Advanced Cybersecurity Specialist | Offensive Security & Architecture
I am a Cybersecurity Specialist focused on securing modern infrastructure and web applications. My approach goes beyond traditional vulnerability scanning; I specialize in uncovering complex business logic flaws, API vulnerabilities, and architectural misconfigurations. I bridge the gap between offensive testing and engineering mitigation.
Currently based in/targeting the Canadian tech market, with a focus on delivering actionable security intelligence for enterprise environments.
- Offensive Security: Advanced Web & API Exploitation, Logic Flaws (BOLA/IDOR), Identity & Access Management vulnerabilities (OAuth/JWT).
-
- Security Engineering: Threat Modeling, Secure Architecture Review, Mitigation Strategies for Modern Stacks (Cloud, Next.js, APIs).
-
-
Tooling & Automation: Developing specialized Python-based tooling to automate complex security testing workflows that standard scanners miss.
-
-
API Logic Security Fuzzer (En Desarrollo) - A Python-based framework designed to automate the discovery of Broken Object Level Authorization (BOLA) vulnerabilities in REST APIs by managing and cross-referencing multiple JWT sessions.
-
-
[Medium] Upcoming: The Architecture of API Logic Flaws - Moving Beyond Injection
-
- Security: Burp Suite Professional, Owasp ZAP, Postman, Custom Python Tooling.
-
-
Languages: Python (Security Automation), Bash, Go (Familiar).
-
- Concepts: OWASP Top 10, API Security, Cloud Security Posture, Identity Management.
"Security is not just about breaking things; it's about understanding complex systems better than the people who built them, and helping them build resilience."
-
-
-
-