~/security/offensive

Santiago Andrade
Coding the future, shielding the present.

Tech Lead @ Councilbox | Offensive Security & Application Security.
I design resilient systems and conduct offensive security testing.

View Experience
// Professional Profile

Santiago Andrade Ferreiro

Tech Lead & Offensive Security

I am a **Tech Lead and Backend Developer** operating under the alias **BitSentry**. My focus is security-by-design, building high-scale systems that remain resilient against modern threats.

At Councilbox, I own the **product security posture**, bridging core backend engineering with internal offensive audits and pentesting. My goal is to ensure security isn't a patch, but a native part of the software lifecycle.

"Galicia Skills Gold Medalist and Spain Skills finalist. Independent security researcher and offensive lab enthusiast, focused on delivering technical value from the very first bit."

Reach Out

Work_Experience

Product Tech Lead & Offensive Security

2024 — Present

COUNCILBOX

Own the product security posture, conducting internal Web/API pentests, phishing simulations, and offensive security audits. Deliver executive and technical reports aligned with Tier-1 external assessments.

Offensive SecurityInternal PentestsAppSec OwnershipOVAC Product

Fullstack Developer (OVAC Product)

2022 — 2024

COUNCILBOX

Developed core backend features, implemented secure system design, and supported product security initiatives through code reviews and threat analysis.

Backend CoreSecure ArchitectureOVAC Product

Fullstack Developer

2021 — 2022

AVA TECNOLOGÍA

Managed full-cycle web development projects with focus on scalable solutions and legacy system optimization.

LaravelPHPPerformance Optimization

Academic_Credentials

MSc in AI & Big Data

IES Fernando Wirtz

Adversarial ML & Neural Networks

MSc in Cybersecurity

IES San Clemente

Offensive Security & Pentesting

BSc in Web Development (DAW)

IES San Clemente

Software Engineering Fundamentals
// Featured Projects

The Vault

A collection of tools and applications built with security and performance at their core.

Financial Management
Nukairo
Secure-by-design personal finance SaaS. Built with backend robustness and privacy-first architecture.
Security Tooling
Gqlonaut
Introspection module for Caido/GraphQL. Automated discovery for offensive security audits.
Dev Productivity
Git-Cleaner
CLI tool for automated git branch lifecycle management.
// Security Credentials

Offensive Lab

Professional certifications, offensive security methodology, and hands-on Red Team experience.

Certifications

CEH

Active

Certified Ethical Hacker

OSCP

In Progress (2026)

Offensive Security Certified Professional

Labs / HackTheBox

Ongoing

Active Offensive Security Labs

Pentest Methodology

01Reconnaissance / OSINT

OSINT & Surface Mapping

02Vulnerability Discovery

Vulnerability Scanning

03Active Exploitation / Red Team Ops

Active Engagement

04Technical & Executive Reporting

Technical & Exec Reports

View Labs & Projects
// AI & Offensive Security

Research & Speaking

Vulnerability analysis in deep learning models and defense techniques.

Keynote TalkAsturcon '23GDG DevFestCibergal

Breaking Neural Networks: Backdoors & Adversarial AI

Presented at security conferences, exploring how minimal data perturbations (noise) can force misclassifications in critical systems.

Security Research
PoC exploit
fgsm_attack.py
def craft_noise(img, eps):
  grad = get_gradients(img)
  # Aplicar perturbación
  noise = eps * grad.sign()
  adv_x = img + noise
  return clamp(adv_x, 0, 1)
Adversarial Machine Learning Specialist
ID: ADVERSARIAL_ML_01
// Latest Articles

Knowledge Hub

Thoughts on security, engineering, and technical leadership.

View all blog