Sep 2025 – Present · 8 mos · Remote · Remote

Sep 2024 – Present · 1 yr 8 mos · Remote

• I focus on advancing our vision, building strategic partnerships, and ensuring our training programs are cutting-edge.
• I lead a talented team, ensuring we deliver impactful education while growing our presence in the tech world. We are always thinking ahead and aiming higher.

Oct 2023 – Oct 2024 · 1 yr · remote · Remote

Jun 2023 – Aug 2025 · 2 yrs 2 mos · Remote

• At 42Crunch, my main responsibilities included leading the design and implementation of secure product architecture. The focus was on embedding a security-by-design approach, especially for APIs, with an emphasis on Python-based development.
• My expertise in Python played a pivotal role in enhancing the security and performance of our APIs. My commitment to mentoring also fostered an environment that promoted learning and growth in Python coding and API security.
• I worked diligently to ensure our product was adaptable and client-responsive, underpinned by the fail-fast principle. The combination of easy deployment via container technology and the flexibility provided by an event-driven architecture enabled us to deliver a secure, scalable, and robust product.

May 2023 – Aug 2023 · 3 mos · remote · Remote

Feb 2023 – Nov 2023 · 9 mos · remote · Remote

Oct 2021 – Feb 2023 · 1 yr 4 mos · Remote

• At 42Crunch, I mainly did the following:
• Led, designed, defined the life cycle and the architecture of a new company product.
• Co-creating the project code.
• Improved python code
• Mentoring
• The goal ideas behind the new product were:
• We applied the old-new pipelining UNIX concept to split complex software into fast, efficient, easy-to-maintain, and decoupled pieces. A well-known idea but not usually used in typical data-based applications.
• They're a startup. They depend on their clients and need to move change quickly. So, we created the product following the fail-fast concepts.
• Easy deployment based on containers.
• Event-driven architecture.
• Scalable and distributed plugin system.
• Security by design environment.

Feb 2021 – Sep 2022 · 1 yr 7 mos · Remote

• I designed and created the complete backend and the architecture for the real-time video-sharing platform.
• Goals: scale at millions of users by design, with the most cost-efficiency possible, having strong privacy and security controls and measures.
• Google Cloud Platform and its services were used for real-time content distribution. One of the requirements was service speed and avoiding waiting times. So architecture has been developed to be event-driven.
• A big challenge was the data model. It should be fast, efficient, and reliable. I achieved them by optimizing the database motor to be as fast as the engine could run and performing some tricks in the data model.
• To complement the platform, we also designed a real-time recommendation engine. The big challenge then was the generation of good recommendations with a low system footprint.

Dec 2017 – Dec 2018 · 1 yr · Santander y alrededores, España

Dec 2016 – Aug 2021 · 4 yrs 8 mos · Hybrid

• I authored, co-authored, or led many influential projects and initiatives.
• As part of my position, I also was talking with other Bank departments. I was listening for their needs and tried to understand the need to improve their security and development life cycle: avoiding security was a stopper.
• I was lucky to work with a successful team.
• We research with edge technologies and test the latest products and solutions of well-known providers and manufacturers, some of them:
• Rancher Labs (acquired by Suse): Beta-testing.
• Amazon AWS: Security research of AWS Lambdas. S3 Buckets security exposure and privacy.
• Google Cloud: Security research of Google Cloud Functions. Cloud Storage security exposure and privacy.
• Docker: Image security on Registries.
• OWASP: Contributing with new projects and ideas.
• NIST: Sharing internal research and investigations.
• We researched how to improve security and scalability in the development process by creating new Open Source software when we didn't find a public solution for that problem:
• DeepTracy: Vulnerabilities in Software dependencies. We released 2 Open Source projects to manage them (before GitHub did it).
• S3 Buckets security checking using a black-box approach.
• API Check: a toolset for testing REST APIs
• Patton: a platform for identifying software vulnerabilities using fuzzy logic algorithms.
• WafBrain: a real-time WAF based on deep learning.
• GitSec: a secrets and private information identification on a Git repository (released before GitHub did it).
• DockerFile Security Checker: static security analyzer for Dockerfiles based on a rule system.
• Redis Security Map: an anti-hacking framework for Redis databases.
• Tarkin: a real-time security anomaly detector.
• MIST: a high-level programming language for defining security execution workflows quickly.
• Masquerade: high-performance, real-time, multi-location data obfuscation tool.
• All of these projects are at the GitHub's BBVA

Mar 2016 – Dec 2016 · 9 mos · Hybrid

• I joined BBVA Innovation Labs as a security researcher.
• My role was to research about security development cycle on complex systems:
• Research security best practices for source code in different programming languages: Scale, Java, Go, Javascript, NodeJS, Python, Erlang, or Elixir.
• Research security about Continuous integration/deployment systems. Create best security practices.
• Research and create best security practices for architectures based on micro-services, CQRS, or actors models.
• Research and create security best practices for the high-scalability ecosystem with many pieces and services: services discovering and sharing information throw a broker, multi-cloud deployment, many types of databases (SQL, NoSQL, or Tabular databases), and related.
• I gave recommendations for defense services and architectures from hacking attacks.

Oct 2015 – May 2021 · 5 yrs 7 mos · Madrid

Jun 2015 – Sep 2017 · 2 yrs 3 mos · Madrid Area, Spain

• Coordination training and security consulting.
• I'm also the instructor of Python and safety courses offered by the company.

Jul 2014 – Jun 2015 · 11 mos · Madrid, Community of Madrid, Spain · On-site

• Security analysis and find security solutions.
• Penetrations testing supervision.
• Security controls and solutions recommendations.
• Security evangelist.

Oct 2012 – Jun 2014 · 1 yr 8 mos · Madrid Area, Spain

• Security analysis, identification of vulnerabilities and threats.
• Security audit and system penetration tests.
• Documentation of results, defining Scopes testing and qualification levels of criticality.
• Recommendations for securing and defense systems.
• Security courses and trainings.

Sep 2012 – Oct 2012 · 1 mo · Madrid Area, Spain

• Security analysis, identification of vulnerabilities and threats.
• Security audit and system penetration tests.
• Documentation of results, defining Scopes testing and qualification levels of criticality.
• Recommendations for securing and defense systems.
• Security courses and trainings.

Jan 2011 – Sep 2012 · 1 yr 8 mos

• Security audits and pentesting over web services, communication systems and platforms.

Oct 2008 – Sep 2011 · 2 yrs 11 mos · Madrid, Community of Madrid, Spain · On-site

• Security analysis, identification of vulnerabilities and threats over internal networks and services of Telefonica.
• Security studies of communication protocols.
• Development of security tools for testing certain protocols (RADIUS, IGMP).