About
I have always been in love with technology and computers, building my own home servers and websites at an early age, and feeling thrilled with hacker movies.
Since then, I have always looked forward to thinking out of the box and being able to foresee and identify the weak points of all the technologies we use.
Lead Security Engineer
In order to do so, I began my journey by studying the Computer Science Degree at Universitat Politècnica de Catalunya (FIB), and later on the CyberSecurity Management Master at UPC School.
I have worked as a Security Engineer in several companies, where I have been able to perform Penetration tests and Source Code Reviews on all kinds of application s (Web, Mobile, API, IoT, ...), helping establish Red Team capabilities or leading their Application Security programs to implement a Secure SDLC.
- Degree: MSc in CyberSecurity Management
- Degree: BSc in Computer Science
- Passions: Home automation, Homelabs, ...
- Hobbies: Sports, Music, Reading, Nature, ...
- Sports: Surf, Snowboard, Climbing, Hiking, ...
- Recently Read: Indistractable (Nir Eyal)
My interests have always involved cybersecurity at all levels, from Application Security and Ethical Hacking to Risk Management, and how it may impact new emerging technologies.
This passion has led me to not only enjoy the work that I do but also to always keep learning through security conferences, CTFs, and certifications such as CISSP, OSCP, OSWE, CCSK, AZ-500.
Certifications
Resume
Sumary
Carles Llobet
Innovative and deadline-driven Security Engineer with 7+ years of experience securing and hardening PII-sensitive applications from initial concept / architecture design to final deployments.
Education
Cybersecurity Management Master
2017 - 2018
UPC School (Universitat Politècnica de Catalunya)
Computer Science Engineering Degree
2013 - 2017
Universitat Politècnica de Catalunya
Certifications
Offensive Security Experienced Pentester (OSEP)
Ongoing
Offensive Security
Certified Information Systems Security Professional (CISSP)
Aug 2024
ISC2
Offensive Security Web Expert (OSWE)
Apr 2021
Offensive Security
Certificate of Cloud Security Knowledge (CCSKv4)
Jan 2021
Cloud Security Alliance (CSA)
Azure Security Engineer Associate (AZ-500)
Dec 2020
Microsoft
Offensive Security Certified Professional (OSCP)
Jul 2020
Offensive Security
Azure Fundamentals (AZ-900)
Feb 2020
Microsoft
Cybersecurity Fundamentals Certificate (CSX)
Mar 2018
ISACA
Professional Experience
Lead Security Engineer
Mar 2022 - Present
Personio
I joined Personio with the challenge of helping set up the pillars of the security team from scratch in order to prepare their overall security posture for IPO.Thrilled to join an industry-leading HR company in hypergrowth, I've been helping secure Personio at all levels, from fine-tuning our AWS security polices or rebuilding the company Security Awareness program, to working hand in hand with our Dev Engineering teams.
Application Security Manager
Jan 2020 - Mar 2022
Coca-Cola Europacific Partners
I joined the Application Security team of Coca-Cola Europacific Partners as a Cybersecurity Manager for a team of 8 people.Short after joining and understanding the current process they had for Third Party Security Assessments and Web and API vulnerability scans, I helped them enlarge their skillset and capabilities by creating the Security Standards and Methodologies to carry out Mobile Application security assessments.
I also took part to create the long-term security project we have with our main e-commerce, where we have helped its developers to enhance their overall security in all possible parts of their SDLC.
Within my responsibilities, the main focus was on:
- Compliance and application of security standards company-wide
- Career path development and guidance of the team members
- Web, Mobile, IoT and API's application vulnerability assessment and penetration testing
- Cloud Platforms Security Assessments (Azure/Salesforce/...)
- Engaging with developers to improve their SSDLC
Security Engineer & Security Tooling Program Manager
Mar 2019 - Jan 2020
Applus+ Laboratories
I joined the Applus+ Laboratories Mobile Security Team, where I was able to increase my expertise on Mobile Application security assessments, principally to Bank Payment and Host Card Emulation (HCE) applications that had to be certified as compliant with EMV (Europay Mastercard Visa) or Common Criteria security standards.In 2019 I also accepted the challenge to lead the Security Tooling Program.
With this new role, I was able to help them coordinate and balance the workload of the ongoing developments, Architecture and Design new security solutions, and supervise the development of security tools to carry out security assessments internally and automate security processes externally on several clients.
Security Analyst
Mar 2017 - Jun 2018
Wise Security Global
Upon joining Wise Security Global security team, I was able to perform all kinds of security assessments.Although the main focus was on Web and Mobile (iOS & Android) penetration tests, I also had the opportunity to take part in some Red Team exercises, Wi-Fi audits, and wearable pentests, amongst others.
I also developed there my master thesis, a solution to help security engineers to report their findings in a more professional, coherent and efficient way.
Security Analyst
Mar 2017 - Jun 2018
esCERT UPC - inLab FIB
Whilst finishing my Computer Science degree, I had the opportunity to work as a Security Analyst at inLab FIB, part of the Spanish CERT (esCERT).There I made my first steps as a Penetration Tester by assessing the security of servers, websites and different solutions across all Universitat Politècnica de Catalunya (UPC).
I also had the chance to develop a solution to help all University departments to be able to configure automated security assessments to all their servers and services in an easy way, so that they could not be exposed to vulnerabilities during long periods of time until the next assessment from inLab Security Department, which ended up becoming my degree thesis:
Services
Ethical Hacking
Holding various offensive security certifications and with professional experience as a lead penetration tester, I can work as an Ethical Hacker, finding vulnerabilities in your application before the bad guys do.
During my previous professional experience, I have developed and applied a pentesting methodology in many international, publicly traded companies.
Application Security
Finding vulnerabilities is not the end of the story. You need to manage them, helping development teams ensure the fix they deploy is not bypassable and that it is deployed in a timely manner according to your vulnerability management program.
With experience in a variety of frameworks and programming languages, I will make sure improvements made to your application are as robust as they can be.
DevSecOps (SSDLC)
Manual work does not scale. That is why it is important to shift left security, adding security wherever necessary without slowing development and using automation whenever possible.
SCA, SAST, DAST, Code Review and Threat Modelling are some of the buzzwords I work with.
Security Awareness
Security needs to be business aware, being an enabler instead of a blocker.
I enjoy technical work, but I also enjoy making meaningful changes in companies.
To achieve the latter, it is essential to have a human approach, justifying your decisions and educating users on the way to get them to see security as a benefit instead of a toll.
Blog
- All
- Cybersecurity
- Home Automation
- Others
Contact
Get in touch!
Location:
Vilassar de Mar, Barcelona - Spain (08340)
Email:
carles @ carlesllobet.com
🔐 You can grab my public key here:
DA27 4065 4080 401C 72C7 8F98 3469 9C9F 68A8 807C