20+ years leading high-impact engineering teams, driving cloud architecture, improving security, and delivering scalable solutions. Committed to engineering best practices, secure development, and a strong Agile mindset to foster continuous delivery and team autonomy.
This talk introduces developers, DevOps experts, and relevant profiles such as managers to the fundamentals of pentesting and server and API protection. Explains what pentesting is in cloud and web environments and its importance, all illustrated with examples. It covers common API vulnerabilities such as injection, broken authentication, OWASP10, and data exposure on Linux servers. It also analyzes situations involving reverse proxies such as Nginx, port management, and SSH hardening, and proposes agile solutions that can be implemented as efficiently as possible. It introduces tools such as nmap, nikto, sqlmap, and Burp Suite, among many others, with live demos. It offers mitigation practices: input validation, HTTPS, attack control, and CI/CD scanning. Focusing on the idea that security starts in development and ends in production, with practical demos and real-life cases, this talk can be useful for developers, cloud engineers, and managers interested in technical aspects.
Introducing CSVS, a system-level design pattern that makes operational infrastructure untrusted by design, enabling post-hoc verification using only publicly observable artifacts
A groundbreaking study from Apple challenges our understanding of AI reasoning capabilities, revealing surprising limitations in Large Reasoning Models.
A detailed account of migrating my personal blog from Hugo to a custom Next.js solution, including MDX support, GitHub Actions deployment, and modern development practices
I'm always interested in new opportunities, collaborations, or just a good conversation about technology and engineering leadership.