"A RET Tecnologia não vende código — vende blindagem."
-58a6ff?style=for-the-badge){kind=icon}
I don't just write code; I build digital fortresses.
My foundation was forged in mission-critical environments. Serving as an IT Assistant & Developer for the Marinha do Brasil (Brazilian Navy), I internalized military-grade discipline regarding infrastructure, automation, and continuous monitoring. In such environments, there is no room for error, and security is not an afterthought—it is the baseline.
Today, as the Founder and DevSecOps Engineer of RET Tecnologia, I engineer B2B architectures capable of sustaining 50,000+ simultaneous connections with a 99.95% SLA. I lead teams in reducing deployment cycles from 2 weeks to 3 days using Domain-Driven Design (DDD), all while maintaining strict Zero Trust protocols.
I am a builder who thinks like a hacker. I actively hunt for vulnerabilities such as Zero-days in macOS, SSRF, and Account Takeovers, permanently neutralizing threats before they ever reach production.
|
|
At the core of my methodology is a strict Shift-Left DevSecOps pipeline. We don't bolt security on at the end; we compile it natively into every commit.
graph LR
A[Code Push] --> B[Pre-commit Secrets<br/>Detect-Secrets]
B --> C[IDE SAST<br/>Semgrep/CodeQL]
C --> D[Container Scan<br/>Trivy/Snyk]
D --> E[Artifact Signing<br/>Sigstore/Cosign]
E --> F[K8s Admission<br/>OPA Gatekeeper]
style A fill:#0d1117,stroke:#58a6ff,color:#c9d1d9
style F fill:#0d1117,stroke:#3fb950,color:#c9d1d9
Verify my Infrastructure-as-Code (IaC) governance: View my Open-Sourced SLSA Policies
(Beyond badge hoarding. These are the tools I use in production to drive outcomes).
Cloud & Infrastructure
Backend & Full Stack
Databases & Message Brokers
Observability & Dev Tools
|
O Desafio: A fragmentação de ferramentas de auditoria e segurança gerava gargalos e falsos positivos em operações B2B de Red Team. A Solução: Framework ofensivo modular 100% em Python contando com mais de 85 plugins táticos para exploração, Scanners de Segredos, Auditoria de CVEs e OSINT. O Impacto: 500+ downloads globais, sendo utilizado para padronizar esteiras DevSecOps em 12 países. 
|
O Desafio: Entrega global com latência zero para clientes Enterprise B2B exigindo máximo SLA em ambientes hostis. A Solução: Progressive Web App (PWA) construído com Next.js 15 e TypeScript, rodando inteiramente na Edge Network da Vercel, protegido por Content Security Policy (CSP) Strict e WAF Ativo. O Impacto: Sustenta alta carga com segurança nível militar e garante 100/100 Lighthouse Perfect Score. 
|
"Security by Design, not as an afterthought."
PT-BR EN-US ES — Rio de Janeiro, Brasil — GMT-3