I have always been in love with technology and computers, building my own home servers and websites at an early age, and feeling thrilled with hacker movies.
Since then, I have always looked forward to thinking out of the box and being able to foresee and identify the weak points of all the technologies we use.
In order to do so, I began my journey by studying the Computer Science Degree at Universitat Politècnica de Catalunya (FIB), and later on the CyberSecurity Management Master at UPC School.
I have worked as a Security Engineer in several companies, where I have been able to learn how to perform Penetration tests and Source Code Reviews to all kinds of applications (Web, Mobile, API, IoT), with a particular interest in Mobile Applications and Banking / eCommerce.
My interests have always involved cybersecurity at all levels, from Application Pentesting and Ethical Hacking to regulation compliance, and how it may impact on new emerging technologies. This passion has led me to not only enjoy the work that I do but also to always keep learning with conferences, CTFs, and certifications such as OSCP, OSWE, CCSK, AZ-500.
Explore my professional history and get to know the companies I worked at and the roles and responsibilities I had.
In 2020 I joined the Application Security team of Coca-Cola Europacific Partners.
Short after joining and understanding the current process they had for Third Party Security Assessments and Web & API vulnerability scans, I helped them enlarge their skillset and capabilities by creating the Security Standards and Methodologies to carry out Mobile Application security assessments.
I also took part in creating the long-term security project we have with our main e-commerce, the European Customer Portal, where we have helped its developers to enhance their overall security in all possible parts of their SDLC.
Within the responsibilities, the main focus is on:
• Compliance and application of security standards company-wide
• Career path development and guidance of the team members
• Web, Mobile, IoT and API's application vulnerability assessments and penetration testing
• Cloud Platforms Security Assessments (Azure/Salesforce)
• Engaging with developers to improve their SSDLC
In 2018 I joined the Applus+ Laboratories Mobile Security Team, where I was able to increase my expertise on Mobile Application security assessments, principally with Bank Payment and Host Card Emulation (HCE) applications that had to be certified as compliant with EMV (Europay Mastercard Visa) or Common Criteria security standards.
Later on, in 2019, I also accepted the challenge to lead the Security Tooling Program.
With this new role, I was able to help them coordinate and balance the workload of the ongoing developments, Architecture and Design new security solutions, and supervise the development of security tools to carry out security assessments internally and automate security processes externally on several clients.
In 2017 I joined the Wise Security Global security team, where I was able to perform all kinds of security assessments.
Although the main focus were Web and Mobile (iOS & Android) penetration tests, I also had the opportunity to take part in some Red Team exercises, Wi-Fi audits, and wearable pentests, amongst others.
I also developed my master thesis there, a solution to help security engineers to report their findings in a more professional, coherent and efficient way.
In 2016 whilst finishing my degree, I had the opportunity to work as a Security Analyst at inLab FIB, part of the Spanish CERT (esCERT).
There I made my first steps as a Penetration Tester by assessing the security of servers, websites and different solutions across all Universitat Politècnica de Catalunya (UPC).
I also had the chance to develop a solution to help all University departments to be able to configure automated security assessments to all their servers and services in an easy way, so that they could not be exposed to vulnerabilities during long periods of time until the next assessment from inLab Security Department, which ended up becoming my degree thesis:
• CoSA (https://inlab.fib.upc.edu/en/cosa-audit-services-suite)
See some of the certifications I have achieved so far.
See where I spent time studying and gained early knowledge to prepare for my professional life.
Get in touch with me if you would like to do business together, share an idea or just say hello.