Five years writing React and Next.js on AWS, now focused on application security. Currently working with clients in the US and Spain.
GIAC GFACT + GSEC Certified · US Work Authorized
Current work, then the path that got me here.
These days, most of my work mixes web development with LLM features. Right now I'm running a prompt-injection lab against a chatbot I built, testing how well the usual defenses hold up under realistic attack patterns. Findings live at /ai-playground.
By day I'm at GDNA, building cloud-native apps on AWS. The interesting parts sit on the boundary between feature development and security: input validation, auth flows, S3 policies, secrets handling, and figuring out where things break when no one's watching.
My security path started with the SANS Cyber Academy scholarship, which got me the GIAC GFACT and GSEC certifications. Next on the list is GIAC GCIH.
Before software: I'm from Spain, six years in commercial construction (structural detailing, CAD, project management). Studied architectural engineering at IE University.
Hands-on labs with real captures and full writeups.
Analyzed 173K VPC flow records across 579 log files: isolated 33,232 attacker flows from 20.106.124.93, determined a 6.5-hour attack window, quantified 265MB exfiltrated on port 8889 and 190MB on port 80, and confirmed the full attack surface (HTTP, SSH, 8889) using PCAP-to-NetFlow conversion with nfpcapd/nfdump.
Investigated a 628K-packet PCAP in Wireshark: used protocol hierarchy and conversation statistics to surface a port-80 scanning pattern from 3.142.238.241, followed an HTTP stream revealing a successful WordPress brute-force login (Hydra, admin/#AlphaInc!), and completed a live-capture exercise extracting an HTTP object from loopback traffic.
Discovered a SQL injection in Catalog.php's search parameter (LIKE '%<input>%'), dumped all products, enumerated databases and tables via stacked queries, then deployed the lab WAF and confirmed identical payloads were blocked with HTTP 418.
Analyzed PCAP traffic with tcpdump: identified /.env probing, WordPress brute-force with Hydra, and cleartext login parameters visible in the HTTP payload.
Cracked passwords across 4 hash types using John the Ripper and Hashcat: extracted and cracked an Office 2013 encrypted Excel file, an NTLM hash, and Linux crypt hashes using a CeWL wordlist. Demonstrated brute-force infeasibility against SHA-512 with Hashcat, then used John's word-mangling rules to expand 1,552 base words into 4M+ candidates to crack passwords the original wordlist missed.
Validated Snort 3.1.73 config, tightened HOME_NET to 10.130.0.0/16, ran the community ruleset against investigate.pcap, and surfaced an SSH CRC32 overflow shellcode pattern (294 alerts from 20.106.124.93 → 10.130.8.94:22). Re-ran Snort with a BPF filter pinned to the attacker IP, then processed the same PCAP with Zeek's extract-all-files policy and confirmed log output.
Labs are from SANS Cyber Academy.
5+ years across startups, agencies, and independent consulting
Started translating Figma designs into React/Next.js code. Evolved into owning full application architecture, API design, and database design on AWS.
Built a client project using Svelte and maintained Querri's HubSpot website with custom code modifications throughout the contract.
Short-term contract to rebuild the company's Shopify storefront. The engagement ended before completion.
First engineering role after JRS Coding School bootcamp. Promoted from Software Engineer I to II. Full-stack development on Angular/NestJs stack with Azure cloud services.
Selected work, organized by focus.
Role: Solo build: rules, CLI, fixtures, distribution, docs, self-audit. v1 plan adds 7 more rules.
OWASP LLM Top 10 at commit time. A Semgrep rule pack and npm CLI for catching the security failure modes AI coding assistants quietly introduce in TS/JS LLM applications. Live on npm.
AI coding assistants reproduce a small, predictable set of security failures in LLM-integrated code: untrusted input flowing into the LLM `system` role, model output piped into `eval` or `dangerouslySetInnerHTML`, hardcoded API keys, JSON.parse on raw model output. Existing OSS SAST tooling (Semgrep `p/ai-best-practices`, agent-audit) is Python-only. The TypeScript and JavaScript ecosystem (Vercel AI SDK, Next.js Server Actions, OpenAI / Anthropic JS SDKs) was uncovered.
Built a focused Semgrep rule pack mapped explicitly to OWASP LLM Top 10, distributed via npm with a thin CLI that wires up a husky pre-commit hook and a GitHub Action workflow. Five rules in v0, each with vulnerable + safe fixtures, exercised by a test runner. Released under MIT.
Live on npm at version 0.0.2 with a self-audit and full documentation. Caught a real LLM02 (Insecure Output Handling) bug in this very portfolio's recruiter-fit endpoint and shipped the fix in the same session.
Role: Solo security research: attack design, evaluation harness, mitigation patterns, writeups
Reproducible red-team study of prompt-injection techniques mapped to OWASP LLM Top 10 and MITRE ATLAS, tested across frontier and budget-tier models via Vercel AI Gateway. Week 1 of 4 in flight; matrix UI, filters, transcripts, and a live sandbox land in weeks 2-4.
Production LLM features ship with informal defenses. Whether they hold up under structured attack chains is mostly anecdote, with no published, reproducible matrix of attack vs. model vs. mitigation in the open TS/JS ecosystem.
Catalog prompt-injection techniques mapped to OWASP LLM Top 10 and MITRE ATLAS. Run each attack across frontier and budget-tier models via Vercel AI Gateway. Pin model IDs and commit prompts to source so every result is reproducible. Each attack ships paired with a defensive mitigation.
Week 1 scaffold live at /ai-playground with seeded attacks across multiple OWASP categories. Weeks 2-4 add the matrix UI, filters, slide-over transcripts, and a live sandbox.
Role: Solo: design, full-stack development, LLM integration, security hardening (input delimiting, output validation, score clamps), Stripe, deployment.
An LLM-integrated SaaS I built end-to-end. Beyond the product itself, it's the place I apply the hardening patterns codified in llm-audit: untrusted-input delimiting, system-prompt isolation, output validation, server-side score clamps.
LLM-integrated apps inherit a class of attacks (prompt injection, insecure output handling, system-prompt leakage) that traditional pen tests miss. Most apps ship with informal defenses and hope.
Built TalentAgent as both a real product and a place to apply the OWASP LLM Top 10 patterns. Untrusted job descriptions are wrapped in clear data delimiters with explicit no-instruction rules; verdict shapes are enforced via Zod enums; scores are clamped server-side; OpenAI calls use response_format JSON. The same hardening pattern shipped in this portfolio's Fit Check API after llm-audit caught an LLM02 (Insecure Output Handling) issue.
Live platform scoring fit in 10 seconds with hardened LLM endpoints. Free to use, no auth required for core flow.
Mentorship platform onboarding ~1,200 users. Built React UI components and the authentication flow with security-focused defaults.
Mentorship platform needed secure, scalable onboarding for ~1,200 users.
React UI components and a Cognito-backed authentication flow with session handling and security headers. Input validation across 4 form types covering ~40 questions. Infrastructure provisioned with scoped IAM access controls.
60% improvement in onboarding efficiency. Secure registration and sign-in live in production.
Fit Check
Paste a job description and get an honest AI assessment of how Luis's experience maps to the role.
Let's discuss your next project. Reach out via the form below or connect on LinkedIn