About

The desire to learn, to grow both mentally and physically and to leave the world in a better way in which I found it are the pillars and essence that causes me to remain firm and present in my goals. My current and main area of expertise pertain to Cybersecurity and red teaming exercises. I decided to start my path with Cyber due to the increasing threats appearing due to the world digitalisation. My main goal is to establish proper technical knowledge to be able to assess the security architecture of organisations and provide the better solutions for the latest security concerns.

🏢 Professional Career

I have been working as a Security Consultant as part of an experienced team. At FSP I was able to develop my Offensive Security knowledge to perform all types of Cybersecurity audits. In addition, I have performed multiple developing tasks by means of different complete (Frontend + Backend) applications offering day-to-day use.

Penetration Tests:

Internal Network audits.
External Perimeter Review.
Web Application testing.
Windows / Azure CIS Build Reviews.
Attack Surface Reviews/Mapping (ASR)
Reporting (templating systems and manual).
Client delivery and catch ups.
Usual use of Nessus and BurpSuite.
Automated monthly scanning and reporting.
Phishing campaings.
Usage of multiple tools for auditing and evidencing.
OSCP certified at first attempt while working.
QA Process and reporting.
Cobalt Strike
Active Directory:
- Kerberos Attacks (Kerberoast, AS-REP Roast, Certificates, Delegations…)
- Credential Theft (Mimikatz, TGT, TGS, DPAPI…)
- Domain / Host Reconnaissance
- Privilege Escalation and Persistance
- Pivoting and Lateral Movement

Cloud:

Azure, AWS and Google Cloud testing for misconfigurations.
Experience working with the Azure cloud and infrastructure.
Experience working with Sharepoint sites, pages, permissions…
Resource Group management.
Creation of complex Logic Apps.
Blog Storages.
Pipelines.
Dev Operations.

Development:

Development of cyber internal tools for daily usage.
Full stack developer for Cybersecurity applications.
Multiple automation tasks and programs.
Creation of secure APIs with Microsoft Oauth2, SSO.
Docker and microservices.
Certificate/public-private key managing.
Frontend:
- Pure HTML, CSS, JS.
- React JS, Next JS.
Backend:
- API Development in Python and Golang.
- Any language (Solid programming basis from Uni).
- Python.
- Golang.
- Bash scripting.
- C, C#, C++ for exploit development and sharepoint.
- Relational (SQL) and non-relational (MongoDB) databases managing.
- Powershell Scripting.

Cybersecurity Certifications

- Offensive Security Certified Professional (OSCP)

- Certified Red Team Operator (CRTO)

🏫 Education

Universitat Politècnica de Catalunya, Barcelona: Degree in Computer Engineering

From 09/2018 to 09/2022

Two subjects with Honors.

Programming languages: C++, C, Java, bash, Erlang, JS, R, assembly 0x86, SQL, Dart.
APIs / Frameworks: GraphQL, JavaFx, microprocessors, OpenMP, flutter, google maps.
Networking: ISO/OSI, VRRP, STP, OSPF, BGP, IPv4, IPv6.
Backend / Frontend: Creation of web pages, server configuration, database management, APIs.
Mobile Applications: Knowledge of Flutter and Dart.
Microservices Basic: knowledge of kubernetes and docker.
Cryptography: Breaking RSA, private key scheme encryption due to configuration flaws.
Security: Public-Private Encryption Keys, Certificates, Web Site vulnerabilities, Cryptography, Operating System security, Forensics, OWASP top 10.

IES Leonardo Da Vinci, Sant Cugat del Vallès: Technological Baccalaureate

From 09/2016 to 06/2018

I studied the technological baccalaureate with the electives: Physics, industrial technology and mathematics.

Languages

Spanish Native
Catalan Native
English Professional (School, Uni and 2 years in a British Company)
German Little (2 years in school)

Personal Skills

Leadership.
Adaptability to the environment.
Proactive and self-taught.
Teamwork and efficiency.
Problem solving ability.
Excellent oral and written communication.