Jun 2018 – Apr 2019 · 10 mos

• Providing security analysis for the Cryptomove product implementation and market with a special focus on IoT and SmartCity projects.

Jan 2018 – Present · 8 yrs 3 mos

• Leading a specialized unit focused on advanced technical support for corporate and personal security. Specialization: Electronic personal protection, digital clean-up, and evidence collection for law firms. Impact: Developed proprietary AI tools for object/person detection and audio forensics to expedite complex investigations. Service: Facilitated the unmasking of anonymous attackers and successfully managed cyber-extortion containment for prominent figures.

Apr 2017 – Jan 2024 · 6 yrs 9 mos · Philadelphia, PA, USA · Remote

• Pioneering the intersection of AI and security. Developed frameworks for AI security and ethics, ensuring that complex automated agents remain within "Intent-phase" boundaries. Applying AI-driven analysis to digital forensics, allowing for the processing of massive datasets to find "the needle in the haystack" for legal discovery.

Dec 2015 – May 2016 · 5 mos

• Security research and analysis for home cyber security solutions.

Sep 2015 – Dec 2017 · 2 yrs 3 mos

• http://www.veracode.com/blog

Sep 2015 – Dec 2017 · 2 yrs 3 mos

• Provide security analysis for the Prospus products and advise in company decisions.

Jan 2015 – Jan 2016 · 1 yr

• http://www.signalsciences.com

Nov 2014 – Jan 2018 · 3 yrs 2 mos

• Research and commercialize security metrics and analysis techniques.

Apr 2014 – Dec 2023 · 9 yrs 8 mos · Ankara, Turkey

• Provide security analysis for the Picus product and advise on company decisions.

Jan 2006 – Jan 2008 · 2 yrs · Barcelona Area, Spain

• Taught Business Information Security for the MBA program

Jan 2003 – Jan 2009 · 6 yrs · Barcelona Area, Spain

• Professor of Information Security teaching penetration testing and security analysis.

Jan 2001 – Present · 25 yrs 3 mos · Barcelona

• As the co-founder and Managing Director of this global security research organization, I lead the development of the methodologies used by governments and elite security teams worldwide to quantify and manage risk. My work centers on solving "unsolvable" security problems by applying the laws of physics and information theory to digital environments.
• Methodology Architect: Created and maintain the OSSTMM, the world’s most trusted standard for scientific security testing. This framework provides the mathematical rigour I use to ensure evidence collected in private cases is immutable and defensible.
• Global Influence: Manage a community of 10,000+ security professionals and oversee the gold-standard certifications for professional hacking, trust analysis, and security testing.
• Elite Problem Solving: Lead ISECOM’s specialized consulting wing for high-profile private research initiatives. I am frequently brought in by corporations and law firms to handle complex "gray-hat" scenarios, deep-dive investigations, and sophisticated threat unmasking.
• Specialized Training: Serve as a subject matter expert and trainer for internal seminars at Fortune 500 companies, focusing on the physics of persistence and advanced investigative techniques.
• Content Authority: Oversee the creation of Hacker Highschool and other educational initiatives, ensuring that the next generation of analysts understands the "Narrative" and "Force" of security interactions.

Nov 1997 – Jan 1999 · 1 yr 2 mos · Mannheim and Heidelberg, Germany

• Original member of the first EMEA Ethical Hacking team under the E-security department. Daily work consisted of penetration testing, ethical hacking, and managing clients. Responsibilities consisted of managing the emergency line and travelling throughout EMEA and the USA to handle a client's security crisis.