I co-lead the OWASP Lisbon Chapter, and our objective is to promote application security in Portugal through the engagement of the local community, meetings and events organization, and project participation.

On-demand (30 mins away) app for home services like repair, cleaning, and laundry.

DevNetwork produces many of the Bay area’s largest tech-focused conferences and hackathons, including DeveloperWeek, API World, Integrate, and DataWeekAs an Advisory Board Member, I help shape each conference’s content.

Acquired by Snyk.

International speaker and panel participant at security events, both on-site and remote.2024OWASP Lisboa meetup (Portugal) - Technical Challenges of Security Scanning in CI/CD2023API World (Santa Clara, CA) - Technical Challenges of Security Scanning in CI/CDDeveloper Week CloudX (San Mateo, CA) - Technical Challenges of Security Scanning in CI/CDC-Days (Portugal) - How we successfully built an AppSec team from scratchBoston Application Security Conference (Boston, MA) - How to scan at scale with OWASP ZAPInfoSec Finance Connect (San Diego, CA) - How we successfully built an AppSec team from scratch SnowFROC (Denver, CO) - How we successfully built an AppSec team from scratch Fundação Portuguesa das Comunicações (Portugal) - O Futuro da Segurança2022Open Security Summit (online) - Automation and scale with OWASP ZAPLASCON (Austin, TX) - How to scan at scale with OWASP ZAPBSides Krákow (Poland) - How to scan at scale with OWASP ZAPCyber & Cloud Expo (Portugal) - Ciberataque nas PME. A resiliência no novo normalPortugal Digital Summit (Portugal) - Cibersegurança aplicadaC-Days (Portugal) - Technical Challenges in Automated Security Testing2021VISSAIUM XXI - 6º Webinar - Prevenção Ativa na Cibersegurança e Privacidade2014Open Days Instituto Politécnico de Viana do Castelo - SAPO Development Security Best PracticesConfraria Security & IT - Is code review the solution?2013Confraria Security & IT - All your sites are belong to BurpBSides Lisbon - All your sites belong to Burp2012Iseltech'12 - Advanced SQL injection Attacks & Defenses2011Confraria Security & IT - SSL, HSTS and other stuff with two eSSesJust4Meeting - SSL: limitations, bad practices and how to do it rightCodebits V - SSL, or the Web's Pillar of Authentication and Confidentiality: Past, Present and Future (with Luís Grangeia)Confraria Security & IT - Advanced SQL Injection Attack & Defenses2010Codebits - Advanced SQL Injection (with Nuno Loureiro)

Lead web application and API penetration tester. For more details see https://app.cobalt.io/tmendo

Providing Information Security and Linux training in the following areas:- Linux basics: installation, configuration and usage- Network services, installation and configuration of email, web, proxy, NTP, DNS, DHCP, fileshare and LDAP- Network security: architecture, cryptography, firewalls, IDS/IPS (snort), SSL, IPSec, VPN, honeypots and hardening.

- Auditing the security of SAPO web portal and web applications;- Write and maintain guidelines for secure programming;- Providing security guidance during web applications development life cycle;- Providing security guidance for Operations Security;- Training users and developers to follow and understand good security practices;- Developing scanners and tools to aid in the auditing process, specifically detection and validation of vulnerabilities;- Organizing the Codebits Security CTF

- Auditing applications, systems and networks for security problems- Developing network traffic analysis tools for automatically detecting and monitoring network assets, and the relationships between them- Developing a country-wide network of honeypots for malware collection and analysis, with the objective of quickly reacting to malware outbreaks, with more than 60 honeypots- Tutoring an intern in a project of Automatic Discovery, Characterization and Classification of Technical and Functional Architectures in Enterprise Networks.- Developing an application capable of detecting business application transactions through the analysis and reverse engineering of network traffic- Developing tools capable of automatically detecting system vulnerabilities and security policy violations