About Me

My career is focused on offensive mobile application security and giving trainings to write and deliver secure code.

I worked as an application developer for most of my career, focused on the secure SDLC, delivered secure software for international companies, worked in the security assessment of the applications developed by the company and security patching of vulnerabilties found in source code and in third-party components.

Some years ago I switched my career to a fulltime security consultant, executing penetration tests on web and mobile applications in world-wide known companies and in critical core components of their business.

Career

I started my career as a software developer 15 years ago. I worked profesionally with different languages and frameworks (Java, C#, PHP, Javascript, Python etc). Early on my career I caught interest on the security aspects of the software development, started a PhD on security, and started to do the security review from the applications being developed.

A couple of years ago I switched from a blue-team to a red-team security profile, starting a new position as Security Researcher for Faraday Security. The last years have been an amazing professional experience, I got the possibility to work with many well-known international companies and got experience in a lot of different technologies and security assessment methodologies (External, Internal, Blackbox and Greybox applications assessments).

During these years I've been working on different technologies, programming languages, so it was hard for me to find something I particularly liked or wanted to do with my professional career, till I got to do a Mobile application security assessment. It was a mix of Java/Objectvie-C/Swift, hardware knowledge, client-side exploitation, native OS library reversing, web application assessment (hybrid libraries) and an endless quantity of frameworks. I was fascinated by the experience and since the first assessment I started especializing my career on those technologies.

Conferences

I love attending and speaking at information security and developer conferences around the world, and I was lucky enough to be accepted as a speaker in some of them in Latin America.

This year I also had the chance to participate as an organizer in the Mobile Hacking Village for the Ekoparty Conference, which was a great experience to meet great people, interacte with awesome speakers and learn a bit how a conference is orgnized.

My talks and trainings are on Android Application assessments and Frida.

  • Ekoparty 2020: Mobile Hacking Space (co-organizer)
  • Ekoparty 2020: Introduction to Explotation of Android Applications (training)
  • OWASP LATAM at Home 2020: Frida. Pentesting en Android Con Frida (workshop)
  • Ekoparty 2019: Introduction to Explotation of Android Applications (training)
  • Owasp Latam tour 2019 - Argentina: Frida. The One tool to pwn them all (Android version) (talk)
  • Ekoparty 2018: Introduction to Explotation of Android Applications (training)