14 Years of Experience


2011 - 2017
Universitat Oberta de Catalunya

Bachelor's degree

Bachelor's degree in Computer Engineering, with a focus on design and development of computer systems and their applications. Coursework included topics such as computer architecture, algorithms, operating systems, computer networks, security, and software engineering.

2008 - 2010
IES Sabadell

Higher Technician

Higher Technician in Computer Network Systems Management, with a focus on the design, installation, configuration, and maintenance of computer network systems.


2021 - Current
Koa Health

Principal Cybersecurity Engineer

I protect user data and ensure compliance with HIPAA, SOC2, and GDPR at Koa Health. To do this, I implemented security measures, built roadmaps for OWASP SAMM and DSOMM, and hardened the CI/CD pipeline. I also regularly perform activities like threat modeling and vulnerability management. I manage external penetration testing and perform in-house security testing.

2017 - 2021

Lead Cyber Security Engineer & Pentester

I began my career at A2Secure as part of the technical team, where I assisted clients with IT security issues, particularly PCI-DSS compliance. My main focus was on external and internal penetration tests, vulnerability management, APP audits, social engineering, and security trainings. After 3 years, I became the leader of a technical team and continued to be part of the penetration testing team. My responsibilities included project management, AWS security, designing threat detections using the MITRE ATT&CK framework, supporting employee technical growth, adversary simulation, and IR Playbook development.

2010 - 2017

VoIP Technician & Linux System Administrator

I started in VozTelecom as a VoIP Technician, my main duty was managing clients' issues related to VoIP and Internet access. After 3 years, I change my role to Linux System Administrator where I did maintainance and improvement of the VoIP platform and all services offered to VozTelecom clients and employees. My tasks included the deployment of new services and servers, task automation, user management, backups, vulnerability analysis, and recovery from hardware and software failures.