Pablo Gutiérrez
Cybersecurity Engineer
Transitioning to Pentester
Currently a Cybersecurity & IAM Engineer specializing in Blue Team operations, actively transitioning to offensive security. Preparing for OSCP certification while maintaining rigorous practice through Hack The Box and developing security automation tools. My extensive IAM background provides a unique perspective on defensive postures—understanding access controls, user management, and data protection—which strengthens my offensive security capabilities.
About Me
With a foundation in Telecommunications Engineering and two Master's degrees in Cybersecurity and AI, I currently work as a Cybersecurity Engineer at Indra | Minsait Cyber, where I manage identity lifecycle, automate access governance, and build security tooling for large-scale data platforms.
I am actively transitioning toward offensive security. My Master's thesis involved designing, building, and comprehensively auditing a full Active Directory lab environment from scratch, deepening my expertise in attack methodologies like Kerberoasting, AS-REP roasting, and various privilege escalation vectors.
I maintain consistent hands-on practice through Hack The Box (33 machines solved with OSCP-oriented write-ups) and am working toward CJCA, CPTS, and OSCP certifications. My Blue Team experience in IAM and compliance gives me a practical understanding of the defensive postures that offensive testers need to navigate.
Core Focus Areas
- ▸Security Engineering & IAM
- ▸Offensive Security & Penetration Testing
- ▸Active Directory Attack & Defense
- ▸Security Automation (Python, Bash, PowerShell)
Work Experience
Cybersecurity Engineer
- ▸Managing user lifecycle and access control across critical systems, including provisioning, deprovisioning, and permissions governance
- ▸Developing Python and SQL automations using the Databricks SCIM API to manage role and group assignments programmatically
- ▸Automating access documentation in Confluence and building Neo4j + PyVis models to visualize and analyze permission relationships
- ▸Supporting compliance with ENS, ISO 27001, and GDPR through stakeholder reviews, access governance, and least-privilege validation
- ▸Co-leading the documentation and secure design of a high-compliance AWS environment for CTTI in Catalonia, aligned with ENS high-level requirements, defining end-to-end security controls across IAM, logging, monitoring, threat detection, network architecture, perimeter protection, storage, and secure configuration of core AWS services
KEY SKILLS:
Quality Assurance Coordinator
- ▸Leading the QA team in mobile and architecture car validation for SEAT & CUPRA applications, balancing technical and managerial responsibilities
- ▸Coordinating daily activities and distributing tasks among team members
- ▸Acting as a point of contact for client communication and feedback loops
- ▸Delivering weekly and monthly project tracking reports and presentations
- ▸Continued executing technical validations alongside organizational duties
KEY SKILLS:
Quality Assurance Engineer
- ▸Performed comprehensive validation and testing for automotive applications and vehicle architecture for SEAT & CUPRA brands
- ▸Created Test Plans and Test Cases for mobile and vehicle systems
- ▸Log reading and analysis for applications, back-end services, and vehicles
- ▸Used tools including Wireshark, Datadog, Kibana, Figma, Zeplin, and Jira
- ▸Automated mobile application testing with XCode, Python, Appium and Selenium
KEY SKILLS:
Education & Certifications
Master's in Artificial Intelligence
THESIS:
"Design and Implementation of an AI-Based Automated System for Job Offer Management and Prioritization"
Open ThesisKEY SUBJECTS & SKILLS:
- •Development of LLMs to analyse responses from cybersecurity tools to ensure a short path to finding vulnerabilities
- •Machine Learning, Deep Learning and LLM-based systems applied to automation and data analysis
- •Development of AI-driven SaaS tools and workflow optimization solutions
- •Integration of AI models to support intelligent decision-making across different industries
Master's in Cybersecurity
THESIS:
"Building and Breaking an Active Directory Environment"
Open ThesisKEY SUBJECTS & SKILLS:
- •Ethical hacking, technical security audits and malware analysis
- •Digital forensics and security incident management
- •Secure development practices and penetration testing of systems and networks
- •SIEM monitoring, event correlation and attack mitigation
- •Security frameworks: ENS, ISO 27001, GDPR
Bachelor's degree in Electronic Telecommunications Engineering
THESIS:
"Neuronal Network for Random Number Generation"
Open ThesisKEY SUBJECTS & SKILLS:
- •Electronics, telecommunications, networking and digital systems
- •Design, implementation and validation of technical engineering projects
- •Technical analysis, measurement, calculation and report writing
- •Problem-solving, applied programming and multidisciplinary teamwork
Certification Path
CJCA
Certified Junior Cybersecurity Analyst
Hack The Box
Foundation certification validating core cybersecurity analysis skills and practical knowledge. Exam scheduled for 27 March 2026.
CPTS
Certified Penetration Testing Specialist
Hack The Box
Advanced pentesting certification focused on real-world attack paths and comprehensive security assessments.
OSCP
Offensive Security Certified Professional
Offensive Security
Industry-leading penetration testing certification emphasizing hands-on exploitation and reporting skills.
Long-term certification roadmap aligned with offensive security career goals.
Skills Matrix
Offensive Security
- •Penetration Testing: Burp Suite, OWASP ZAP, Metasploit
- •Network Reconnaissance: Nmap, Masscan, Gobuster
- •Active Directory: Impacket, BloodHound, LinPEAS, WinPEAS
- •Web Security: SQL Injection, XSS, SSRF, IDOR, LFI, RCE
- •Post-Exploitation: psexec.py, enum4linux, ldapsearch
- •Forensic Analysis & Log Analysis with Autopsy
Security Engineering & IAM
- •Identity and Access Management (IAM)
- •Azure Databricks Security & IAM Automation
- •Active Directory Security & Administration
- •Compliance: GDPR, ISO 27001, ENS Framework
- •Centralized Data Governance Platforms
- •Security Policy Implementation & Auditing
Cloud & Infrastructure
- •Azure Cloud Services & IAM
- •AWS Cloud Platform (initial experience)
- •Active Directory & Windows Server
- •Network Security & Firewall Management
- •Linux & Windows Administration
- •Deployment: Vercel, Railway, GitHub Actions
Programming & Automation
- •Languages: Python, Bash, PowerShell, SQL
- •Web: JavaScript, TypeScript, HTML, CSS
- •Mobile Testing: Appium, Selenium
- •Infrastructure Automation: Databricks, Jira, Confluence
- •System Automation: Task Schedulers, Privilege Management
Featured Projects
A selection of projects showcasing security automation, IAM solutions, and offensive security practice.
Security Automation ToolKit – Minsait Cyber
PrivateCreated a custom 'BloodHound' for Databricks using Python and PyVis library. The tool visualizes a network of connections between users, groups, service principals, permissions, catalogs, schemas, tables, and more. Features include route finding to determine if a user can access a specific table, searching for all schemas and tables with group privileges, and comprehensive permission mapping.
STACK:
RESULT:
Comprehensive security visualization tool for Databricks environments with permission analysis capabilities
Databricks IAM Automation – Minsait Cyber
PrivateDeveloped a Python automation system that reads documentation from Confluence about access and permission configurations for projects. The system processes form-based JSON inputs and automatically applies the correct permissions to Databricks resources, streamlining IAM workflows.
STACK:
RESULT:
Automated IAM permission management for Databricks projects based on Confluence documentation
HackTheBox WriteUps
PublicRepository containing documented Hack The Box machine write-ups. Professional approach, OSCP-oriented, and focused on real-world penetration testing. Contains 30 Easy machines and 3 Medium machines with step-by-step explanations, tool usage, and mitigation strategies.
STACK:
RESULT:
33 machines completed (30 Easy, 3 Medium) with comprehensive OSCP-oriented write-ups