What I work on
- Agentic LLM pipelines. Multi-agent workflows in LangGraph (Python or TypeScript), running in production for use cases like incident response and threat enrichment.
- MLOps and platform. Experiment tracking, model versioning and observability across the lifecycle. MLflow, Dagster, Kafka, Elastic, on AWS, Azure or GCP.
- AI red teaming. Adversarial testing against the OWASP LLM Top 10 with tools such as Garak and Promptfoo. Findings turned into detection rules and platform hardening.
- DevSecOps in the CI/CD. SAST/DAST, container scanning, IaC auditing and secrets management wired into developer workflows. Trivy, Snyk, Semgrep, Terraform audits.
Before going deep into AI I worked as a security engineer and AI security researcher, applying ML to detection in cybersecurity.
Certifications
- EC-Council Certified Offensive AI Security Professional (COASP): red teaming and adversarial testing of LLM systems.
- Google Cloud Professional Data Engineer: production data pipelines and ML workloads on GCP.
- MSc in Cybersecurity, University of Salamanca.
- Additional: ICPP+ (Professional Pentester), ICDFW (Digital Forensics), Microsoft Azure Fundamentals.
Competitive hacking
- 🇪🇸 Spanish National Cybersecurity Team (ESCS). Member and representative.
- Top 1 Spain on CTFtime, 2021-2023.
- Top 50 HackTheBox.
- National CTF wins: H-C0n, Cybercamp, Cyber Shield (National Champion at Cybercamp 2019).
- Top placements in incident response competitions (CyberEX 2021, 2025).
Stack
- Languages. Python, TypeScript.
- AI/ML. LangGraph, LangChain, OpenAI API, PyTorch, MLflow, LangFuse / LangSmith.
- Data & backend. Kafka, Redis, Elastic Stack, Dagster / Airflow, FastAPI, PostgreSQL.
- Infra & cloud. Docker, Kubernetes, Terraform, AWS, Azure, GCP. Prometheus / Grafana for telemetry.
- AI security. Garak, Promptfoo, PyRIT, MITRE ATLAS, OWASP LLM Top 10.
- AppSec & DevSecOps. Semgrep, CodeQL, Snyk, Trivy, Dependabot, Burp Suite.
My cybersecurity blog: https://ironhackers.es