|
I am a certified OSCP Cybersecurity Engineer with a Master's degree in Cybersecurity, experienced in building and attacking secure systems for aerospace and critical infrastructure sectors. Passionate about Offensive Security, Red Teaming, and Penetration Testing in remote and global environments. If my profile interests you, I offer freelance cybersecurity expertise tailored to your needs.
Job Experience
- > Freelancer Cybersecurity Engineer @ Osmium (2024-2025)
Architected a defense-in-depth embedded Linux distribution for the aerospace sector, engineering a hardened OS baseline from the ground up using Yocto Project. Worked on the full security lifecycle: from initial threat modeling to final implementation to delivering a "secure-by-design" platform that strictly enforces integrity and isolation in hostile environments.
Key Technical Achievements:
- Hardened Boot Chain: Implemented a full Hardware Root of Trust using Secure Boot and U-Boot signature verification within Yocto build recipes to prevent unauthorized code execution and firmware tampering.
- Immutable Root Filesystem: Deployed DM-Verity for transparent block-level integrity checking, ensuring the OS remains tamper-proof and audit-compliant in production environments.
- Resilient & Atomic Updates: Engineered a RAUC-based Secure OTA system with atomic A/B partitioning, cryptographic bundle signing, and automated rollback mechanisms to guarantee fail-safe patching even during power loss.
- Custom SELinux Policy Development: Translated threat models and aerospace security requirements into fine-grained SELinux policies, mapping user workflows and service behaviors into strict type enforcement rules and role-based access controls contexts.
- Zero Trust Access Control: Enforced a Zero Trust model with SELinux in Enforcing mode, utilizing custom policies to confine each service to minimal required permissions, eliminating lateral movement and reducing attack surface.
- Threat Modeling & Security Architecture: Conducted comprehensive TARA reviews using STRIDE and OWASP methodologies, translating theoretical attack vectors into concrete kernel hardening, policy enforcement, and userspace defenses.
- Build System & Supply Chain Security: Implemented secure Yocto build recipes with cryptographic verification, signed artifacts, and reproducible builds to ensure end-to-end integrity from source to deployment.
- > Researcher @ Instituto de Telecomunicações (2021-2023)
COMSOLVE - Developed a Peer-to-Peer energy trading market in Renewable Energy Communities using Blockchain as its Architectural Foundation.
Key Technical Achievements:
- Blockchain Architecture: Implemented Hedera Hashgraph as the foundational consensus layer for immutable transaction settlement and audit trails, ensuring cryptographic integrity across all energy exchanges.
- Distributed Microservices Ecosystem: Built a gRPC-based microservices infrastructure enabling asynchronous, high-throughput communication between autonomous services (Transactions, Meters, Gateway).
- Payment & Settlement Engine: Developed the Transactions microservice to process real-time peer-to-peer energy payments with Hedera smart contracts, ensuring atomic settlement and dispute resolution.
- IoT Metering Integration: Engineered the Meters microservice to aggregate real-time energy consumption data from distributed smart meters, feeding accurate usage metrics into the settlement pipeline.
- API Gateway & Orchestration: Designed a RESTful Gateway exposing the entire REC (Renewable Energy Community) platform as a unified API, abstracting blockchain complexity for external integrations and frontend clients.
- Master's Research & Publication: Authored thesis on blockchain-based Renewable Energy Communities, contributing peer-reviewed research on decentralized energy markets and DLT scalability in IoT-heavy environments.
Certifications
Education
- > Masters in Cybersecurity (2022-2023)
University of Aveiro
- > Baschelor in Computer Engineering (2018-2022)
University of Aveiro