Security engineer. Incident responder. Builder.
There was no obvious path from San José to the European Commission. Growing up in a working-class neighbourhood where that trajectory simply wasn't in the frame, you learn something early: problems get solved or they don't, resources are what you have right now, and waiting for better conditions is not a strategy.
That instinct is the foundation. Not a certification, not a degree. The habit of getting close to how things actually work, and fixing them when they break, built before any formal training did.
Erasmus University Rotterdam, then a year at Jiao Tong University in Shanghai. Business information management, data analytics, e-commerce and digital innovation. Not just different subjects, but different ways of thinking about how systems move, how information becomes leverage, what falls apart when you operate in an unfamiliar environment.
The first security work ran alongside the degree. Analyzing vulnerabilities in Dutch energy infrastructure. Building digital systems for organizations with no IT budget. Enough real work to know the difference between how a system is supposed to behave and what actually happens under load.
Berlin changed the register. When Black Basta ransomware hit a major European manufacturer, the question stopped being theoretical. Active incident, infrastructure down, timeline compressed. The job was to bring it back.
Two weeks. That is the kind of test that does not come from any training program. You find out quickly whether what you know holds under that pressure, or whether it was always more comfortable than real. It held.
The EU institutional CSOC is where the arc lands. Cybersecurity engineering at the European level, endpoint security strategy across institutional infrastructure, AI-assisted operations, team leadership. The problems are familiar. The scale and the stakes are not.
From Barcelona, building continues in parallel. Intelligence platforms and security tools, built from the same operational methodology as the consulting work, for organizations and individuals that cannot afford to hire it at source. Different audience, same standard.
Security consulting that produces working defenses, not reports that sit in a drawer. Every engagement ends with something that functions: monitored, tested, documented.
The tools come from the same place, inside the problem. The same methodology that drives the consulting work powers the intelligence platforms and security products, built because the threats don't stop at institutional boundaries.
Operating across Europe and Latin America. EU institutional security, NIS2 advisory, intelligence platform development. Different contexts, same standard.
The work has always moved toward environments where security decisions carry real consequences, active threat landscapes, constrained resources, institutional stakes that do not forgive mistakes. That is where it continues.