About

Who I Am

Cybersecurity professional, ethical hacker, researcher, and builder focused on practical security work, offensive research, and clear technical communication.

More than 10 years of experience in cybersecurity, with work across financial-sector environments, academic research, application security product organizations, and lecturing, spanning security testing and offensive engagements, application security and secure software practices, operational security support, security research, management, and education and awareness.

Profile

Background

Ricardo Gonçalves

Hi, I'm Ricardo Gonçalves, a cybersecurity professional, ethical hacker, security researcher, and lifelong learner in the field of security. I focus on uncovering vulnerabilities, studying emerging threats, and advancing both defensive and offensive security practices through practical research and engineering work.

My work spans vulnerability research, secure engineering, offensive testing, and building tools that make practical security analysis more effective. I am particularly interested in developing innovative solutions that help strengthen modern technologies and turn research into useful, operational outcomes.

Experience

Areas of Practice

10+ years

My experience covers more than a decade of work in cybersecurity, including projects in financial-sector environments, academic research settings, application security product organizations, and lecturing. Across security testing and offensive engagements, this includes penetration testing, security assessments, red teaming, and social engineering. Across application security and secure software practices, it includes application security, code review, secure software development lifecycle work, and the development of secure pipelines and DevSecOps-aligned practices that support modern engineering teams. Across operational security support, it includes threat and vulnerability management and support for incident response activities. It also includes hands-on security research and CNA contribution, together with management, teaching, and security awareness.

Alongside technical delivery, I care about teaching and knowledge transfer: making complex security topics understandable, actionable, and useful in real-world development and operations.

Site Scope

What This Site Covers

  • Security projects and engineering experiments.
  • Detailed Capture The Flag writeups and challenge notes.
  • Research findings, advisories, and vulnerability-related publications.
  • Academic work connected to security and systems research.

The goal is straightforward: publish useful work, preserve older material, and keep a public record of projects and research that may help other practitioners.

This site also reflects an interest in connecting research, teaching, and hands-on practice: taking ideas from investigation and secure software development work, then turning them into material that is concrete, testable, and useful to others.

Contact

Connect

For collaboration, questions, or research-related contact, use email or reach out on X / @0x4notherik.