Profile
About me
I started my career on the offensive side—breaking into systems before real attackers could, and showing organizations exactly where they were exposed. For several years, I co-led the Red Team Tower at Payatu, working alongside some of the sharpest minds in the industry. Those years in consulting taught me how attackers think, how systems quietly fail, and where organizations are most likely to get blindsided.
These days, I'm a Security Engineer at a FinTech startup, and I've crossed over to the defensive engineering side. I design secure infrastructure, automate detection pipelines, build security tooling, and hunt for weaknesses before they escalate into incidents. Whether I'm hardening cloud environments, securing AI-powered systems, investigating something that doesn't look right, or chasing an elusive bug at 2 a.m., the challenge stays the same: turning complex security problems into practical, scalable defenses.
Outside the office, cybersecurity is still my favorite rabbit hole. You'll find me tinkering in my personal Homelab, burning through Boot2Root Machines, playing CTFs, experimenting with new tech, or exploring emerging areas like AI and LLM security. I like understanding how systems break, why they break, and what it takes to build them better. I'm deeply passionate about solving complex cybersecurity challenges—whether they come through real-world projects, CTFs, Boot2Root Machines, or personal Homelab projects.
This site is where I document that journey—research, projects, hard lessons, and the occasional spectacular mistake. It covers offensive security, security engineering, cloud security, automation, AI security, and everything in between. If that sounds interesting, explore the blog.
P.S. If you're wondering why I go by the alias 0xpurecha0s, there's a story behind it.
What I'm doing
-
Infrastructure & Network Security
I can help perform in-depth infrastructure and network security assessments for your organization. These assessments are designed to uncover misconfigurations, exposed services, insecure protocols, and architectural weaknesses across on-prem, cloud, and hybrid environments. I've conducted such evaluations for numerous organizations, including several in the Fortune 500, helping them strengthen their foundational security posture and mitigate real-world risks.
-
Website Pentesting
I offer comprehensive web application penetration testing to identify and exploit vulnerabilities in websites, APIs, and associated backend components. These assessments simulate real-world attack scenarios — including injection flaws, authentication bypasses, business logic abuse, and client-side attacks — to evaluate the security of your application. I've tested a wide range of applications, from startups to enterprise-grade platforms.
-
Mobile Application Pentesting
I also have some background in testing for security issues in Mobile Application (iOS/Android).
-
Cloud
I have a very strong background in testing for security issues on cloud platforms like Azure and AWS. I have highlighted very serious configuration issues which have helped organization in securing their Cloud Infrastructure.