IT Security Professional · Web application | API | Network | AI
Information security professional with 10+ years of experience specializing in web application, API, and network penetration testing, AI/LLM security assessment, security engineering, and cybersecurity training.
I am an information technology professional with over two decades of hands-on experience in web application, API, AI / LLM, and network security. My background includes penetration testing, security engineering, vulnerability research, and delivering security training within enterprise environments.
I operate at the intersection of offensive and defensive security, translating risk analysis into practical threat mitigation strategies and distilling complex technical findings into clear, actionable guidance for engineers, stakeholders, and executive leadership.
I have delivered IT security training nationwide for vendors such as Check Point, EC-Council, and Mile2, and I remain passionate about mentoring practitioners as they advance and establish themselves in the security field.
Comprehensive web application, API, and network penetration testing engagements designed to uncover exploitable vulnerabilities, demonstrate real-world attack impact, and translate findings into clear risk prioritization and actionable remediation guidance..
Experienced instructor and speaker delivering hands-on security training and talks for conferences, enterprises, and community groups.
Security‑minded development and code review that integrates secure design principles and practical defenses into applications and infrastructure.
Served as Team Lead and single contributor, conducting red team penetration tests across web applications, infrastructure, and cloud environments.
Conducted secure code reviews and championed a shift-left approach by integrating security practices early in the software development lifecycle.
Exploring how modern AI and large language models behave under adversarial, real‑world conditions, with a focus on understanding failure modes and translating them into practical security controls.
Hardened the Kubernetes clusters and container workloads by enforcing strict RBAC policies, enabling network segmentation, scanning images for vulnerabilities, and implementing runtime threat detection..
Provided nationwide training across the USA for Check Point, EC-Council, Mile2, and CompTIA, empowering organizations to secure, deploy, and maintain secure network and application infrastructures.
I enjoy contributing to the security community through talks, workshops, and local meetups. These venues keep me grounded in practitioner reality while sharing research and techniques that others can immediately apply.
Presented “Blinded by Big Data, Paralyzed by Analytics, Decipher by Machine Learning” with Kevin Figueroa, including hands‑on labs and resources published at MLresearchLab.com.
Delivered “How to build a GPU Password Cracking Host”, demonstrating the practical realities of large‑scale password cracking.
Talks on Citrix vulnerabilities and embedded systems (“Hacking with Gumstix”).
2nd Place – Hack the Flag Ninja CTF, South Florida ISSA Chapter (2010)
3rd Place – Shmoocon CTF, Washington DC under “Hack Miami” team (2010)
For consulting, penetration testing engagements, or speaking opportunities, feel free to reach out. The fastest way to contact me is via LinkedIn or GitHub.