Paulo Hennig

About Me

I am a cybersecurity professional with extensive experience in Purple Teaming, Cloud Security (CloudSec), Security Operations Centers (SOC), and DevSecOps. With a solid background in AWS and Azure, I specialize in offensive security, secure development lifecycles, and web application code reviews. My focus is on enhancing security postures for financial services and global enterprises in multi-cloud environments. I leverage various technologies, including IBM QRadar, HashiCorp Vault, SonarQube, Rapid7’s toolset (AppSpider, InsightVM, InsightCloudSec), Endpoint Detection and Response (EDR) solutions, and more. In my free time, I engage in cybersecurity challenges such as Capture The Flag (CTF) competitions and Hack The Box exercises, and I develop applications primarily using Python and Go. I also enjoy watching football and playing video games.

Certifications

Credly
Credential

Information Security

AWS Cloud Security Specialty (AWS)
AWS Red Team Expert (HackTricks)
AZ-500:Azure Security Engineer Associate (Microsoft)
OSWE:Offensive Security Web Expert (Offsec)
OSCP:Offensive Security Certified Professional (Offsec)
OSWP:Offensive Security Wireless Professional (Offsec)
CRTP:Certified Red Team Professional (Altered Security)
ISO IEC 27001 Information Security Foundation (Exin)
DCPT:DESEC Certified Penetration Tester (DESEC)

Information Technology

AZ-900:Azure Fundamentals (Microsoft)
CompTIA Linux+ (Comptia)
LPIC-1 (Linux Professional Institute)
EDB Certified Associate: Postgres Advanced Server 9.6 (EnterpriseDB)

Experience

Agi – Cybersecurity Specialist

November 2020 – Present Financial Services | Commercial Bank

Administered multi-account AWS environments and multi-subscription Azure environments with a focus on improving security scores
Configured a range of services across AWS—including GuardDuty, CloudTrail, CloudFront, WAF, Service Control Policies (SCPs), and Secrets Manager—as well as Microsoft Azure services such as Entra ID, Policies, Front Door, Key Vault, Conditional Access, Microsoft Sentinel, and Identity Protection
Developed and configured Infrastructure as Code (IaC) using Terraform, enhancing services like Identity and Access Management (IAM) and Web Application Firewall (WAF)
Administered solutions such as HashiCorp Vault, SonarQube, Rapid7's toolset (e.g., AppSpider, InsightCloudSec), Tenchi CSPM, and Axur threat intel
Conducted penetration tests on APIs and web applications
Performed security assessments of Active Directory (AD) infrastructure, specializing in its security posture evaluation and improvement
Created automation solutions using various technologies, including serverless computing, Docker, and Docker Compose
Administered IBM QRadar SIEM, integrating it with various platforms and developing use cases and runbooks
Performed code reviews on applications written in Java, Python, and Node.js

Viewdeck – Cybersecurity Analyst

March 2020 – November 2020 IT Company | Secure Digital Transformation

Configured security protections and policies in Exchange, including anti-spam, safe link, and anti-malware features
Administered Microsoft Azure Sentinel for centralized security monitoring and response
Configured security protections for Azure and Office 365 environments

Synack Red Team – Security Researcher

August 2019 – August 2023 Private Bug Bounty Program

Conducted security assessments of web, infrastructure, and mobile applications through private bug bounty programs

E-core/Atlassian – Senior Support Engineer

January 2015 – March 2020 IT Company | Support Services

Acted as a security champion for the global support team, focusing on web vulnerabilities across Jira and Confluence products.
Provided technical assistance to customers using Jira Server, addressing issues related to DBMS, LDAP, REST API integrations, and overall infrastructure.
Acted as a knowledge multiplier and primary contact for handling complex cases with customers using Atlassian tools

Key Projects

Azure Integration

Developed a solution to retrieve risky detections (e.g., password leaks, atypical travel) through an enterprise app in Azure, securely sending the data to a SIEM solution via syslog. Implemented with Docker and HashiCorp Vault for secure authentication

GitHub Project

Shadow IT Tracker

Developed a tool to monitor and secure sensitive information indexed by Google using a defined set of Google dorks, alerting SIEM solutions when unauthorized data exposure is detected