Senior Cybersecurity Consultant, currently working on https://hackedalert.com.
I have over 15 years of experience leading technical teams (development, cybersecurity, pentesting and ethical hacking), as well as managing and delivering technology projects for companies in various industries and countries.
Ability to transform business needs into work requirements, operating as a strategic link between management, service delivery, and technical areas.
In this journey, I have worked as Cybersecurity Manager, Technical Leader (Senior Pentester), Red Teamer, Pentester and Ethical Hacker.
Likewise, I have had the challenge of devising, designing, drafting and implementing Secure Development Guides, and Cybersecurity Plans for various companies in my country (Chile), for compliance with NIST, PCI, HIPPA, ISO, DevOps and DevSecOps.
| Vulnerability | ID | URL |
|---|---|---|
| Remote Code Execution (RCE) | CVE-2020-10682 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10682 |
| Stored Cross-site Scripting (S-XSS) | CVE-2020-10681 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10681 |
| DoS, RCE, LFI, HTML injection, etc. | CVE-2020-29441 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29441 |
| Stored Cross-site Scripting (S-XSS) | CVE-2019-15891 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15891 |
| Stored Cross-site Scripting (S-XSS) | CVE-2019-15862 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-15862 |
| Cross-site Scripting Reflected (R-XSS) | CVE-2020-8788 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8788 |
- Bug Bounty: I hunt and chain bugs in a flow 100% hands-on, wandering on public and private programs of HackerOne, Bugcrowd, Intigriti, Zerocopter and others.
- Malware Development: I code malware using Go and C#. Focus: sandbox detection/evasion, persistence, exfiltration, and C2 untraceability. Just for educational purposes ✌️
- Hacking Tools: Python is my favorite programming language for exploit development and scripting. I can spend a lot of hours programming... 🤖🐍
| Soft Skills | Hard Skills |
|---|---|
| Leadership and Team Management: The ability to motivate, direct, and develop a team of cybersecurity professionals. This includes setting clear objectives, delegating tasks efficiently, and fostering a collaborative work environment and continuous learning. | Advanced Knowledge in Cybersecurity: A deep understanding of current trends in cybersecurity, best practices, security frameworks (such as ISO 27001, NIST, etc.), and relevant legislation. |
| Communication and Negotiation: Skill in effectively communicating with different stakeholders, including executive management, technical teams, and clients. This also involves negotiation skills to manage expectations, resolve conflicts, and align security objectives with business goals. | Project Management and Security Strategy: Ability to plan, execute, and oversee cybersecurity and software development projects. This includes the capacity to develop and implement a comprehensive security strategy encompassing risk assessment, mitigation, incident response, and recovery. |
| Problem-Solving: Ability to identify, analyze, and solve complex problems. | Programming and Scripting: Knowledge and experience in programming languages such as Python, C#, Golang, PHP, and JavaScript. |
| Effective Communication: Skill in clearly and understandably communicating technical information to non-technical individuals, such as stakeholders or end-users. | Vulnerability Assessment and System Penetration: Identification and exploitation of vulnerabilities in systems and applications. |
| Teamwork and Collaboration: Working in multidisciplinary teams, collaborating effectively with colleagues from different areas and levels of expertise. | Technical Report Generation: Documentation of findings, processes, and recommendations in a clear and detailed manner. |
| Analytical Thinking: Ability to analyze data and trends to identify patterns and potential security threats. | Networks and System Security: Solid knowledge in network configuration, protocols, and security in operating systems. Use of Security Tools and Analysis: Familiarity with a variety of specific cybersecurity tools. |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent