Nico Waisman
Head of Security at XBOW
Nico Waisman
Head of Security at XBOW
Miami Beach, Florida
Overview
Work Experience
Head of Security
2024 - Current
Advisor
2022
Member Of The Board Of Advisors
2021
Chief Information Security Officer
2022 - 2024
Head of Security and Privacy
2020 - 2022
Senior Director of GitHub Security Lab
2019 - 2020
Drive the GitHub Security Lab whose mission has been to build bridges between the security research and developer communities and help secure the open source ecosystem. The team has helped drive community wide adoption of CodeQL as a security research tool, grown an active community of contributors through bounty programs and social media presence. I was responsable for launching a successful first phase of the OSS Coalition with a mission to bring together companies and organizations committed to help secure open source software globally, which evolve into the Open Source Security Foundation (OpenSSF) led by the Linux Foundation an open, cross-industry effort to improve the security of open source software by building a broader community, targeted initiatives, and best practices. During my time leading the the GitHub Security Lab we found vulnerabilities in the OSS ecosystem and, more importantly, inspired others to do so as well.
Principal Security Engineer
2019 - 2019
Director of Research LATAM
2019 - 2019
VP of Consulting Services
2018 - 2019
My vast experience as leading expert in reverse engineering and vulnerability development allow me to have lead technical and management teams at Immunity. During my sixteen years at Immunity I was involved in product conception, design and engineering of products such as CANVAS, SILICA, El Jefe and Immunity Debugger. On the service side of Immunity business, I manage a successful boutique consulting service on a vast Fortune 500 clients evaluating customer security and designing and implementing a professional service solution to improve One of my important task was to mentor researchers and consultants into growing their skills both technical and interpersonal, providing and nurturing new researching ideas to help the business and the personal career of the team. As a team leader, I was involved in every aspect of the recruiting effort, helping build the interview environment, discovering and recruiting new talent on different areas and organizing conferences and events to help grow the community. As a VP of Consulting Services, I'm in charge to plan and execute strategies that allow to bring new and innovative products and services to the market, identify business opportunities among new and existing clients. Partner with both Marketing and Sales that allow Immunity to develop new business growth. Aside from my daily task, along with Dave Aitel (Immunity's CEO) and Bas Alberts (Director of Special Projects), I'm in charge of helping define the philosophy and long term strategy that allow a non-VP funded company to be successful for more than 16 years.
VP of Latin America
2009 - 2019
My vast experience as leading expert in reverse engineering and vulnerability development allow me to have lead technical and management teams at Immunity. During my sixteen years at Immunity I was involved in product conception, design and engineering of products such as CANVAS, SILICA, El Jefe and Immunity Debugger. On the service side of Immunity business, I manage a successful boutique consulting service on a vast Fortune 500 clients evaluating customer security and designing and implementing a professional service solution to improve One of my important task was to mentor researchers and consultants into growing their skills both technical and interpersonal, providing and nurturing new researching ideas to help the business and the personal career of the team. As a team leader, I was involved in every aspect of the recruiting effort, helping build the interview environment, discovering and recruiting new talent on different areas and organizing conferences and events to help grow the community. As a VP of Consulting Services, I'm in charge to plan and execute strategies that allow to bring new and innovative products and services to the market, identify business opportunities among new and existing clients. Partner with both Marketing and Sales that allow Immunity to develop new business growth. Aside from my daily task, along with Dave Aitel (Immunity's CEO) and Bas Alberts (Director of Special Projects), I'm in charge of helping define the philosophy and long term strategy that allow a non-VP funded company to be successful for more than 16 years.
Public Speaker
2002 - 2019
Since the begging of my career I spoke in many security conferences around the world, in both English and Spanish. I concentrate my focus on security research but also open keynote providing thoughtful notes about the security landscape. This included renowned conference such as Black Hat, Syscan, Pacsec, RuxCon, Kiwicon, CyberCamp, Ekoparty, etc.
Senior Security Researcher
2003 - 2010
Extensive experience in researching, documenting, and exploiting complex public and non-public security issues. I have researched and exploited all common bug-classes. Including stack and heap overflows, format string bugs, and logic bugs on various UNIX, UNIX-like and Windows platforms on a variety of Architectures. I have also developed exploits and exploit methodologies for a wide variety of uncommon bugs, ranging from Kernel bugs, to bug classes previously thought to be not exploitable. I pioneer techniques to bypass security mechanism and exploit under hard condition on the Linux and Windows heap. My hands on experience in the research and development branch of the security field allows me to give a very real world perspective on risk management and the actual impact a certain vulnerability has on an infrastructure. Extensive experience in custom advanced payload development for Linux, OSX and Windows platforms. Auditing and Code Review Extensive experience in performing in-depth audits of C/C++ source-code in the UNIX environment. Extensive experience in performing binary audits in both Unix and Windows environments. Software Engineering Extensive experience in designing and implementing large scale software solutions in Python, C, and Assembly for for various platforms and architectures. Reverse Engineering Extensive experience reverse engineering closed source software for both vulnerability analysis and malware analysis using industry standard tools such as IDA Pro, on regular operating systems and embedded devices. Programming languages - C/C++ - IA32 Assembly - IA64 Assembly - PPC Assembly - ARM Assembly - SH4 Assembly - Java - Python - PHP Operating systems (Administration, Security, Systems Programming) - Linux and Linux derivatives such as Android - Windows 2000/XP/2003/VISTA/7/8/10 - OSX - Real Time OS