Fernando Martins

Ethical Hacker

Data EntryTranslatorCopywritingTech SupportITSecurity Analyst

I am a cybersecurity professional and penetration tester with over 15 years of experience in information technology, specializing in web application security, infrastructure security, and vulnerability assessment. Throughout my career, I have worked with organizations in the banking sector, public institutions, and private companies, helping them identify and mitigate security vulnerabilities in their systems and networks. Currently working as a freelance penetration tester, I conduct security assessments of web applications, wireless networks, and corporate infrastructures. Using tools such as Kali Linux, Burp Suite, Metasploit, Nmap, and Nessus, I perform vulnerability analysis aligned with frameworks like OWASP Top 10 and OSSTMM. My work has included identifying critical Active Directory vulnerabilities, gaining domain-level access in security assessments, and delivering detailed reports with high-risk findings and remediation recommendations. Previously, I worked as a Cybersecurity Consultant at Novo Banco, where I was part of the Security Operations team responsible for monitoring infrastructure through Nagios, analyzing phishing incidents, and producing cybersecurity alert use-case reports. I also worked on configuring privileged access monitoring solutions such as the Ekran platform. Earlier in my career, I worked as a pentester at Marketware, where I performed security audits for financial institutions and government entities, including projects related to the Portuguese Tax and Customs systems and banking platforms. My role involved identifying vulnerabilities in web applications, wireless networks, and operating systems, as well as producing security reports and assisting with remediation. In addition to cybersecurity, I have experience as a systems operator and systems administrator, monitoring large enterprise infrastructures and managing Windows and Linux environments. My technical background includes programming, web development, and network administration, supported by formal training in com

People also viewed

Gabriela Montesdeoca

ParalegalLegal SupportCompliance Officer+4 tags

Service Engineer @Lida Solutions

Partner🔥 Startup Founder✔️ IT+15 tags

Jaime Lightfoot

Security researcher @Lightfoot Labs

Security AnalystWeb DeveloperElectrical engineer+3 tags

Agustín Rotta Leonel

Redaccion @independiente

Assistant EditorCopywriterResearcher+5 tags

Data Entry Clerk @Ministry of Health and Child Care, Zimbabwe

Data Entry AssociateAssistantAdministrative Assistant+4 tags

E-commerce Manager

Data Entry SpecialistPresentation DesignerDocument Processor+11 tags

Chief Creative @Concept One Communications

Sunduibaatar Nyam

FinanceCFOConsumer Industry

Physician assistant @East coast advanced plastic surgery

Ux Ui Designer @Roberto Silva

Brazil

Feedback from Fernando’s ex-colleagues

user-post-1

user-post-2

user-post-3

Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app

Work Background

Ethical Hacker

Smart Human CapitalEthical Hacker

Jun. 2024Sintra, Lisboa, PortugalResponsible for conducting audits and penetration tests across various environments, including: -Web applications -Internal infrastructure with Active Directory - REST and SOAP APIs - IoT devices and OT environments Tools used: Kali Linux (customized for corporate pentesting) Burp Suite for web application analysis and exploitation Nessus for vulnerability scanning Metasploit Framework for exploitation and custom exploit development Activities focused on identifying, exploiting, and documenting vulnerabilities, following methodologies such as OWASP, PTES, and MITRE ATT&CK.

Pentester

FreelancerPentester

Mar. 2023 - May. 2024SintraI have performed penetration tests against many organizations where I was unable to find any directly exploitable services or applications but was able to gain a foothold in Active Directory, take over the domain (or domains), and issue 10 or more high-risk findings related to AD in their penetration test report. The main role was to find vulnerabilities in clients Web applications (Joomla,Wordpress,Drupal) and wireless networks. I used the Kali Linux distro with the most varied tools and had as a reference the OWASP TOP 10 and OSSTM project to search for vulnerabilities of application and systems. For infrastructure scans I used NESSUS and NMAP. I used Skipfish tool from Google and BURPSUITE using Man-In-The -Middle techniques complementing the manual tests. There were also several virtual machines where penetration tests were performed with the most diverse exploits to Windows and Linux machines specifically with Rapid7's Metasploit application . I used as well several privilege escalation techniques in Windows and Linux Boxes

Cybersecurity Consultant

AFFINITY PortugalCybersecurity Consultant

Nov. 2021 - Feb. 2023Sintra, Lisboa, PortugalInitially, I joined NovoBanco's Security Operations Team, where I was responsible for monitoring the bank's various systems on the Nagios platform. I also analyzed suspicious emails for possible cases of Phishing. In January of 2022 i went into the Security Exploration team where I produced reports of Use Cases of alerts that are sent by S21sec in terms of Cybersecurity. At the moment I am configuring the Ekran Platform that manages access and records client sessions.

Dec. 2020 - Nov. 2021Sintra, Lisboa, PortugalTenho como função procurar vulnerabilidades nos websites dos variados clientes e fazer relatórios mensais. Usava a distro Kali Linux com as mais<br>variadas ferramentas e tinha como referência o projecto OWASP e OSSTM para procura de<br>vulnerabilidades de vertente aplicacional e de sistemas. Para scans de infraestrutura usava o<br>NESSUS e o NMAP. Nas auditorias de segurança no Montepio usei a ferramenta skipfish da google<br>e BURPSUITE usando técnicas de Man-In-The -Middle complementando os testes manuais.Tinha<br>também várias maquinas virtuais onde se faziam testes de penetração com os mais diversos exploits<br>a máquinas Windows e Linux especificamente com a aplicação Metasploit da Rapid7.<br>

Sep. 2017 - Nov. 2020Na CGI tinha como função a monitorização dos diversos sistemas Windows e UNIX da EDP e<br>encaminhar os alarmes da Consola BMC Impact para as equipas correspondentes. Monitorização na<br>Plataforma Control-M dos diversos jobs a serem executados como também na Plataforma SAP.<br>Trata-se também dos diversos incidentes dos clientes que podem ser resolvidos remotamente.

Jul. 2012 - Jul. 2017LisboaNa Marketware tinha como principal função encontrar vulnerabilidades em websites da Autoridade<br>Tributária e Aduaneira e da Banca Portuguesa e Angolana. Usava a distro Kali Linux com as mais<br>variadas ferramentas e tinha como referência o projecto OWASP e OSSTM para procura de<br>vulnerabilidades de vertente aplicacional e de sistemas. Para scans de infraestrutura usava o<br>NESSUS e o NMAP. Nas auditorias de segurança no Montepio usei a ferramenta skipfish da google<br>e BURPSUITE usando técnicas de Man-In-The -Middle complementando os testes manuais.Tinha<br>também várias maquinas virtuais onde se faziam testes de penetração com os mais diversos exploits<br>a máquinas Windows e Linux especificamente com a aplicação Metasploit da Rapid7.<br>Nesta função fazia também auditoria a redes Wireless WPA e WPA2 usando as ferramentas da distro<br>Kali Linux.<br>No departamento técnico tinha também funções produzir relatórios das vulnerabilidades encontradas

Oct. 2011 - May. 2012LisboaTinha como função gerir várias redes informáticas em ambiente Windows em várias empresas em<br>Lisboa. Na loja tinha como função reparar hardware (Pcs e Laptops) e atendimento ao público na<br>vertente de informática.

Trabalhador Independente

May. 2008 - Sep. 2011Sintrainha como função desenvolver websites na plataforma Joomla e Moodle com conteúdos em flash.<br>Manutenção a nível de hardware e software de várias escolas no concelho de Sintra. Configuração<br>de servidores Windows 2008 em Active Directory.

Systems Administrator and Webdesigner

Trabalhador IndependenteSystems Administrator and Webdesigner

May. 2008 - Sep. 2011SintraThe main role was to develop websites on the Joomla and Moodle platform with flash content. Maintenance of hardware and software of several schools in the municipality of Sintra. Configuration of Windows 2008 servers in Active Directory.

Geração Semente

Sep. 2007 - May. 2008SintraTinha como função fazer a manutenção a nível informático de várias escolas do 1º ciclo no concelho<br>de Sintra

Computer Maintenance Technician

Geração SementeComputer Maintenance Technician

Sep. 2007 - May. 2008SintraThe main role was to perform the maintenance at the computer level of several 1st grade schools in the municipality of Sintra.

Jpccomputadores

Sep. 2004 - Apr. 2005Mem-martinsAcumulava funções de Administrador de servidor dedicado Windows 2003 Server com interface<br>PLESK 7.0 e Webdesigner onde tinha como função construir websites dinâmicos, lojas on-line com<br>Modulos Open source como o caso do Oscommerce.<br>Exemplos:<br>- www.cocktailteam.net<br>- www.castropacheco.com<br>-coxixos.castropacheco.com<br>- www.tulipadecristal.com

Requests

Touchpoint image

0

Personal Pitch

Audit & Pen Test Expertise

Intch is a Professional Networking App for the Future of Work

300k+ people

130+ countries

AI matching

Get Intch if you'd like to

Get Recommended to New Customers

Connect with Like-Minded People

Find a side project

Reach Top Niche Experts

Find Jobs on a Hidden Market

Find a Perfect Co-Founder

Find a Trusted Mentor

Hire Top Global Professionals

See more people like Fernando on Intch

IT

1026939 people

23

Fullstack Developer

50

CEO & Founder @ Dynamic Flower

24

Project Manager @ Spontaneousclick

ITSecurity Analyst

56514 people

18

Major Account Manager @ Check Point Software Technologies Ltd

16

Program Manager @ IntellectEU

16

Web3, Blockchain and Wordpress Freelancer. Startup Adviser @ Buddy.pt