, significantly enhancing the security of features delivered to our clients;• Leading Red Team engagements to simulate adversaries targeting institutions like Nubank, helping assess and improve our security operations' preparedness for cyber attacks;• Creating collaborative interactions with defense teams through Red Team engagements, fostering knowledge-sharing and improving response strategies to real-world threats;• Translating technical issues and vulnerabilities into business risks, enabling informed decision-making across the company;• Aligning the Offensive Security team's goals with company priorities, ensuring we drive impact and support key business initiatives.

• Executing offensive security tests and assessments to identify vulnerabilities and potential risks across Nubank's infrastructure and applications;• Conducting thorough assessments on IT infrastructure and web applications to ensure security weaknesses are proactively addressed before exploitation;• Taking part in Red Team engagements to simulate real-world adversarial attacks, improving the company's readiness to detect and respond to cyber threats;• Collaborating closely with other information security teams, fostering cross-functional communication and strengthening our overall security posture;• Revamping processes and documentation to enhance the team's efficiency, allowing greater focus on technical tasks and higher impact on key security initiatives.

• Performing offensive security tests and assessments to identify vulnerabilities in infrastructure and applications;• Assessing IT infrastructure and web applications for potential security issues;• Participating in Red Team exercises to simulate cyber attacks and evaluate response capabilities;• Collaborating with other security teams to share insights and strengthen overall defense;• Assisting in improving processes and documentation to streamline team workflows and focus on technical tasks.

- Responsible for performing penetration tests and security assessments as a senior consultant of EY's team;- Leading and guiding consultants and trainees on penetration testing and security projects; - Technically leading penetration testing projects;- Managing small to medium project teams; - Being responsible for maintaining contact with the clients to understand any eventual technical need; - Preparing materials (deliverables) to the clients using the results obtained during the tests;- Results presentation to both technical and business areas.

Responsible for executing penetration tests (pentest) and also evaluating the Information Security maturity of clients from different sectors (among them, services, banks, industries, telecommunications, etc.).Additionally, responsible for activities such as:- Elaboration and execution of phishing campaigns;- Elaboration and revision of technical reports, presenting test results, and indicating identified improvement points;- Interface between the technical area and the business areas, serving both according to their priorities, in order to seek the best result for the projects.

During this experience, the main tasks performed were:- Treatment and management of Unix-related incidents;- Installation and configuration of Unix/Linux servers (end-to-end deployment);- Patches deployment;- Execution of changes;- Decommissioning of servers.Main operating systems supported: HPUX; AIX; Solaris; RedHat Enterprise Linux (RHEL); Suse.

Job rotation through all the IT areas of the company, getting to know the end to end IT Outsourcing flow. The rotation itself was divided into three stages, namely: 1. Management and processes areas;2. Technical (operation) areas; 3. Project management areas.After the end of the period inside each team, a presentation was made to the internship leaders in order to demonstrate the absorbed knowledge, propose new ideas and aim to address existing improvement points. The experience ended with the definitive allocation to a specific area - among those I passed during the rotation.

Apprentice to the network and network security teams, working with a few work fronts such as:- Experience with incident management tools (HP Service Manager, Remedy, OM9);- Network monitoring and validation of proactive alarms;- Support to level 1 calls/problems;- Generation of management and operational reports;- Creation of an initiative to spread relevant information throughout the Network teams (Network Journal).