~/security/offensive

Santiago Andrade
Coding the future, shielding the present.

Tech Lead @ Councilbox | Offensive Security & Application Security.
I design resilient systems and conduct offensive security testing.

View Experience

// Professional Profile

Santiago Andrade Ferreiro

Tech Lead & Offensive Security

I am a **Tech Lead and Backend Developer** operating under the alias **BitSentry**. My focus is security-by-design, building high-scale systems that remain resilient against modern threats.

At Councilbox, I own the **product security posture**, bridging core backend engineering with internal offensive audits and pentesting. My goal is to ensure security isn't a patch, but a native part of the software lifecycle.

"Galicia Skills Gold Medalist and Spain Skills finalist. Independent security researcher and offensive lab enthusiast, focused on delivering technical value from the very first bit."

Reach Out

Work_Experience

Product Tech Lead & Offensive Security

2024 — Present

COUNCILBOX

Own the product security posture, conducting internal Web/API pentests, phishing simulations, and offensive security audits. Deliver executive and technical reports aligned with Tier-1 external assessments.

Offensive SecurityInternal PentestsAppSec OwnershipOVAC Product

Fullstack Developer (OVAC Product)

2022 — 2024

COUNCILBOX

Developed core backend features, implemented secure system design, and supported product security initiatives through code reviews and threat analysis.

Backend CoreSecure ArchitectureOVAC Product

Fullstack Developer

2021 — 2022

AVA TECNOLOGÍA

Managed full-cycle web development projects with focus on scalable solutions and legacy system optimization.

LaravelPHPPerformance Optimization

Academic_Credentials

MSc in AI & Big Data

IES Fernando Wirtz

Adversarial ML & Neural Networks

MSc in Cybersecurity

IES San Clemente

Offensive Security & Pentesting

BSc in Web Development (DAW)

IES San Clemente

Software Engineering Fundamentals

// Featured Projects

The Vault

A collection of tools and applications built with security and performance at their core.

Financial Management

Aurea

Secure-by-design personal finance SaaS. Built with backend robustness and privacy-first architecture.

Security Tooling

Gqlonaut

Introspection module for Caido/GraphQL. Automated discovery for offensive security audits.

Dev Productivity

Git-Cleaner

CLI tool for automated git branch lifecycle management.

// Security Credentials

Offensive Lab

Professional certifications, offensive security methodology, and hands-on Red Team experience.

Certifications

CEH

Active

Certified Ethical Hacker

CPTS

In Progress (2026)

Certified Penetration Testing Specialist

CHFI

In Progress (2026)

Computer Hacking Forensic Investigator

Labs / HackTheBox

Ongoing

Active Offensive Security Labs

Pentest Methodology

01Reconnaissance / OSINT

OSINT & Surface Mapping

02Vulnerability Discovery

Vulnerability Scanning

03Active Exploitation / Red Team Ops

Active Engagement

04Technical & Executive Reporting

Technical & Exec Reports

Reconnaissance

Vulnerability

Active

Technical

View Labs & Projects

// AI & Security Research

Research & Talks

Exploring the intersection of artificial intelligence and cybersecurity.

Featured Talk3x Speaker

Defeating Neural Networks: Adversarial Noise Attacks

Exploring techniques to craft adversarial perturbations that can fool state-of-the-art neural networks while remaining imperceptible to human observers.

adversarial_attack.py

def gen_adv(model, x, eps=0.01):
  grad = get_grad(model, x)
  noise = eps * sign(grad)
  x_adv = clip(x + noise, 0, 1)
  return x_adv

AI Security & Adversarial Machine Learning

// Latest Articles

Knowledge Hub

Thoughts on security, engineering, and technical leadership.

View all blog

Santiago AndradeCoding the future, shielding the present.