Israel Guzman, Developer in Bogotá - Bogota, Colombia
Israel is available for hire
Hire Israel

Israel Guzman

Verified Expert  in Engineering

Cybersecurity Architect and Threat Intelligence Lead Developer

Location
Bogotá - Bogota, Colombia
Toptal Member Since
April 22, 2021

Isra is a cybersecurity architect and threat intelligence lead with over 23 years of experience, specializing in dark web monitoring and an expert in data collection, analysis, framework development, and reporting. A highly skilled cybersecurity professional with a proven track record of success in IT expertise, Isra is also an active participant in ethical hacker events and conferences.

Portfolio

SkyVirt
Cybersecurity, Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS...
HackerOne
Cybersecurity, Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS...
Katharsis
Cybersecurity, Fortinet Firewall Configuration, Palo Alto Networks, Cisco

Experience

Availability

Full-time

Preferred Environment

Cybersecurity, Threat Intelligence, Zero-day Vulnerabilities, Incident Response, Bug Triage

The most amazing...

...Bug Bounty Hunter awards I received were Top 25 and Hall of Fame in 2018 by AT&T, then winning hackathons with the HackerOne platform as "akax."

Work Experience

Board Member | USA and LAC

2020 - PRESENT
SkyVirt
  • Handled projects related to Cyber Range based on the MITRE ATT&CK framework.
  • Collected and analyzed threat intelligence data from various internal and external sources, such as social media, open-source intelligence, and dark web monitoring.
  • Developed and maintained a comprehensive threat intelligence framework that includes threat modeling, identification, prioritization, and mitigation strategies.
  • Collaborated with other security teams, such as incident response and security operations, ensuring threat intelligence integration within the workflows.
  • Delivered threat intelligence reports, briefings, and presentations to senior leadership and other stakeholders to communicate the current threat landscape and provide actionable insights.
  • Stayed up-to-date with the latest threat intelligence trends, technologies, and tools to respond to emerging threats.
Technologies: Cybersecurity, Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS, Incident Response, Splunk, Rapid7 Solutions, Maltego, Digital Forensics, Ethical Hacking, Zero-day Vulnerabilities, Blockchain, Distributed Ledgers, HIPAA Compliance, Self-sovereign Identity (SSI), FERPA Compliance, Innovation

Security Researcher | Bug Bounty Hunter | Hacker101 Capture the Flag (CTF) Player

2018 - PRESENT
HackerOne
  • Received two honors from HackerOne and AT&T (2018 and 2019): https://ctf.hacker101.com.
  • Earned 13 invitations and 3/26 points toward my next private program invitation and placed among the top three in Colombia in 2020: https://hackerone.com/att/thanks/2018 and https://hackerone.com/akax/year-in-review.
  • Led cross-functional teams through the entire SDLC.
  • Reported and helped to fix several vulnerabilities in Okta's products and services. Participated in Okta's bug bounty programs.
  • Attained a deep understanding of Okta's architecture and security features. Used my experience in using various bug bounty tools and techniques to make Okta more secure for companies.
  • Found and reported several vulnerabilities in Okta's products and services. Worked with the Okta security team to remediate vulnerabilities and improve security. Shared knowledge and expertise with other security researchers.
Technologies: Cybersecurity, Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS, Incident Response, Splunk, Rapid7 Solutions, Maltego, Digital Forensics, Ethical Hacking, Zero-day Vulnerabilities, Distributed Ledgers, HIPAA Compliance, Self-sovereign Identity (SSI), FERPA Compliance

Chief Information Security Officer

2015 - PRESENT
Katharsis
  • Implemented a secure data center while working in a freelance capacity.
  • Installed a Cisco firewall for IP security, VPN, and site-to-site VPN.
  • Protected devices and networks with Sophos security solutions.
  • Led cross-functional teams through the entire SDLC.
  • Gained experience with firewalls, including Cisco ASA, Palo Alto Networks, and Fortinet. Became proficient in configuring, managing, and troubleshooting firewalls. Accumulated experience in network on-premises and cloud projects.
Technologies: Cybersecurity, Fortinet Firewall Configuration, Palo Alto Networks, Cisco

Board Member

2008 - PRESENT
TI Corporation
  • Provided a full range of cybersecurity services: research, threat intelligence, monitoring and cyber surveillance of national critical information infrastructure (NCII), network protection, penetration testing, and ethical hacking.
  • Consulted on forensic investigation, bug bounty, DevSecOps, cloud computing, blockchain, machine learning, and AI. Provided support and training.
  • Delivered training programs: Creating Disruptive Differentiation with Innovation Management; The Fundamentals of Cybersecurity and IT Security; Cybersecurity and Secure IT Infrastructure, from Policies to Technology and IT Operations.
  • Became an IT Geek Trusted Advisor and delivered courses for the chief information security officer (CISO).
  • Spoke on Gartner's Nexus of Forces, describing how the convergence and mutual strengthening of social media, mobility, cloud computing, and information patterns create new business opportunities.
  • Leveraged areas of expertise to advise clients: security, ethical hacking, and cybersecurity; web application security, network security, and application security; ransomware and malware; DeepWeb, DarkNet, ZeroNet, ZeroDay, and Exploit.
  • Provided risk advisory services to the open web application security project (OWASP).
  • Advised clients on cloud security and a law enforcement agency on cybercrime and cyber investigation.
  • Served as an active member in the information security community of the current cyberspace.
  • Led cross-functional teams throughout the entire SDLC.
Technologies: Cybersecurity, Threat Intelligence, SIEM, IDS/IPS, Incident Response, Splunk, Rapid7 Solutions, Maltego, Digital Forensics, Ethical Hacking, Zero-day Vulnerabilities, System-on-a-Chip (SoC), IoC, HIPAA Compliance, Self-sovereign Identity (SSI), FERPA Compliance, Fortinet Firewall Configuration, Cisco, Palo Alto Networks

Cybersecurity Threat Intelligence Specialist

2023 - 2024
Halian - IBM
  • Hunted for threats proactively targeting Government and organizations' critical infrastructure.
  • Uncovered recent cyber attacks through in-depth investigations and analyzed multiple ongoing intrusion attempts that posed a high risk of disruption, data exfiltration, and reputational damage.
  • Delivered a comprehensive threat intelligence report upon recognizing the potential impact, triggering decisive action by security agencies to thwart the attack and mitigate vulnerabilities.
  • Implemented a real-time intervention that safeguards vital systems and underscores the crucial role of CTI specialists in the government's national security.
Technologies: Threat Modeling, Threat Intelligence, OSINT, Malware Analysis, Malware Information Sharing Platform (MISP), Malware Removal, Intel, Cyber Range, PCI, Indicator of Compromise (IOC), Encryption

Security Software Engineer

2023 - 2023
Bank Popular
  • Managed Cyber Security Projects related to the MITRE ATT&CK framework.
  • Created standards and policies for penetration testing, SDLC, AWS, and APIs.
  • Secured the organization with key standards and policies, including regular penetration testing, integrated security SDLC code reviews and secure coding practices, AWS best practices, encryption, and robust API security authentication implementations.
Technologies: APIs, Amazon Web Services (AWS), Architecture, Azure, Burp Suite, Bug Triage, Channels, CI/CD Pipelines, Cryptography, Culture Hacking, Cyber Range, Banking & Finance, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)

Spanish-speaking IT Security Expert

2023 - 2023
Tienda Amiga ER S.A.
  • Configured, managed, and troubleshot Cisco ASA, Cisco Catalyst 2960 switch, and Router 2901, 3560 L3 y 4321. SPI, DPI, apps, URL filter, IDS/IPS, IAM, threat intel, Umbrella, etc.
  • Implemented protection against denial-of-service attacks by configuring, managing, and troubleshooting Meraky AP MR53 and MR46 using features like WPA2-Enterprise, guest access, RADIUS, and SNMP.
  • Configured, managed, and troubleshot Fortinet Firewalls Fortigate 60F HA, VPN, IDS, IPS, and content web filter.
Technologies: Database Security, Cybersecurity, Penetration Testing, Network Security, Security Audits, Cisco, Fortinet Firewall Configuration

Senior Security Engineer

2022 - 2023
Pinterest
  • Joined Pinterest as an active member of the security operations, in charge of PII, SOX, IAM, GMT, and S3 policy management.
  • Implemented secure changes with Terraform and Phabricator.
  • Supervised Splunk daily to avoid security breaches and threats.
  • Worked with Palo Alto Networks firewalls and configured the GlobalProtect.
  • Integrated Active Directory, GitHub, GMT, holograms, certificates, and YubiKey within Okta across the entire infrastructure.
  • Designed, implemented, and managed Okta-based IAM solutions for enterprise customers, using SSO, MFA, and strong authentication to improve security, reduce risk, and streamline operations.
Technologies: SecOps, CyberSource, Personally Identifiable Information (PII), SOX, SOX Compliance, Phabricator, Amazon Web Services (AWS), Identity & Access Management (IAM), Growth Hacking, Culture Hacking, Software Development Lifecycle (SDLC), Palo Alto Networks, Okta, CI/CD Pipelines, Serverless, IOTA, Sumo Logic, Mandiant, SOC 2 Type 2

Senior Security Engineer

2022 - 2022
Bloomberg Industry Group - Main
  • Automated AWS security vulnerabilities mitigation using AWS Lambda function with Python 3 and Boto 3.
  • Tracked and fixed requests using Jira for issues, escalations, incidents, software review requests, and security vulnerabilities.
  • Automated and Integrated the mitigation of vulnerabilities from the Rapid 7 suite with Jira.
  • Created multiple wikis of management and procedures daily.
  • Automated and integrated vulnerability mitigation from AWS Guard Duty and AWS Inspector with Jira.
  • Improved the automation of the Threat Intel channel, adding more sources, translating on the way, and passing filtered to the main channel.
  • Integrated AWS, Atlassian, and Okta within the entire infrastructure.
  • Designed, implemented, and managed Okta-based IAM solutions for enterprise customers. Integrated Okta with other systems to create secure and efficient authentication infrastructure.
  • Conducted security assessments and audits to identify and mitigate risks associated with Okta and implemented security best practices and industry standards.
Technologies: Amazon Web Services (AWS), DevSecOps, Cyberlaw, Okta, Python

DevSecOps Consultant

2021 - 2022
Palo IT
  • Centralized identity management and assigned permissions transversally.
  • Configured VPN to segregate access individually and gather traffic logs.
  • Automated CI/CD pipelines to deploy QA and ephemeral staging environments.
  • Identified customer transactions that used more infrastructure and reduced the DevSecOps workload.
  • Deployed a CDN and high availability in specific zones.
  • Automated vulnerability analysis for infrastructure and applications and prevented a sensitive data leak.
  • Recommended code reviews and automated testing solutions. Led cross-functional teams through the entire SDLC.
  • Created vulnerability management solutions (VMs) capable of integrating with any 3rd party in the industry to provide an all-in-one solution with a unique dashboard.
  • Designed, implemented, and managed secure IAM solutions, including SSO, MFA, and strong authentication. Integrated Okta with Active Directory, GitHub, and more to create a unified authentication infrastructure.
  • Integrated Azure Active Directory, SonarQube with Okta, and certificates within the entire infrastructure.
Technologies: Amazon Web Services (AWS), Cybersecurity, Okta

Chief Information Security Officer

2019 - 2022
Zaga Labs
  • Implemented a secure data center with IP security while serving as a freelance external advisor.
  • Installed pfSense firewall security, OpenVPN, and site-to-site VPN.
  • Ensured that security measures protected perimeters and rejected attackers.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity, Threat Intelligence, Zero-day Vulnerabilities

System Security Engineer and Architect

2021 - 2021
University of Arizona
  • Worked for Arizona State University (Asu.edu) on compliance (PCI, FISMA, HIPAA, etc.), authentication and authorization, DIDs, entities IDs, identities, credentials, and meta-credentials.
  • Performed cryptography, data protection, Sovrin Governance Framework, Hyperledger Indy decentralized key management, trustee set up protocol, wallet storage design, permissions and rules, CORS and source code, SAST, DAST, and AutoDevSecOps.
  • Handled mobile device security enforcement, prevented reverse engineering of the Pocket app, and worked on data source encryption and data transfer encryption in transit, PeopleSoft, databases, and APIs.
  • Affected and managed PII masking in real time, OTP, QR codes, and Libindy while working with reports access and endpoints, servers, and mail servers.
Technologies: Cryptography, Amazon Web Services (AWS), DevSecOps, APIs, Cybersecurity

IT Operations and Security Supervisor

2020 - 2021
Visa
  • Provided the knowledge required to follow and adhere to PCI DSS compliance frameworks and helped to obtain the SOC Level 2 certification, following the security requirements and standards.
  • Used a wide range of tools, including SumLogic, Qualys, Mandiant, SolarWinds, Falco, mobile financial banking; PCI RoC/SOC2 Type II; CloudFlare, Sumo Logic; Mandiant, Qualys, DefectDojo, Check Point, Check Point CloudGuard, Dome9, and SilverSky.
  • Identified systemic security issues based on the analysis of vulnerability and configuration data. Enabled the organization to reduce risks and achieve regulatory and statutory compliance.
  • Implemented security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to systems or system components as needed.
  • Collaborated with functional and cross-functional teams and stakeholders to identify and/or develop appropriate solution designs, implementation, and required mitigation strategies.
  • Managed multiple technologies for mobile financial banking and chaos engineering with the Chaos toolkit and Istio. Led cross-functional teams through the entire SDLC.
  • Used a wide range of technologies: Snyck, Dependabot, Sonatype DepShield; Trend Micro, Symantec, Sophos; Google Cloud GCP; K8S and Falco as a Daemon; and Sonarqube (dependency checks).
  • Utilized Splunk; Jira and Trello; Veracode, Trustwave, Detectify, Mesh7, and Qualys; ProGuard, DexGuard, iXGuard; Bitbucket and Concourse; and DigiCert Central.
  • Used Grafana Loki and Data Studio; MongoDB and MySQL; HAProxy and APIs; Gauntlt and Ruby for Vulnerability; and vulnerability management systems (VMS).
  • Integrated BambooHR, Cloudflare, Udemy, Azure, Office 365, DefectDojo, Atlassian, ELK, Nagios, New Relic, SolarWinds, Slack, and external apps within Okta.
Technologies: DevSecOps, Kubernetes, Threat Intelligence, Digital Forensics, Zero-day Vulnerabilities, Cybersecurity, Okta, DefectDojo, Dome9, Check Point CloudGuard

Chief Information Security Officer

2020 - 2020
Vycton
  • Protected the University Foundation of the Andean Area while working as an external, freelance advisor.
  • Implemented several Kaspersky Cybersecurity solutions.
  • Implemented IBM Tivoli Storage Manager with data loss protection (DLP).
  • Implemented Lenovo XClarity to protect the storage.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

Senior DevSecOps

2020 - 2020
FortifID
  • Played a key role (as a contractor) in a DevSecOps and CloudUnit project for a US Silicon Valley-based customer. This involved working with SSN data providers, Equifax, Neustar, and Grain.
  • Conducted black-box penetration testing and achieved SOC 2 certification.
  • Implemented AutoDevOps CI/CD, using GitLab Gold and Kubernetes.
  • Developed solutions for managing personally identifiable information (PII) and sensitive data protection. The technologies used included AWS, Rapid7, Qualys, OpenVAS, Maltego, Burp Suite, and other penetration testing tools.
  • Led cross-functional teams through the entire SDLC.
  • Migrated OneLogin to Okta, keeping all the existing integrations.
Technologies: Cybersecurity, DevSecOps, Amazon Web Services (AWS), QualysGuard, OpenVAS, Burp Suite, Penetration Testing, Kubernetes, Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS, Incident Response, Splunk, Digital Forensics, Ethical Hacking, Zero-day Vulnerabilities, Distributed Ledgers, HIPAA Compliance, Self-sovereign Identity (SSI), FERPA Compliance, Okta

Cloud Senior Engineer

2018 - 2020
Globant
  • Designed and deployed futurist projects related to information security for a wide range of companies (shown below). Prioritized and assigned tasks to a group of cybersecurity leaders.
  • Implemented the Great Minds eLearning platform for Core Digital Systems (CDS), using Terraform, Ansible, and GitHub Actions over AWS.
  • Developed a digital banking mobile app for iOS and Android for GNB Sudameris Bank.
  • Co-developed solutions as a member of the EY core platform squad. These included the EY Blockchain Analyzer, Axiomatics, and others related to common capabilities and tax transparency.
  • Designed the architecture and deployed, supported, maintained, protected, and secured the environments.
  • Served as a cybersecurity advisor to C-level executives, stakeholders, and product owners who made decisions about solutions that addressed business goals and risks.
  • Advised leadership, management, and less experienced cybersecurity leaders on solutions deployed in the environment for incidence responses related to threats, vulnerabilities, and compliance. Used Agile, Scrum, and Jira to address and track issues.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity, Security Architecture, Kubernetes, Azure, Amazon Web Services (AWS), Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS, Incident Response, Splunk, Rapid7 Solutions, Maltego, Digital Forensics, Ethical Hacking, Zero-day Vulnerabilities, Blockchain, Distributed Ledgers, HIPAA Compliance, Self-sovereign Identity (SSI), FERPA Compliance

Virtualization and Migration Engineer

2018 - 2018
Claro Colombia
  • Led discovery and the RFP process to migrate VMware to Huawei Private Cloud FusionSphere for Global HITSS.
  • Migrated HP ServiceManager Cloud BMC Remedy (Apache Tomcat), protected by security baselines, Qualys, Dynatrace, and SIEM.
  • Implemented a chatbot offered by the Inbenta company.
  • Managed operating systems: Oracle Solaris, Oracle RACDB, Red Hat, and Windows Server.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cloud, Cloud Security, Security, Web App Security, Web Security

Cloud Architect

2017 - 2017
BITS Americas S.A.S
  • Migrated a 100% on-premise infrastructure to Azure for Flores Funza, while serving as the CISO at BITS Americas.
  • Migrated to Office 365 for Flores Funza and Tannus, a legal services company.
  • Set up an AWS ETL for Tigo Latam, a Millicom telecom company.
  • Managed operating systems: Windows Server and Linux.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

Chief Information Security Officer

2013 - 2016
Bull Marketing
  • Implemented a secure data center while working as a freelancer.
  • Supported VPN, site-to-site VPN, IP security, and VoIP using Asterisk.
  • Protected a secure website and email communication to prevent virus infections by bad actors.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

Security and Systems Administrator SME

2012 - 2016
Hewlett Packard Enterprise
  • Served as a capability administrator L4 for Pfizer, overseeing the ITO project delivery team, application hosting services (AHS) reporting group, and Intel on physical and virtual environments with VMware and Hyper-V.
  • Owned responsibility for building and securing existing and new systems according to lifecycle capacity, always focusing on business continuity with an emphasis on finding the root cause and proper solutions for each daily case.
  • Oversaw premium support for 400 servers, aligned with the overall infrastructure, ensuring that IT assets met the needs of corporate policies and continuously building strong professional relationships with key IT and LOB executives.
  • Served as a subject matter expert for a Latin American internal assessment review (ITAM), corrective action and preventive action (CAPA), and problem and root cause analysis (RCA).
  • Led ITSM change management 401 RFCs; conducted 12 pre-approved template reviews; and provided service incident management with response 2755 resolved and 1863 requested. Served as a configuration item owner and QA of 400 CIs under CMDB.
  • Set up monthly BTI and daily infrastructure operations and amp reports for regional operative meetings with the global command center (GCC).
  • Managed hardware self-sparing and product support case management. As an HPE Saba learner and HPE support case manager, I completed Power 2 Learn (126 courses) and learned manager and admin rooster roles.
  • Experienced in Cisco ASA, Meraki, and VoIP. Troubleshot and configured security as SPI, DPI, app identification, URL filter, IDS/IPS, threat intel, cloud, network, DLP, remote access, web application, malware, Umbrella, etc.
  • Performed security monitoring and analytics using HPE Service Center, Qualys, Nessus, MSB, SCCM, McAfee ePolicy Orchestrator 5.3 Intel Security, EMC Watch4Net, CA SysEdge, and eHealth. Merged three data centers into one.
  • Managed the infrastructure: HPE servers, storage, Cisco switches, networking, blades, and backup solutions, HP Data Protector, and CA BrightStor ARCserve. The technologies were VMware, Linux ESx, Aix, HP-UX, Red Hat, and Windows Server.
Technologies: Cybersecurity

Chief Information Security Officer

2010 - 2014
InTacto Comunicaciones
  • Served as an external freelance advisor to InTacto Comunicaciones.
  • Implemented a secure communication channel for the whole company using Microsoft Exchange.
  • Deployed Symantec cybersecurity solutions to protect the network and devices.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

Chief Information Security Officer

2010 - 2013
Construcciones Obycon SAS
  • Protected the network and devices with Kaspersky cybersecurity solutions.
  • Enforced policies to prevent unauthorized access to the company's applications.
  • Implemented Active Directory with GPO, using a Microsoft Windows Server.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

SysAdmin

2010 - 2012
SONDA
  • Supported servers for 3M: HP ProLiant G7; HP EVA4400; HP MSL6000; Dell PowerEdge; AD; DHCP; DNS; GPO, SQL, Visual Studio Foundation; file, SharePoint, and IIS Servers; and SCCM.
  • Implemented a new data center and DRP, covering VMWare, Lotus Domino 8, CA ARCserve, and HP Data Protector.
  • Managed service requests from IBM TEC and the Remedy Helpdesk; supervised the dashboard server and PC support.
  • Provided specialized support to VIP users, covering MOC Apple and BlackBerry.
  • Supported deployment (Swimage) and McAfee Encryption. Provided regional level-one support, both onsite and remote.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

Chief Information Security Officer

2008 - 2011
Geosintéticos
  • Implemented a secure way to manage all the IT devices while working as an external freelance advisor.
  • Deployed a secure PHP web portal with a MySQL database.
  • Implemented a secure communication channel for the whole company.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

SysAdmin

2007 - 2010
IBM
  • Provided cybersecurity services for Avianca and Allianz.
  • Served as a command center engineer, working with VMware, HP Data Protector, and BrightStor ARCserve, as well as change management.
  • Provided tech support for Active Directory, Forefront, File Server, IIS, WSUS Updates and Cirats, Exchange 2007, Blackberry BES, Citrix high availability in multiple data centers, and accounting close.
  • Ensured enforcement and control of interfaces in SAP, IIS, SQL, Adabas, SIS, Sharepoint, Test Director and ESM, Oracle, AIX, Hp-Ux, Tivoli TEC, HP Data Protector and Tivoli TSM, VIP, and the company's CNCs. Provided 7x24 second-level support.
  • Managed operating systems: HP-UX- Aix, Oracle Solaris, Red Hat, and Windows Server.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

IT Specialist

2005 - 2006
Getronics
  • Worked in the IT department at Movistar (Movistar.co/).
  • Monitored data centers, Citrix clusters, and applications.
  • Provided VIP support at a national level for Gtran devices and cellular data services.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity

IT Analyst

2002 - 2005
Sitel Group
  • Completed work for internal clients: Microsoft, Telecom, and HP.
  • Supported network and communication solutions at a national level.
  • Provided support and training for services such as VSAT, Clear Channel, and satellite connections.
  • Created the intranet in PHP for internal management of those client companies.
  • Led cross-functional teams through the entire SDLC.
Technologies: Cybersecurity, VSAT

Spyder Analytics

https://github.com/4k4xs4pH1r3
Automated cybersecurity CI/CD pipelines with multiple command-line arguments and customized with CyberScan ninja techniques that can perform a wide range of security tests and discovery functions, taking precedence over any configuration. It's important for those who are serious about network scanning to know about these pipelines. This research focused on identifying the maximum batch mix mode supported by Sypder Analytics.

The proof of concept included the following functions:
• Comprehensive operating system guesses.
• Uptime, ports, and service device types per host detection based on fingerprint matches.
• Vulnerabilities discovery based on network traceroutes and service versions on each port.
• Host footprinting based on TCP/IP sequence prediction and thumbprint over IPv4 and IPv6.
• Firewall and IDS evasion and spoofing with accurate miscellaneous options.

Cyber Range | Author of Training at SkyVirt

https://cyberrange.skyvirt.tech/
Wrote eight training modules dedicated to Cyber Range while serving as a board member for the USA, Latin America, and the Caribbean (LAC) and as an external freelance advisor to Cyber Range.

Basic modules:
• DevSecOps
• AutoDevSecOps, WSL2, SIEM, Kubernetes, and Docker
• Osint and Enumeration
• BugBounty
• Capture the Flag Competitions (CTFs)
• SQL Injection
• Cross-site Scripting (XSS)
• DDoS

Startup Founder

Founded in 2008, TI Corporation provides a full range of cybersecurity, artificial intelligence, and related services such as research, threat intelligence, cybersecurity and surveillance for national critical information infrastructure protection, forensic investigation, network protection, penetration testing, ethical hacking, black box projects, bug bounty hunters, DevSecOps CI/CD, cloud computing, blockchain, AI, machine learning, and IT support and training.

Libraries/APIs

CyberSource

Tools

Splunk, Phabricator, Sumo Logic, Dome9

Paradigms

DevSecOps, HIPAA Compliance, Penetration Testing

Platforms

Blockchain, Azure, Amazon Web Services (AWS), Windows Server, Kubernetes, QualysGuard, Burp Suite, Malware Information Sharing Platform (MISP), Intel

Industry Expertise

Banking & Finance, Network Security, Cybersecurity

Storage

Database Security

Other

Software Development Lifecycle (SDLC), Growth Hacking, Culture Hacking, Threat Intelligence, System-on-a-Chip (SoC), IoC, SIEM, IDS/IPS, Zero-day Vulnerabilities, Incident Response, English, Indicator of Compromise (IOC), VSAT, Channels, Peer-to-peer Networking, Architecture, Innovation, FERPA Compliance, Self-sovereign Identity (SSI), SecOps, Personally Identifiable Information (PII), SOX, SOX Compliance, Identity & Access Management (IAM), Cryptography, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Encryption, Languages, Palo Alto Networks, CI/CD Pipelines, Ethical Hacking, APIs, Serverless, IOTA, Bug Triage, Networking, Quantum Computing, Digital Forensics, IT Project Management, PCI, SOC 2 Type 2, Mandiant, DefectDojo, Check Point CloudGuard, Rapid7 Solutions, Maltego, Troubleshooting, Programming, Security Architecture, Distributed Ledgers, Cyberlaw, Security Audits, Cisco, Fortinet Firewall Configuration, Okta, Threat Modeling, OSINT, Malware Analysis, Malware Removal, Cyber Range

Languages

Python

Frameworks

OpenVAS

2001 - 2003

Bachelor's Degree in Computer Science

ECCI University - Bogotá, Colombia

JULY 2020 - PRESENT

Web Security: Same-Origin Policies

LinkedIn

JULY 2020 - PRESENT

Web Security: OAuth and OpenID Connect

LinkedIn

JULY 2020 - PRESENT

Transitioning to a Career in Cybersecurity

LinkedIn

JULY 2020 - PRESENT

Sophos Certified Sales Consultant

Sophos

JULY 2020 - PRESENT

Project 2019 and Project Online Professional Essential Training

LinkedIn

JULY 2020 - PRESENT

Penetration Testing: Advanced Web Testing

LinkedIn

JULY 2020 - PRESENT

Penetration Testing: Advanced Enumeration

LinkedIn

JULY 2020 - PRESENT

OWASP Top 10: #9 Components with Known Vulnerabilities and #10 Insufficient Logging and Monitoring

LinkedIn

JULY 2020 - PRESENT

Microsoft Cybersecurity Stack: Advanced Identity and Endpoint Protection

LinkedIn

JULY 2020 - PRESENT

Learning Tor and the Dark Web

LinkedIn

JULY 2020 - PRESENT

Learning Cyber Incident Response and Digital Forensics

LinkedIn

JULY 2020 - PRESENT

Introduction to Quantum Computing

LinkedIn

JULY 2020 - PRESENT

Insights from a Cybersecurity Professional

LinkedIn

JULY 2020 - PRESENT

Extending, Securing, and Dockerizing Spring Boot Microservices

LinkedIn

JULY 2020 - PRESENT

Ethical Hacking: The Complete Malware Analysis Process

LinkedIn

JULY 2020 - PRESENT

Ethical Hacking: Penetration Testing

LinkedIn

JULY 2020 - PRESENT

CompTIA PenTest+ (PT0-001): 5 Selecting Pen Testing Tools

LinkedIn

JULY 2020 - PRESENT

CompTIA IT Fundamentals (FC0-U61) Cert Prep 3

LinkedIn

JULY 2020 - PRESENT

CompTIA IT Fundamentals (FC0-U61) Cert Prep 2: Files and Applications, Networking, and Security

LinkedIn

JULY 2020 - PRESENT

CompTIA CySA+ (CS0-002) Cert Prep: 7 Compliance and Assessment

LinkedIn

JULY 2020 - PRESENT

CompTIA CySA+ (CS0-002) Cert Prep: 4 Software and Systems Security

LinkedIn

JULY 2020 - PRESENT

CompTIA CySA+ (CS0-002) Cert Prep: 3 Identity and Access Management

LinkedIn

JULY 2020 - PRESENT

CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management

LinkedIn

JULY 2020 - PRESENT

CompTIA CySA+ (CS0-002) Cert Prep: 1 Threat Management

LinkedIn

JULY 2020 - PRESENT

CompTIA A+ (220-1002) Cert Prep 6: Networking, Security, and More

LinkedIn

JULY 2020 - PRESENT

CompTIA A+ (220-1002) Cert Prep 4: Command-Line Interface and Scripting Languages

LinkedIn

JULY 2020 - PRESENT

CISSP Review Course Completion Certificate ISC²

ISC2

JULY 2020 - PRESENT

CISSP Cert Prep: 8 Software Development Security

LinkedIn

JULY 2020 - PRESENT

CISA Cert Prep: The Basics

LinkedIn

JULY 2020 - PRESENT

CISA Cert Prep: 1 Auditing Information Systems for IS Auditors

LinkedIn

JULY 2020 - PRESENT

CASP+ Cert Prep: 4 Technical Integration of Enterprise Security

LinkedIn

JULY 2020 - PRESENT

CASP+ Cert Prep: 3 Enterprise Security Operations

LinkedIn

JULY 2020 - PRESENT

Android App Penetration Testing

LinkedIn

JULY 2020 - PRESENT

AWS for DevOps: Security, Governance, and Validation

LinkedIn

JULY 2020 - PRESENT

AWS for Architects: Advanced Security

LinkedIn

JULY 2020 - PRESENT

AWS Security Best Practices for Developers

LinkedIn

JULY 2020 - JULY 2023

Aviatrix Certified Engineer (ACE): Multi-Cloud Network Associate Course

Aviatrix

JUNE 2020 - PRESENT

Google Cloud Platform Fundamentals: Core Infrastructure

Coursera

DECEMBER 2019 - PRESENT

Senior Cyber Security Engineer

Udemy

DECEMBER 2019 - PRESENT

Level BBB | CEFR LEVEL B2

Language Market

JANUARY 2016 - PRESENT

Advanced Computer Security | Strategic Decision and Risk Management

Stanford University Online

DECEMBER 2015 - PRESENT

Level BBB | CEFR LEVEL B1

Berlitz Languages Inc.

DECEMBER 2014 - PRESENT

MCSA: Windows Server 2012 R2

Microsoft

DECEMBER 2012 - PRESENT

IT Professional

Microsoft

DECEMBER 2012 - PRESENT

MCITP | Windows Server 2008 R2 (70-640)

Microsoft

DECEMBER 2006 - PRESENT

Network Analyst

Sitel University

DECEMBER 2004 - PRESENT

English Intermediate

KOE Corporation

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring