About Me
Red Teamer · Pentester · Security Researcher · Lisbon, PT

Hey. I'm Fábio Gomes — a security specialist based in Lisbon with over 8 years of hands-on offensive security experience. I've spent my career breaking into things professionally: web apps, APIs, Active Directory environments, cloud infrastructure, SCADA/OT systems, and AI integrations.

I got into security through CTFs at IST, where I was part of the STT university team. That curiosity snowballed into a career spanning principal penetration testing at Integrity SA, where I founded the SCADA/OT pentest practice, and now leading Red Team operations at Cybertrust/Devoteam — running PCI DSS and TIBER-EU engagements and building out a purple team service.

Outside of work, I'm into smart contract auditing, researching vehicle CAN bus protocols, Crossfit, and a long-term project of buying and restoring a classic car. This blog is where I put the stuff I find interesting enough to write up.

Focus Areas
  • Red Team Operations (TIBER / PCI DSS)
  • Web & API Penetration Testing
  • Active Directory & Cloud (AWS, Azure)
  • SCADA / OT Security
  • AI Agent Security Research
Tools I Reach For
  • Burp Suite, Nessus, NMAP
  • Cobalt Strike, Kali Linux
  • Frida, jadx (Android)
  • Solidity (Smart Contract Auditing)
  • Python, C, C#, Java, Bash
Achievements
  • OSCE3 — one of OffSec's hardest certs
  • CVE-2020-13639 published
  • IEEE paper published (NCA Symposium)
  • Thesis merit award by AP2SI
  • Founded SCADA pentest service at Integrity
Currently
  • Leading Red Team ops at Cybertrust
  • Building purple team practice
  • Researching AI agent security
  • Writing up findings on this blog
  • Available for consulting & collab
$ echo $CONTACT
fmjgomes [at] gmail [dot] com
$ echo $LOCATION
Lisbon, Portugal
$ cat /etc/certifications | head -3
OSCE3 · OSWE · OSEP · OSED · OSCP · CRTP · WPTXv2
✉ Email Me ⌥ GitHub ◈ Twitter / X ⬡ LinkedIn ↗ View Résumé