Aug 2021 – May 2022 · 9 mos · Belo Horizonte, Minas Gerais, Brazil

• Sponsored the project to revamp IBM QRadar. As IC6, acted as a consultant, defining roadmap and validating tasks. Project enhanced capabilities and monitoring.
• Defined EDR system specifications, wrote RFC, and ensured successful purchase. Left before deployment, but received positive feedback.
• Identified IAM gaps in scripts/manual tasks, posing vulnerabilities. Researched IAM tools, created RFC, involved vendors, and initiated procurement. Deployment was in progress by the time I left the company.
• Led Cemig's team in "Guardião Cibernético," a cybersecurity event with CTF. Despite being the first time, achieved 3rd place, showcasing team competence.
• Conducted successful POC with Imperva to protect legacy and new web tools. Solution acquired and deployed after my departure.
• Revamped CSIRT post-ransomware, integrating GRC, SOC, NSPT, NOC, and IT Infrastructure teams through MS Teams, Planner, and strategic meetings. Effectively coordinated a task force of 15 individuals, overseeing and driving over 10 concurrent security projects to successful completion.

Sep 2019 – Aug 2021 · 1 yr 11 mos · Belo Horizonte, Minas Gerais, Brazil

• NSOC was split and I remained as SOC Tech Manager.
• Sought SIEM development, mentored and promoted personnel. Enhanced SIEM over 8 months, shared lessons at CERT.br, and received positive feedback and presentation invitations.
• Addressed VPN stability issues post-firewall migration amid COVID-19 remote work surge. Collaborated with technical staff, identified root cause, and resolved efficiently, with 5x more tunnels and faster than previously.
• Acted as sponsor and consultant in the NAC project. Disabled unused ports, enforced MAC limits, and enabled DHCP spoofing. Improved visibility and access control.
• Designed and led the project to revamp web proxy rules using role-based access control. Successfully reduced tickets by 60% and inspired additional improvements.
• Managed team challenges post-split, handling job stability concerns. Addressed personnel issues, achieved success with new SIEM champion, and maintained team excellence especially in DFIR matters.
• Responded to a December 25, 2020, ransomware attack at Cemig, involving 3K devices. SOC led root cause discovery amid challenges.

Jun 2017 – Aug 2019 · 2 yrs 2 mos · Belo Horizonte, Minas Gerais, Brazil

• Directing my career to a more technical area, I had the opportunity to lead Cemig's Network and Security Operations Center.
• Revamped team alignment, improved documentation, and enhanced collaboration with other departments. Increased efficiency and satisfaction. Got metrics to promote internally the team: Average of 800 alerts handled per month and 3500 devices under management.
• Led successful deployment of IBM QRadar, enhancing security monitoring capabilities by sponsoring the ingestion of logs from all Infosec tools and designing the SOC's first integrated monitoring dashboards.
• Implemented NetBox for IPAM needs, enhancing search capabilities across network diagrams. Coded the netbox-scanner, an integration between Nmap and NetBox to autofill some subnets.
• Supported the antivirus solution change with technical consulting, decision-making, and compliance alignment, ensuring smooth migration. Roughly 10 thousand endpoints were migrated (servers and workstations) with no compliance issues for SOx.
• Enhanced team engagement by addressing recognition issues, relieving NOC burden, and refining on-call procedures. Revamped documentation practices, reducing turnover ramp-up time significantly.
• Showcased Cemig's Network and Security operations at the 7th Brazilian CSIRT Forum, solidifying ties with CERT.br and gaining official listing.

May 2013 – May 2017 · 4 yrs · Belo Horizonte, Minas Gerais, Brazil

• Cemig operates across diverse energy sectors, with over 10,000 employees and serving around 9 million people. Here, I debuted in Information Security working with the GRC team.
• Established CSIRT at Cemig, aligning with RFC 2350 and establishing DFIR basics. Led creation, defined team's scope, and facilitated constituent engagement. Effectively managed incidents, including Wannacry.
• Led "Smart Grid" cybersecurity project, collaborating with engineering teams, researching key standards, and expanding GRC team's influence in ICS.
• Showcased CSIRT Cemig at 3rd Fórum Brasileiro de CSIRT, introducing ICS concepts and vision, leading to integration with CERT.br and Honeytarg project invite.
• Joined the Honeytarg, a Global Honeynet Project chapter, putting Cemig in evidence for CERT.br. I also coded the analytics for the honeypot, a system that proved useful during the Wannacry surge.
• Revamped and linked the Incident Response and Vulnerability Management process to streamline the integration with the rest of IT. It led to 100% more security incidents opened and 80% less time to fix known vulnerabilities.

Aug 2012 – May 2013 · 9 mos · Belo Horizonte Area, Brazil · On-site

• In my role at SEMAD, overseeing the natural resources and environment for Minas Gerais, I took charge of a sophisticated IT infrastructure. Through initiatives like asset inventory, firewall rule mapping, server management, and implementing IPAM and monitoring systems, I enhanced IT asset organization, minimized downtime, bolstered cybersecurity, and mitigated the impact of turnovers.

Mar 2007 – Mar 2012 · 5 yrs · Barbacena, Minas Gerais, Brazil · On-site

• In my first professional experience, I established the IT department at Pró-Renal, a relevant dialysis clinic in Minas Gerais. Building the entire IT infrastructure, from policies to network implementation, I led initiatives enhancing document digitalization, operational efficiency, and internet integration with external entities. The projects significantly reduced operational time and costs, validating technology investments. Even after departing, I continued managing web applications (email and homepage) as a freelancer due to a positive relationship with the board.