Security Researcher & SOC Analyst | Detection Engineering, SIEM, Bug Bounty Hunter | Full Stack & DevOps background | Building a home SOC lab in public
📍 Buenos Aires, Argentina 👤 LinkedIn 🐛 Bugcrowd ✉️ tomasda7@outlook.com
I am a security researcher and SOC analyst in transition from Argentina, with a foundation in full stack development and DevOps (Go, Docker, Kubernetes, Jenkins).
My path into security is deliberately hands-on: instead of relying on academic credentials, I build verifiable evidence — validated bug bounty findings, a fully documented home SOC lab, and industry certifications. I hold the ISC2 Certified in Cybersecurity (CC) and completed the Cybersecurity Architect career track (287 accredited hours, EducaciónIT & Manhattan University) with specializations in SOC Operations and Cloud DevOps.
As a bug bounty researcher on Bugcrowd, I reported a validated IDOR / Broken Access Control vulnerability under coordinated disclosure, rated against Bugcrowd's Vulnerability Rating Taxonomy (VRT) and documented in a full technical writeup.
I also run a web development and automation agency for local businesses, where I apply secure development practices and run security assessments on everything I ship.
My medium-term focus: Cyber Threat Intelligence (CTI) and cloud security.
Core technology areas:
- SIEM & monitoring: Wazuh, Splunk, Microsoft Sentinel (in training), log analysis and correlation, alert triage
- Detection & response: incident response, MITRE ATT&CK, alert severity classification, root-cause analysis, KQL (in training)
- Offensive security: bug bounty, OWASP Top 10, access control testing (IDOR/BAC), coordinated disclosure
- Automation & DevOps: Go, Python, Bash, n8n, Docker, Kubernetes, Jenkins, CI/CD
- Infrastructure: Linux server hardening, TCP/IP, DNS, HTTP/S, cloud computing
Security & detection
Automation & DevOps
Infrastructure & web
Bugcrowd (Freelance) Mar. 2025 – Present · Remote
- Investigate web application vulnerabilities within the scope of Bugcrowd programs, separating genuine security signals from noise.
- Reported a validated IDOR / Broken Access Control finding under coordinated disclosure, rated against Bugcrowd's VRT and documented in a technical writeup.
- Manage the full coordinated disclosure lifecycle and communicate risk clearly to program owners.
Web Development & Automation Agency (Freelance) 2024 – Present · Remote
- Web development and process automation for local small businesses.
- CI/CD pipelines and containerized workloads with Docker, Kubernetes, and Jenkins; automation in Python.
- Secure development practices applied across the software lifecycle, with recurring security reviews on delivered systems.
Highlighted certifications:
- ISC2 — Certified in Cybersecurity (CC) · 2026
- Cybersecurity Architect — EducaciónIT & Manhattan University · 287 accredited hours · SOC Operator and Cloud DevOps specializations · 2026
In progress:
- Microsoft SC-200 — Security Operations Analyst (Sentinel, KQL, Defender EDR/XDR)
- Splunk Certified Cybersecurity Defense Analyst
📚 Cybersecurity Architect program — full course list (15 courses)
- Ethical Hacking
- Web Security (SQL Injection, XSS)
- Network Security / Network Hacking
- Windows Server Hacking
- Mobile Hacking
- SOC Operator
- Digital Forensics
- Cybercrime & Digital Evidence
- Linux Security (Server Hardening)
- Linux SysAdmin · Introduction to Linux
- Cloud Computing · Cloud DevOps (Docker, Kubernetes, Jenkins)
- Cryptography & Blockchain
- Secure Development
- Introduction to Networking · Introduction to Cybersecurity
Self-hosted detection lab built to simulate the full detect → investigate → respond cycle:
- Wazuh as SIEM: log ingestion, parsing, and correlation
- Custom detection rules mapped to MITRE ATT&CK
- Automated alerting pipeline with n8n + Discord
- Alert triage and severity classification practice on real telemetry
Documented in public as both a learning method and verifiable evidence of hands-on work.
Analysis and coordinated disclosure of a validated broken access control vulnerability found through Bugcrowd: root cause, impact assessment, reproduction steps, and remediation guidance, rated against the Bugcrowd VRT.
- Microsoft Sentinel & KQL (via SC-200)
- Microsoft Defender EDR/XDR
- Splunk detection workflows
- Threat intelligence foundations: IOCs, TTPs, MISP, STIX/TAXII, YARA, Sigma
- Threat hunting methodology
My progression is structured and deliberate:
- Now — SOC Analyst Jr / L1: SIEM operations, alert triage, incident documentation
- Next — SC-200 certification; deepen detection engineering and EDR/XDR
- Then — Specialization in Cyber Threat Intelligence (GCTI / SANS FOR578 on the horizon) and cloud security
Every skill listed on this profile is backed by a certificate, a documented lab, or a validated finding. I prefer verifiable evidence over claims.
I am open to:
- SOC Analyst / Security Analyst opportunities
- Bug bounty collaboration
- Open-source security tooling
- Detection engineering and home lab exchanges
Feel free to reach out through LinkedIn or email.
"Security is not a product, but a process." — Bruce Schneier

