• Discovered, investigated, and fixed a major security vulnerability on TPM-based private key creation and handling in OpenCryptoKi. Fix to openCryptoki PKCS#11 TPM generated key handling

Architect and developer manager of Brazilian Presidential Elections security system, used in every voting booth, every district network computer and every processing hub across the country. Largest synchronized deployed system ever built at the time.

Featured case study by Microsoft, as the largest deployed network system to enforce security nationwide at technet.microsoft.com/en-us/library/cc750080.aspx

Participated in the design of ICP Brasil, the Brazilian government national official digital identity system based on X.509 certificates.

Threat analysis and mitigation of the heterogeneous government network that runs nationwide to support the elections

System level protection by interception of system calls using device drivers and other hooking mechanisms, file system, network, process and thread management, USB and modem protection and control.

Development of large deployment systems based on Windows technology to roll many of company products throughout the enterprise, supporting roll back and forward, lab and staged deployment, security and authentication for software authenticity and authorization

Cryptography: Developed transport level network encryption system for military and top-secret government purposes (agency is similar to USA’s NSA/CIA)

Financial System security: Designed the SPB (Brazilian Payment System) to Brazilian Central Bank, a system designed to secure, certified and undisputable cross-bank transactions. Thanks to this system in place, a TED from a bank to another in Brazil takes a couple of seconds to a couple of minutes max.

Designed and implemented various projects involving X.509, symmetric and asymmetric encryption, elliptic curves, El Gamal

Kernel <=> User mode fast communication & synchronization, ring 0-3 data/process synchronization

Architecture and lead development of He@tSeeker distributed firewall, used as a key security component during Brazilian Presidential Elections

Leader of company ISO 9001 certification focused on security lifecycle management by DNV. First certification of the kind awarded to a security company

Hardware cryptography: worked with various cryptography devices and HSM (hardware security module), from well-known vendors such as Aladdin crypto tokens, Gemplus smartcards and CryptoSystems HSM.

Worked with eTrust PKI product line, helping customers design, plan and roll installations and integrating with other Modulo’s security products and services

Worked with Verisign & Certisign to develop PKI solutions to customers

Developed early architecture and framework of award winning Modulo Risk Management software

Main architect of security developer products:

• Secure Source Control System. Secured transport, encrypted data hosting SCC for enterprise teams [based on our own Certificate Authority product]
• X.509 Certificate Authority. Developed our own certificate authority product, certificate lifecycle management, Root CA and sub-CA infrastructure
• Integration with 3^rd party cryptography hardware solutions, such as Aladdin and Gemplus

Head of NOC (Network Operating Center) for enterprise customers

Security consultant

Implementation of security solutions based on OpenVPN, OpenSSH, OpenSSL

Linux based hard disk software encryption solutions