0xRafaSec

About

Rafa — Security researcher, engineering leader, and builder

Who I am

Hey, I'm Rafa. I'm a Brazilian Head of Engineering (GMT-3), passionate about crafting high-impact digital solutions. With 18+ years building software and leading teams, I specialize in full-stack development — React for intuitive UIs, Node.js for backend, Go and Rust for performance-driven systems, and Flutter for cross-platform mobile. By day I lead technical strategy at Oak Network, driving full-stack and blockchain development for Latin America. By night I dive into security research: CVEs, vulnerability analysis, and ethical hacking. 0xRafaSec is where I share that side.

Security & 0xRafaSec

Security has always been a parallel track for me. I completed the CEH & Security Training Program at EH Academy and have spent years studying vulnerabilities, exploit development, and defensive techniques. My passion is delivering scalable and secure applications — it's why I'm building rfirewall, a user-centric firewall for Linux, and why this blog exists. One of my goals is to guide developers to be more security-aware. It's not just about CVEs and vulnerabilities; it's about raising awareness around security in development — something I think is still far too rare. I focus on what matters to defenders and builders: context, impact, and actionable takeaways, not just raw NVD data.

Background

I've led engineering at Huge (American Express, top Brazilian clients, internet banking), Accenture Song, Gateway (Web3), and Justpoint (AI for medical legal discovery). I've been a partner at Parafernalia Interactive, built NFT collections and blockchain products as a founder, and delivered projects for Oi, Veja SP, XL Group, and Thoughtworks. That breadth — from enterprise CMS to AI algorithms to smart contracts — shapes how I think about security: systems, people, and real-world risk.

Tech & tools

React, Node.js, Go, Rust, Flutter. EVM and Solana contracts. Clean architecture, SOLID principles, automated testing, Docker, Kubernetes. I'm a Go Expert (Full Cycle, with Uncle Bob's curriculum) and keep pushing into concurrency, distributed systems, and crypto — see ecies-bls12381 for proxy re-encryption. Security is part of the stack, not an afterthought.

Connect

If you're looking for a tech lead with a strategic approach and a passion for excellence, or want to discuss security research, new projects, or collaborations — let's connect.

LinkedInGitHubBrazil