About

I’ve been passionate about technology since I was young and am now pursuing a Master’s in Cybersecurity at the University of Aveiro. My main interests are in software development, network security, and malware analysis.

My research started with Software Defined Networks during a Graduate Research Scholarship. Currently, I’m working on improving authentication and authorization for legacy non-5G devices in 5G networks.

When I’m not working, I’m either brainstorming new projects, firefighting, or trail running—always staying focused and ready for the next challenge.

Curriculum vitae

Looking for my CV? Download it here.

Experience Link to heading

Graduate Student Researcher Link to heading

09/2023 - Present
Instituto de Telecomunicações

Improve non-5G devices authentication and authorization (AA) mechanisms and support for legacy device in 5G networks, as its functions require devices to have 5G credentials.

Undergraduate Student Researcher Link to heading

11/2022 - 07/2023
Instituto de Telecomunicações

Inserted in the FireTec project, my position was created with the intent of adding CAP (Common Alert Protocol) communication support to the existing infrastructure. (see 1)

Skills Link to heading

Programming Languages

Go
Python
Rust
JavaScript
Java
C
Zig
Bash

Tools and Frameworks

Git
Vagrant
Ansible
Terraform
Kubernetes
MSSQL
SQL
GraphQL
AWS
Google Cloud

Cybersecurity

GRC (Governance, Risk, and Compliance)
Risk Assessment
IAM Management (Identity and Access Management)
Threat Modelling
IS Auditing (Information Systems Auditing)
SSDLC (Secure Software Development Life Cycle)
SAST (Static Application Security Testing)
DAST (Dynamic Application Security Testing)
Vulnerability Management
API Penetration Testing
Threat Hunting

Languages

Portuguese (native)
English (proficient)

Projects Link to heading

Academic

Reverse Engineering - PDF Manager Malicious Android Application Link to heading

Analysis of the PDF Reader File Manager application. This app gained notoriety when it was removed from the Play Store. It was developed with the intent of stealing data from Android users, as described in this article here.

Flexible, Risk Aware Authentication System Link to heading

Design and implementation of an Identity Provider (IdP) using the OAuth 2.0 protocol, and three client services which use it for authentication and authorization.

Enhanced DES (E-DES) Link to heading

A Implementation of a DES variant known as E-DES, using a 256-bit key, derived from a user-provided password and S-boxes derived from the key, instead of using fixed and known S-boxes.

Deterministic RSA key generation (D-RSA) Link to heading

Deterministic RSA key generation and implementation of a pseudo-random number generator and RSA key generator.

Personal

gometric Link to heading

A metrics server built in Go that collects system metrics and exposes them via a GraphQL API. It includes support for CPU, memory, disk, network, and process metrics. Deployment can be automated using Terraform and Ansible, or just by running the binary on the target machine.

Sentinel Link to heading

A CLI tool developed in order to streamline the analysis of traffic captures. Sentinel allows highly specific and precise metric measurements, such as: search for possible exfiltration, search for possible botnet and C&C communication, volume of connection per destination and hourly connection volume.

Education Link to heading

M.S in Cybersecurity Link to heading

09/2023 - Present
University of Aveiro

B.Eng. in Computer Science and Telematics Link to heading

09/2018 - 07/2023
University of Aveiro

Certifications Link to heading

Blockchain Security Specialization, Infosec, 07/2024
Cyber Incident Response Specialization, Infosec, 07/2024
Cyber Threat Hunting Specialization, Infosec, 07/2024
Information Systems Auditing, Controls and Assurance, The Hong Kong University of Science and Technology, 07/2024
API Penetration Testing, APIsec University, 09/2023

Course Notes Link to heading

I believe in growing and sharing knowledge. To that end, from my college and online courses, I maintain all the notes from my studies and make them publicly available. You can find them here:

Publications Link to heading

M. Coelho, L. Santiago, D. Araújo, A. Navarro and N. B. Carvalho, “A Low-Cost Embedded System to Support Broadcasting Emergency Messages Through FM Radio Stations” in IEEE Embedded Systems Letters, vol. 16, no. 3, pp. 247-250, Sept. 2024, doi: 10.1109/LES.2023.3343641.