I’m the Cyber Security and Quality Assurance Team Leader at the Brazilian Development Bank (BNDES), where I lead teams across application security, vulnerability management, and quality engineering. I’m also an independent researcher in cyber security and software engineering.
I hold a Ph.D. in Software Engineering from the Computing Institute of Fluminense Federal University - UFF (2023), a Specialization in Defense and Cybersecurity from the Brazilian War College - ESG (2024), an M.Sc. in Systems Engineering and Computer Science from COPPE/UFRJ (2009), an M.B.A. in Business Administration from COPPEAD/UFRJ (2016), and a B.Eng. in Computer and Electronic Engineering from DEL/UFRJ (2005).
Outside of work and research, I enjoy photography, video games, tabletop RPGs, and cooking — especially barbecue.
Research interests
My broad research areas are release engineering, cyber security, and DevSecOps. The questions that motivate my work include:
- How does rapid release adoption affect software collaboration, quality, and security?
- How should organizations prioritize vulnerabilities in practice, given the gap between scanner output and real-world exploitability?
- How can release pipelines embed security as a first-class concern rather than a late-stage gate?
I’m also interested in software repository mining, continuous engineering, infrastructure as code (IaC), DevOps, agile, and access control.
Current research
- Vulnerability prioritization. I’m researching how to design prioritization policies that maximize the share of relevant vulnerabilities addressed first — bridging the gap between scanner output, exploitability signals, and the constrained capacity of remediation teams.
- Rapid releases — development process and collaboration. Building on my Ph.D. work, I study how shortening release cycles reshapes development practices and team collaboration: how work is broken down, how reviews and integration evolve, and how coordination changes when releases move from months to days.