Carles Llobet

Security Engineer

More

Carles's bio

I have always been in love with technology and computers, building my own home servers and websites at an early age, and feeling thrilled with hacker movies.
Since then, I have always looked forward to thinking out of the box and being able to foresee and identify the weak points of all the technologies we use.

In order to do so, I began my journey by studying the Computer Science Degree at Universitat Politècnica de Catalunya (FIB), and later on the CyberSecurity Management Master at UPC School.

I have worked as a Security Engineer in several companies, where I have been able to learn how to perform Penetration tests and Source Code Reviews to all kinds of applications (Web, Mobile, API, IoT), with a particular interest in Mobile Applications and Banking / eCommerce.

My interests have always involved cybersecurity at all levels, from Application Pentesting and Ethical Hacking to regulation compliance, and how it may impact on new emerging technologies. This passion has led me to not only enjoy the work that I do but also to always keep learning with conferences, CTFs, and certifications such as OSCP, OSWE, CCSK, AZ-500.

Current Experience

Explore my professional history and get to know the companies I worked at and the roles and responsibilities I had.

Jan 2020 - Current

Application Security Manager

Coca-Cola Europacific Partners

Jun 2018 - Jan 2020

Security Engineer

Applus+ Laboratories

Mar 2017 - Jun 2018

Security Analyst

Wise Security Global

Feb 2016 - Mar 2017

Security Analyst

inLab FIB

Application Security Manager

Coca-Cola Europacific Partners

In 2020 I joined the Application Security team of Coca-Cola Europacific Partners.
Short after joining and understanding the current process they had for Third Party Security Assessments and Web & API vulnerability scans, I helped them enlarge their skillset and capabilities by creating the Security Standards and Methodologies to carry out Mobile Application security assessments.
I also took part in creating the long-term security project we have with our main e-commerce, the European Customer Portal, where we have helped its developers to enhance their overall security in all possible parts of their SDLC.

Within the responsibilities, the main focus is on:
 • Compliance and application of security standards company-wide
 • Career path development and guidance of the team members
 • Web, Mobile, IoT and API's application vulnerability assessments and penetration testing
 • Cloud Platforms Security Assessments (Azure/Salesforce)
 • Engaging with developers to improve their SSDLC

Security Engineer

Applus+ Laboratories

In 2018 I joined the Applus+ Laboratories Mobile Security Team, where I was able to increase my expertise on Mobile Application security assessments, principally with Bank Payment and Host Card Emulation (HCE) applications that had to be certified as compliant with EMV (Europay Mastercard Visa) or Common Criteria security standards.

Later on, in 2019, I also accepted the challenge to lead the Security Tooling Program.
With this new role, I was able to help them coordinate and balance the workload of the ongoing developments, Architecture and Design new security solutions, and supervise the development of security tools to carry out security assessments internally and automate security processes externally on several clients.

Security Engineer

Wise Security Global

In 2017 I joined the Wise Security Global security team, where I was able to perform all kinds of security assessments.
Although the main focus were Web and Mobile (iOS & Android) penetration tests, I also had the opportunity to take part in some Red Team exercises, Wi-Fi audits, and wearable pentests, amongst others.
I also developed my master thesis there, a solution to help security engineers to report their findings in a more professional, coherent and efficient way.

Internship

inLab FIB

In 2016 whilst finishing my degree, I had the opportunity to work as a Security Analyst at inLab FIB, part of the Spanish CERT (esCERT).
There I made my first steps as a Penetration Tester by assessing the security of servers, websites and different solutions across all Universitat Politècnica de Catalunya (UPC).
I also had the chance to develop a solution to help all University departments to be able to configure automated security assessments to all their servers and services in an easy way, so that they could not be exposed to vulnerabilities during long periods of time until the next assessment from inLab Security Department, which ended up becoming my degree thesis:
 • CoSA (https://inlab.fib.upc.edu/en/cosa-audit-services-suite)

Certifications

See some of the certifications I have achieved so far.

Offensive Security Experienced Penetration Tester (OSEP)

Offensive Security

Mar 2022 Credential ID: Pending Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced penetration tests against mature organizations with an established security function.
As a general rule, it will not specifically deal with the act of evading a blue team but rather focus on bypassing security mechanisms that are designed to block attacks. This course is one of the replacements for the Cracking the Perimeter (CTP) course — retired October 15, 2020.

Offensive Security Web Expert (OSWE)

Offensive Security

Apr 2021 Credential ID: OS-AWAE-10045 Advanced Web Attacks and Exploitation (WEB-300) is an advanced web application security review course. We teach the skills needed to conduct white box web app penetration tests.
With the 2021 update, WEB-300 now features three new modules, updated existing content, new machines, plus refreshed videos.
Students who complete the course and pass the exam earn the Offensive Security Web Expert (OSWE) certification, demonstrating mastery in exploiting front-facing web apps. The OSWE is one of three certifications making up the new OSCE3 certification, along with the OSEP for advanced pentesting and the OSED for exploit development.

Certificate of Cloud Security Knowledge (CCSKv4)

Cloud Security Alliance

Jan 2021 Credential ID: 73G4ibKACAUVfnxcoQCRXSrr The Cloud Security Alliance (CSA) has developed a widely adopted catalogue of security best practices, the Security Guidance for Critical Areas of Focus in Cloud Computing. In addition, the CSA Cloud Controls Matrix (CCM) and the European Network and Information Security Agency (ENISA) whitepaper Cloud Computing: Benefits, Risks and Recommendations for Information Security are an important contribution to the cloud security body of knowledge.
The Certificate of Cloud Security Knowledge (CCSK) provides evidence that an individual has successfully completed an examination covering the key concepts of the CSA Guidance, the CSA CCM, and the ENISA whitepaper.

Azure Security Engineer Associate (AZ-500)

Microsoft

Dec 2020 Credential ID: 989632882 Azure Security Engineer Associates have subject matter expertise implementing Azure security controls that protect identity, access, data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure.
Responsibilities for an Azure security engineer include managing the security posture, identifying and remediating vulnerabilities, performing threat modeling, implementing threat protection, and responding to security incident escalations.
Azure security engineers often serve as part of a larger team to plan and implement cloud-based management and security.
They also have practical experience in administration of Azure and hybrid environments. Candidates should have experience with infrastructure as code, security operations processes, cloud capabilities, and Azure services.

Offensive Security Certified Professional (OSCP)

Offensive Security

Jul 2020 Credential ID: OS-101-45359 The industry-leading Penetration Testing with Kali Linux (PWK/PEN-200) course just got even better with the addition of five recently retired OSCP exam machines to PWK labs. These five machines represent an entire OSCP exam room! Get more value out of your lab time for the same price, and enjoy extra preparation for the OSCP exam.
This online ethical hacking course is self-paced. It introduces penetration testing tools and techniques via hands-on experience. PEN-200 trains not only the skills, but also the mindset required to be a successful penetration tester.
Students who complete the course and pass the exam earn the coveted Offensive Security Certified Professional (OSCP) certification.

Cybersecurity Fundamentals Certificate (CSX)

ISACA

Mar 2018 Credential ID: 2018-1096065 - CSXF The Cybersecurity Fundamentals certificate and related training are ideal for IS/IT practitioners, students and recent graduates to build knowledge of cybersecurity or get started on a career in the field. This knowledge is in high demand, as cyberthreats continue to impact virtually every field of information systems and enterprises around the world.

Education

See where I spent time studying and gained early knowledge to prepare for my professional life.

Computer Science Engineering Degree

Universitat Politècnica de Catalunya

Sep 2013 - Jun 2017 All required knowledge, skills, and competencies to work in the field of Informatics Engineering.
The syllabus of the Bachelor Degree in Informatics Engineering is compliant with the European Higher Education Area (EHEA).
The FIB is one of the few Spanish centers where students can be trained in any of the five internationally recognized areas of Informatics Engineering, and amongst the world’s Top 100 best universities to study Computer Science in.

CiberSecurity Management Master

UPC School (Universitat Politècnica de Catalunya)

Sep 2017 - Jul 2018 Methodologies and techniques necessary for managing, planning, designing and implementing the procedures necessary to optimize the security of various assets, taking the latest threats that have recently appeared into account.

Contact

Get in touch with me if you would like to do business together, share an idea or just say hello.