Marcos
Santos
CyberSecurity
Engineer
From Developer to Defender: My Global Cybersecurity Odyssey
Here's how I can help!

Linux Security Engineer
IGEL- Code Review
- Vulnerability Management
- SAST Scanner with Sonar
- SCA Scanner with SonarType
- Pipeline creation with Jenkins and TeamCity
- Implementation of checks for Linux

CyberSecurity Security Researcher
Greenbone AG- Observation and analysis of the latest vulnerability reports
- Creation of Windows and Linux Compliance vulnerability search rules using OpenVas
- Implementation of test routines to identify vulnerabilities
- Implementation of checks for Windows patch level and all standard tools for Windows
- Direct cooperation with customers for special applications

CYBER SECURITY COORDINATOR
Nova8 - Preparation of Pre-Sales Processes
- Creation of PoC Reports and presentations to the Board
- Creation and configuration of environments, SAST, DAST, IAST and SCA
- Realization of PoC of SAST, DAST, IAST and SCA products
- Presentation of final meeting with CISO and customer directors
- Creation of vulnerability search rules
- Integration with CI/CD Tools, IDE, Bug Tracking, etc.
- Vulnerability management based on OWASP TOP 10, NIST, FISMA and PCI compliance
- Fixing vulnerabilities with the help of SAST tools
- Azure Firewalls/WAF/KMS
- Tools: Checkmarx, Acunetix, Neuralegion, Probely, WhiteSource, Imperva

INFORMATION SECURITY ANALYST
BRScan - Code Review with Veracode
- Vulnerability analysis using SAST tools (Veracode)
- Application Testing
- Fixing vulnerabilities with the help of SAST tools
- Vulnerabiliy Management
- Modification and creation of queries and procedures
- Documentation of new features to the system
- Preparation of test scripts
- Tools: Veracode, Checkmarx, Synopsis, Fortify

Cyber Defense
FIAPIn this two-year program, you will learn essential cybersecurity practices such as risk management and data protection laws (LGPD and GDPR), and progress to advanced Offensive Security techniques, including Penetration Testing, Forensic Analysis, and Threat Intelligence, ultimately gaining the skills to develop automation tools with Python and JS, apply Hardware Hacking concepts, and incorporate Artificial Intelligence to fortify critical infrastructures against ever-evolving cyber threats.

INFORMATION TECHNOLOGY MANAGEMENT
AnhangueraThe Information Technology (IT) college program provides a comprehensive education covering programming, software development, computer networks, information security, databases, and project management. In the early years, students study basic subjects like mathematics, programming logic, and algorithms, moving on to advanced topics such as software engineering, artificial intelligence, and cybersecurity. Classes blend theory and practice through labs and projects, alongside internships and final projects that equip students with practical experience for the job market.

Fundamentos e Práticas de Cibersegurança.: Abordagem Prática para Profissionais de Cibersegurança (Portuguese Edition)
Kindle eBookThe book was created based on my professional experiences over the years in the Cybersecurity market. With that, I gathered what I learned and decided to publish a book for those who are starting out in the market. With that, I included some cases and how the resolution was made in order to help and grow the cybersecurity community.

O Guia Definitivo de Checkmarx One
Online CourseWith over 5 years using and also teaching about the Checkmarx Cybersecurity tool, I decided to create an online course with more than 5 modules related to teaching how SAST, SCA, IaC work, among other tools and the entire process that this includes such as implementation in CI/CD tools, Integration with repositories, threat modeling process, Vulnerability Management process, Bug Tracking, application tuning, customization of vulnerability search rules and much more.

DevSecOps Podcast
PodcastPodcast formed by Cassio Pereira where I am Co-Hosting and we talk about topics related to Cybersecurity, from training to controversial topics such as AI in the cybersecurity environment, data protection and other topics

CyberSec News
Youtube ChannelChannel created in order to inform news related to Cybersecurity, where daily I present 4 informative news focused on some topics such as Data leaks, Cyberattacks, Cybersecurity, Malware, Ransomware, Social Engineering and other various topics related to the area