// about
Application & AI Security Specialist
@ Veritran · Buenos Aires, Hybrid
20+ years turning security from a blocker into a business enabler. Started in Venezuelan banking, scaled through Argentina's leading fintechs — now building AI-driven security tooling that replaces hours of manual triage with code.
I play both sides: offense (pen testing, red team, vuln research) and defense (SAST/DAST, threat modeling, security champions). Currently focused on the intersection of LLMs × AppSec automation.
core stack
// experience
Veritran · CABA, Hybrid
AI-driven security tooling for global payments infrastructure. Building SpecIA and autonomous AI agents for vulnerability triage at enterprise scale.
ueno bank S.A. · Remote
Built the AppSec program from zero in a cloud-native fintech. SAST/DAST pipelines, threat modeling, security champions culture, and secure SDLC.
Wazuh, Inc. · Remote
Security lead for the world's most-used open source SIEM. Threat modeling, security roadmap, and DevSecOps at global scale.
Naranja X · Pomelo · Buenos Aires
Led Red and Blue teams simultaneously at Naranja X (Argentina's largest fintech). Built cloud security posture from scratch at Pomelo.
BTR Consulting · Despegar.com · gA · Buenos Aires
Cloud pentesting at BTR; Big Data SIEM at Despegar.com; cloud incident response automation at gA. First years in Argentina.
Banco de Venezuela · Banco del Tesoro · Banco Bicentenario · EntreClicK.com · Venezuela
Foundations in Venezuelan state banking: GRC, hardening, regulatory compliance, and incident response. Simultaneously founded my own offensive security consultancy.
// expertise
Diseño e integración de SAST/DAST y análisis de dependencias en el SDLC. Pipelines CI/CD seguros por defecto.
Agentes autónomos y bots defensivos con LLMs para automatizar triaje, auditorías y respuesta a incidentes.
Estrategias de ciberseguridad, políticas y alineación bajo ISO 27001 y PCI-DSS. Gobierno de riesgo pragmático.
Análisis de vulnerabilidades, penetration testing, threat modeling (OWASP), respuesta a incidentes y forense.
// projects
Security-Aware Spec-Driven Development
SpecIA detecta bugs de seguridad críticos antes de escribir una sola línea de código. Analiza los specs de features, identifica vulnerabilidades (auth bypass, XSS, SQL injection, insecure storage) en segundos y audita la implementación para verificar que todas las brechas fueron corregidas. Construido para agentes de IA.
// certifications
// contact
¿Querés hablar de AppSec, DevSecOps, IA o simplemente conectar? Encontrame en LinkedIn o explorá mis proyectos en GitHub.