Alfonso Muñoz, PhD

Staff Offensive CyberSecurity Engineer at SandboxAQ
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
Greater Madrid Metropolitan Area, ES
Languages
  • Inglés Professional working proficiency
  • Español Native or bilingual proficiency
  • Catalán Limited working proficiency

Topline Score

Topline score feature will be out soon.

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

Gerson Rodríguez de los Santos López, PhD

I had the opportunity to work with Alfonso for more than 2 years at UC3M. Alfonso is a passionate expert on all technologies related to security. During his time at UC3M he combined his research and teaching duties with regular collaborations at security fora. His experience in security technologies, steganography among them, enriched the research group. I collaborated with him as a teacher and in several research papers, to which he made substantial contributions. His wide knowledge helped shape those papers where a background in security was essential for the research. His technical abilities are complemented by his capabilities as a communicator, which make his presentations, some of them available online, fun and easy to follow even for non-experts. During my time at RedIRIS, he was the first person in my mind if we required inputs for security-related chats at the Technical Journeys, although unfortunately none of those potential collaborations could materialise in the end due to calendar issues.

Gene Wahrlich

I worked with Alfonso on an embedded Android project. He was professional and did a thorough job of identifying vulnerabilities and documenting their risk to the organisation. Alfonso would be a great addition to any technical security team.

You need to have a working account to view this content.
Join now
You need to have a working account to view this content.
Join now

Credentials

  • Advanced Web Attacks and Exploitation (in progress)
    Offensive Security
    Dec, 2022
    - Nov, 2024
  • SEC 554 - Bloackchain and smart contract security
    SANS Institute
    Nov, 2022
    - Nov, 2024
  • CDPSE (Certified Data Privacy Solutions Engineer) training
    ISACA
    Jul, 2022
    - Nov, 2024
  • Offensive Security Wireless Professional
    Offensive Security
    Feb, 2021
    - Nov, 2024
  • The PowerMBA - Escuela de negocios
    ThePowerMBA
    Oct, 2020
    - Nov, 2024
  • Architecting on AWS - AWS Training and certification
    Amazon Web Services (AWS)
    Jun, 2020
    - Nov, 2024
  • Security Engineering on AWS. AWS Training and certification
    Amazon Web Services (AWS)
    Jun, 2020
    - Nov, 2024
  • CISSP - Certified Information Systems Security Professional
    CISSP and CompTIA Security+ Network+ Server+ Instructor
    Apr, 2019
    - Nov, 2024
  • Certificate of Cloud Security Knowledge (CCSK)
    Cloud Security Alliance
    Sep, 2018
    - Nov, 2024
  • Deep Learning
    Coursera Course Certificates
    Feb, 2018
    - Nov, 2024
  • Applied Data Science with Python
    Coursera Course Certificates
    Jan, 2017
    - Nov, 2024
  • Penetration Testing with Kali (PWK) - OSCP
    Offensive Security
    Jul, 2016
    - Nov, 2024
  • Certified Encryption Specialist
    EC-Council
    May, 2016
    - Nov, 2024
  • Bitcoin and Cryptocurrency Technologies - Coursera (Arvind Narayanan)
    Princeton University
    Sep, 2015
    - Nov, 2024
  • Computer Hacking Forensic Investigator - CHFIv8
    EC-Council
    Feb, 2015
    - Nov, 2024
  • Hardware Security (by Gang Qu - Coursera)
    University of Maryland
    Jan, 2015
    - Nov, 2024
  • Certified Ethical Hacker - CEHv8
    EC-Council
    Aug, 2014
    - Nov, 2024
  • Designing and Executing Information Security Strategies (Coursera).
    University of Washington
    Aug, 2014
    - Nov, 2024
  • Machine Learning - Coursera. Score total: 150/150 (Instructor: Andrew Ng)
    Stanford University
    Dec, 2013
    - Nov, 2024
  • Certified Information Systems Auditor (CISA)
    ISACA (Information Systems Audit and Control Association)
    Nov, 2013
    - Nov, 2024
  • Natural Language Processing - Coursera
    Standford University
    Feb, 2013
    - Nov, 2024
  • Cryptography I - Coursera. Score total: 98/103 (Instructor: Dan Boneh)
    Stanford University
    Jun, 2012
    - Nov, 2024

Experience

  • SandboxAQ
    • United States
    • Software Development
    • 100 - 200 Employee
    • Staff Offensive CyberSecurity Engineer
      • Apr 2022 - Present

      Quantum security and Network department My responsibilities at SandboxAQ, Sandbox@Alphabet (Google), are: - Analyze and discover security vulnerabilities in both proprietary and open-source software. - Conduct security reviews of both testing and production infrastructure. - Provide security expertise and guidance to the research, engineering and business teams. - Lead internal security process at Sandbox. https://www.reuters.com/technology/quantum-startup-sandbox-aq-spins-off-alphabet-gains-nine-figures-funding-2022-03-22/ Show less

  • Europol
    • Law Enforcement
    • 300 - 400 Employee
    • Expert - member. Europol Data Protection Experts Networks (EDEN)
      • Jun 2019 - Present

      The EPE hosts a broad variety of online expert communities dedicated to specific fields of law enforcement. These experts have gained a wide range of know-how, expertise and information, and that has allowed them to create an environment that fosters and supports online collaboration. The EPE hosts a broad variety of online expert communities dedicated to specific fields of law enforcement. These experts have gained a wide range of know-how, expertise and information, and that has allowed them to create an environment that fosters and supports online collaboration.

  • CriptoCert
    • Spain
    • IT Services and IT Consulting
    • Private Investor & Founder
      • Mar 2019 - Present

      https://www.criptocert.com https://www.criptocert.com

  • Europol European Cybercrime Centre (EC3)
    • Expert - Member - Criminal Use of Information Hiding (CUIng) Initiative
      • Apr 2016 - Present

      Criminal Use of Information Hiding (CUIng) Initative (http://cuing.org/) has been officially launched in June 2016 with the support by Europol's European Cybercrime Centre (EC3) to tackle the problem of criminal exploitation of information hiding techniques by working jointly and combining experiences of experts from academia, industry, law enforcement agencies and institutions. The main objectives of CUIng are to: - Raise Awareness: inform about the threat that information hiding techniques can pose. Increase sensitivity to cybercriminals' information hiding potential exploitation e.g. in companies. Emphasize e.g. how forensic investigations could be impacted and how significantly harder they are when such techniques are utilized. - Track Progress: monitor sophistication and complexity of information hiding techniques found in the wild used by cybercriminals, terrorists and spies. - Share Strategic Threat Intelligence: bring together security professionals from institutions, academics and industry to distribute information and share experience from different angles (security professionals, academics, law enforcements, companies, institutions etc.). - Work Jointly: cooperate and benefit from joint potentials to develop effective countermeasures and integrate it on a global scale (or at least EU level). - Educate & Train: make law enforcement agencies, companies, institutions, individuals etc. ready and fully prepared to react to potential cybercriminals' information hiding exploitation.. Show less

  • Inetum
    • France
    • IT Services and IT Consulting
    • 700 & Above Employee
    • Global Technical Cybersecurity Lead & Head of cybersecurity lab
      • Feb 2020 - Mar 2022

      My main focus was on advanced offensive services (ethical hacking) for large clients (reporting impactful vulnerabilities), including banks, public administration, pharmaceutical, insurance, energy, etc. I additionally led a research team focusing on cryptography research, creation of automatic red-team tools and novel cloud identification and protection systems. My main focus was on advanced offensive services (ethical hacking) for large clients (reporting impactful vulnerabilities), including banks, public administration, pharmaceutical, insurance, energy, etc. I additionally led a research team focusing on cryptography research, creation of automatic red-team tools and novel cloud identification and protection systems.

  • BBVA Next Technologies
    • Spain
    • Software Development
    • 700 & Above Employee
    • Global Technical Cybersecurity Lead & Head of cybersecurity lab -
      • Oct 2018 - Feb 2020

      Data protection & CryptographyPlatform & Application securitySecurity Behaviour & MLInformation Technology Security Assessment (offensive/defensive, IR, cloud, pentesting, threat hunting...)

    • Head of Cybersecurity Lab
      • Apr 2016 - Feb 2020

      Topics: Pentesting (mobile, network, wireless, cloud, ....), advanced data protection & cryptography , cloud security (IR, forensic, ML, ...), usability & automatization (security), behaviour analytics, AAA, fraud, Machine Learning/Deep Learning...https://www.bbvanexttechnologies.com/

  • IOActive, Inc.
    • United States
    • Computer and Network Security
    • 1 - 100 Employee
    • Senior Security Consultant
      • Sep 2015 - Mar 2016

      R&D - IOActive Lab Research... Pentesting & cutting‑edge security services throughout the European, Middle Eastern, and African (EMEA) regions (Global 500 customers) as well as foster additional research from its highly skilled team R&D - IOActive Lab Research... Pentesting & cutting‑edge security services throughout the European, Middle Eastern, and African (EMEA) regions (Global 500 customers) as well as foster additional research from its highly skilled team

  • Telefónica
    • Spain
    • Telecommunications
    • 700 & Above Employee
    • Senior Security Researcher
      • Mar 2014 - Sep 2015

      R&D security department R&D security department

  • Universidad Carlos III de Madrid
    • Spain
    • Higher Education
    • 700 & Above Employee
    • R&D Security Researcher. Postdoctoral research
      • Aug 2011 - Feb 2014

      - criptografía/criptoanálisis, seguridad en red, pentesting, informática forense, dpi, profiling... - criptografía/criptoanálisis, seguridad en red, pentesting, informática forense, dpi, profiling...

  • Indra
    • Spain
    • Engineering Services
    • 700 & Above Employee
    • Programmer Analyst & Computer Security
      • Apr 2011 - Aug 2011

      Analista y programador Analista y programador

  • Universidad Politécnica de Madrid
    • Spain
    • Higher Education
    • 700 & Above Employee
    • R&D Security Researcher
      • Sep 2003 - Feb 2011

      Researcher at T>SIC research group (Telematic Systems for the Information Society and Knowledge) at the Telecommunication School of the Technical University of Madrid (EUITT-UPM).1. Pentesting, computer forensics and network security. 2. Privacy, surveillance, anonymity and traffic analysis.3. Cryptography and security protocols.4. Side-channels, covert channels, watermarking and steganography.5. Natural Language Watermarking.6. Reverse Engineering and physical security: lockpicking, smartcards, biotoken.7. eDemocracy, eParticipation, eAccesibility.More information: https://sites.google.com/site/webamunoz/ Show less

    • R&D Security Research. PhD - Research (UPM)
      • Feb 2009 - Dec 2010

      Tesis doctoral: Automatización de procedimientos en esteganografía y estegoanálisis lingüístico aplicado a la lengua española. Autor: Alfonso Muñoz, Director: Justo Carracedo. Calificación: Sobresaliente Cum Laude. 21 diciembre 2010.

  • Albalia Interactiva
    • Spain
    • IT Services and IT Consulting
    • R&D Security Researcher. Proyecto Investigación UPM
      • Jan 2006 - Jan 2006

      UPM-Albalia Interactiva: Programa piloto de firma digital en terminales móviles TSM500 con tarjeta inteligente de la FNMT (Fábrica Nacional de Moneda y Timbre). Tecnologías: C/C++ y smartcards. UPM-Albalia Interactiva: Programa piloto de firma digital en terminales móviles TSM500 con tarjeta inteligente de la FNMT (Fábrica Nacional de Moneda y Timbre). Tecnologías: C/C++ y smartcards.

  • Siemens - Invensys Dimetronic Signals
    • San Fernando de Henares. Madrid
    • JAVA Programmer
      • Oct 2002 - Jul 2003

      Análisis de requisitos software, implementación de protocolos de comunicación y programación de interfaces web (J2SE, SWING). Análisis de requisitos software, implementación de protocolos de comunicación y programación de interfaces web (J2SE, SWING).

Education

  • Universidad Politécnica de Madrid
    Doctor Ingeniero de Telecomunicación, Telemática
    2009 - 2010
  • Universidad Politécnica de Madrid
    Ingeniero de Telecomunicación - ETSIT - UPM, Telemática
    2004 - 2006
  • Universidad Politécnica de Madrid
    Ingeniero Técnica de Telecomunicación - EUITT -UPM, Telemática
    1999 - 2003
  • IES Joaquin Rodrigo
    Bachiller - IES Joaquín Rodrigo - Vicalvaro - Madrid, Bachiller Tecnológico
    1995 - 1999
  • Agile Management
    2016 -
  • Courses - Computer Security
  • Courses - Cryptography
  • Courses - Management

Community

You need to have a working account to view this content. Click here to join now