Feb 2017 – Sep 2020 · 3 yrs 7 mos

• I was part of the Synack Red Team (SRT), which gives to some cybersecurity researchers across the globe a platform to do what they love and get paid for it. As a member of the SRT, I participated in security assessments for various organizations worldwide, performing penetration testing activities remotely. This involved analyzing IT systems and applications for potential vulnerabilities and contributing to security research within the platform.

May 2016 – Jul 2025 · 9 yrs 2 mos

• I was part of the Cobalt Core community, performing 100+ penetration testing engagements and reporting over 700 unique security vulnerabilities through the cobalt.io platform. Over these years, I conducted in-depth web, mobile, and infrastructure penetration tests for organizations across a wide range of industries, consistently delivering actionable findings that strengthened customers' IT security posture.

Jan 2016 – Present · 10 yrs 2 mos

Nov 2014 – Dec 2015 · 1 yr 1 mo

• I was part of the security consultancy team at Minded Security, where I performed several technical activities such as vulnerability assessment, security code review, and penetration testing of almost any kind of mobile and web application out there, mainly in the banking and financial industry. During the employment I also enjoyed doing some vulnerability research projects on certain open source software, discovering and reporting security issues in Concrete5, CakePHP, and MISP.

May 2013 – Apr 2014 · 11 mos

• I was part of the research team providing the vulnerability intelligence information powering all Secunia products. This involved monitoring several sources of vulnerability information, and verifying the validity of security reports through technical testing and communication with software vendors. Specialized in testing and assessment of vulnerabilities in web applications and virtual appliances. I also performed a security code review of Secunia CSI 7.0 before its launch on September 2013.

Apr 2012 – Apr 2012 · 0 mo

• I performed a security code review of SugarCRM Community Edition as part of my experimental thesis - which concerns web application security testing techniques - by using a customized white-box approach based on the OWASP testing methodology. As a result, I have identified around fifty security issues, which have been fixed in SugarCRM Community Edition versions 6.4.0, 6.4.3, and other commercial versions.

Jul 2007 – Apr 2013 · 5 yrs 9 mos

• During my graduation studies I tried to improve my technical knowledge in the computer security field, especially with regards to web application security. In my spare time I loved to hunt for security bugs in open source web applications. As a result, I've collected dozens of CVEs by discovering and reporting security issues in applications like Joomla, TikiWiki, WebCalendar, PmWiki, Zenphoto, phpMyFAQ, phpLDAPadmin, WeBid, Mantis Bug Tracker, phpScheduleIt, Coppermine, Docebo, CMS Made Simple and some others.