Here I am documenting my ongoing journey as a:

💼 Professional

  • May 2022 – Present: Senior Consultant at Noesis, working as a Threat Hunter for companies in multiple industries:
    • Define Threat Hunting activities on Customers’ context.
    • Implementing a Threat Hunting process considering available inputs and outputs.
    • Threat detection logic according to threat trends and network baselines.
    • Proactive threat hunting for malicious activity.
    • Development of customized security alerts leveraging Slack and Python, to monitor Github, Telegram, and other informational sources, for mentions according to keywords.
    • Threat intelligence awareness, to aid the SOC team in staying up-to-date with the latest cyber security threats and vulnerabilities.
    • Project management of a Vulnerability Management operation implementation (Tenable), leading a work force of 3 teams (Security, Operations and Network).
    • Expertise:
      • Tech stack: Python3.
      • Cyber Tools: Crowdstrike, DigitalShadows, Mandiant, Trend Micro, Tenable, OpenCTI, TheHive, Darktrace, JoeSandBox, QRadar, Securonix and Microsoft 365 Defender.
  • Aug 2021 – May 2022: Cyber Security Analyst (SOC) at AISI
    • Daily SOC Level 1/2 for 2000+ stations.
    • Monitoring of intrusions, attacks and anomaly patterns for 30+ Customers.
    • Investigation and enrichment of security events (Sigma rules and Sysmon EventIds patterns).
    • Risk mitigation leveraging quick response mechanisms (Process killing and Network quarantine).
    • Remediation proposals interfacing with Customer’s IT team, following major incidents.
    • Detection logic adjustment to fit Customer needs.
    • Digital forensic investigations of ransomware attacks (Windows environments).
    • Reverse engineering of malicious PowerShell commands and malicious Office files.
    • Identification of threat trends through open and premium sources to propose mitigation measures.
    • Analysis of current Customers’ security level status, presented during regular steering committees with Customers, as well as solutions and best practices.
    • Technical demonstrations of Proof-of-Concepts (POCs) of exploits to raise SOC team’s awareness of attacker techniques.
    • Development of a Python3 tool to parse and apply Sigma Rules to logs recorded in a Sqlite database.
    • Participation on infrastructure technical proposals (Security section).
    • Onboarding of new elements to the team.
    • Expertise:
      • Platforms Knowledge: ELK stack (Elasticsearch, Logstash, and Kibana).
      • Tech stack: Python3, SQLite DB.
      • Cyber Tools: SentinelOne, Winlog, O365 Security, Microsoft 365 Defender (MD), Microsoft Defender for Identity (MDI) and OpenCTI.

  • Feb 2019 – Aug 2021: Cyber Security Engineer at INOV INESC Inovação

    • Sep 2020 – Aug 2021: R&D Cyber Security Engineer
      • Research, development and operation of a scanless vulnerability monitoring service, provided to a Portuguese critical infrastructure.
      • Development of 3th party REST API integration (requests python library) of an open-source asset management software (GLPI).
      • Vulnerability research and issue of advisories reports to Customer.
      • Grey-box security audits / penetration testing to web applications.
      • Review of technical documents.
      • Expertise:
        • Vulnerability Frameworks: ISO 27032 (vulnerability, threat), CVSS, NVD (CPE, CVE, CVSS), CVESearch.
        • Tech Stack: MongoDB, MariaDB, Redis Server, Python3, Postman, GLPI, Linux Ubuntu and CentOS8.
        • Cyber Offense Tools: BURP Suite, Nmap, OWASP ZAP, WAF detection (wafw00f), Metasploit, Nikto, Kali Linux, OWASP framework.
    • Feb 2019 – Sep 2020: Cyber Security Researcher (MSc Student)
      • Development of an impact assessment tool to evaluate the impact of cyber-threats on business-processes.
      • Presentation of results under a set of Work Packages (WP) and Deliverables (D) consolidated on an European project with 9+ countries-partners.
      • Research and development of 2 publications.
      • Expertise:
        • Network Tools: Wireshark/Tshark, Moloch, Docker.
        • Tech Stack: Python3, Bash scripting, Neo4j, Ubuntu.
        • Cyber Security Frameworks: ISO 27005 (risk, impact), STRIDE (threat modelling), MITRE ATT&CK.
      • Summary:

        Integrated on Horizon 2020 SATIE airport security project, my MSc dissertation has resulted in a new tool named BIA that simulates and assesses the impact of cyber-threats on the business-processes of an organization.

  • Jul 2015 – Sep 2015: IT Intern at AquiHáChef
    • Support in WordPress website maintenance.
    • Interviews to new collaborators.
    • Management of social media marketing campaigns.
    • Expertise:
      • Tech Stack: WordPress, HTML and CSS.
    • Summary:

      Summer internship at a startup company. Integrated in a small team, I got to be a part of every aspect of the starting process of creating a company. As an intern I was able to aid in the maintenance of a WordPress website, setting up and perform interviews for potential new collaborators and manage social media marketing campaigns.

  • Jul 2014 – Sep 2014: IT Intern at Hospital Espírito Santo de Évora
    • Technical support to health services.
    • Interaction with a wide range of stakeholders with different levels of technical expertise.
    • Technical maintenance of devices.
    • Summary:

      Summer internship at a Hospital’s IT department. From assisting medical staff with various applicational and technical issues, setting up electrical outlets and videoconferences, to relocating an entire server rack, I got to experience the practical side of Computers and Electricity (while running several miles from one service to the other everyday).

You can also see my professional experience on LinkedIn.

💻 Lifelong Learner

📅 Programs

  • 2023 TechStorm
  • Mentorship program at Portuguese Women in Tech

🚩 Capture-The-Flag exercises (CTFs)

  • Web Attacks, by Let’s Defend
  • CyberDefenders CyberCorp Case 2, by CyberDefenders
  • Malware Traffic Analysis #1, by CyberDefenders
  • Natas, by overthewire
  • Bandit, by overthewire
  • Hackthisite

🎫 Online Courses

  • Fundamentals of Darkweb, by SOCRadar
  • Reverse Engineering 101, by malwareunicorn
  • Introduction to Networking, by NYUx
  • Python3, by Codeacademy
  • Java, by Codeacademy

🎬 Webinars

  • Nowhere to Hide: 2023 Threat Hunting Report, by Crowdstrike
  • Provocatively Proactive - Modern Security Before de Bad Day, by Huntress
  • A Strategic Overview of Chinese Cyber Operations, by Mandiant
  • TOP Vulnerabilities and Recommendations - Overview 2021, by Integrity
  • Cyber Threat Intelligence & Forensics Analysis, by Hardsecure, Segurança em Sistemas de Informação
  • UX UI Design, by Noesis
  • Agile, by NOS

🎤 Conferences

  • BSides Lisbon 2022 (presential)
  • C-DAYS 2021 – Naturalizar Competências, by CNCS
  • C-DAYS 2020 – Abraçar o Futuro, by CNCS

📜 Certifications

  • ISO/IEC 27001 Information Security Associate, by Skillfront

📐 Engineer

Personal website

This website uses Jekyll static code generator leveraging Markdown files.

These are the versions of my websites:

  • 1st version: on Github and my step-by-step guide to create it in this post.
  • 2nd version: this website right here. You can find its source code on Github. This uses the amazing (and free) BeautifulJekyll template (with some tweaks 😏).

Business Impact Assessment (MSc Thesis)

Established security mechanisms, such as antivirus software, log analyzers and intrusion-detection systems, generally focus on low-level events and report them independently. To help determine whether a cyber-incident has any current or future negative impact on the organization’s monitored network and goals, research in mission impact assessment tries to estimate that impact. In this context, BIA (Business Impact Assessment) was created as a simulation platform, where one is able to simulate business-process impact by a cyber-threat landscape affecting organizational assets.

Publications

  • CIIA: Critical Infrastructure Impact Assessment @ Symposium on Applied Computing (SAP) – 2022
  • Impact Propagation in Airport Systems @ Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP) – 2020

🎓 Student

  • MSc in Electrotechnical and Computer Engineering at Instituto Superior Técnico
    • MSc in Electrical Engineering and Informatics at Technical University of Košice (Erasmus)
  • BSc in Electrotechnical and Computer Engineering at Instituto Superior Técnico