About me

About Carlos and this site

About this site

This website is mostly a repository of resources where I collaborated, sessions I participated in, and ocassionaly other things related to hobbies (maybe something about ergonomic keyboards, or desk set ups coming?) or anything that caught my attention and want to have at hand.

About me

I’m (among other things) a digital security trainer, auditor, and advisor with experience working mostly with civil society actors like human rights defenders, journalists, and targeted activists and groups. My biggest interests in this field are facilitation and the learning aspects of digital security and threat modeling, creation of materials, and training on more advanced threats for local security practitioners, as well than working with high and extreme risk actors.

I have worked in global, regional and in-country projects and organizations, the biggest ones are:

Internews: Greater Internet Freedom

My role involved designing and implementing the digital security strategy for 39 countries across 8 regions. This meant working closely with in-country organizations and consultants to develop activities that would strengthen the digital resilience of civil society actors on the ground. Some specific highlights from this program include developing a tutorial to analize suspicious documents in search of malware, helping coordinate the internal evaluation on the security assessment framework SAFETAG, and organizing the Organizational Security Village.

Internews: Civic DEFENDERS

So far, I contributed to the program proposal and designed the strategies and processes for implementing activities in 16 countries across 8 regions in the world, as well as global activities tailored to increase the capacity of the consortium of local organizations implementing the main activities. My work focused on digital security and circumvention technology, aiming to bolster the resilience of at-risk civil society groups.

Conexo

Here I worked on a variety of projects, from conducting digital security training for journalists in sensitive zones, to developing organizational security policies for human rights organizations being persecuted, and speaking in lectures for college students on digital security all in many Latin American countries.

Fake Antenna Detection (FADe) Project

Here I was the technical lead of research of anomalies in cell phone networks looking for the presence of fake base stations in 10 localities in Latin America. I mostly helped design the monitoring campaigns and deploy and manage all the technical infrastructure to analyze the data, employing novel methodologies/tools to find and process the relevant data like the seaglass project from the University of Washington and crocodile hunter (now RayHunter) from the Electronic Frontier Foundation.

Derechos Digitales

After my Ford/Mozilla Open Web Fellowship, I joined the Derechos Digitales team, where I provided IT support and implemented security-related activities across Latin America. This included trainings, audits, and network building for civil society actors. I also had the opportunity to deepen my IT administration skills, developing, for example, an Ansible playbook for secure static/PHP/WordPress deployments (which might be updated soon).

Venezuela Inteligente (now VESinFiltro)

Here I helped the team to develop a monitoring campaign to measure technical censorship in Venezuela around 2014 and also later as a collaborator for other activities. I contributed in a couple of quick research pieces around phishing campaigns conducted by the Venezuelan government, there we uncovered and analyzed DNS poisoning and spoofing in the country main ISP, making users to redirect legitimate traffic to malicious clone websites targeting opposition simpatizers.

Also…

  • I was an Ford/Mozilla Open Web Fellow for the 2017-2018 cohort hosted in Derechos Digitales (after the fellowship I joined the team :)
  • I have done many consultant gig in Latin America, Spain, and the US conducting digital security trainings and audits for civil society organizations and media outlets, as well as training for new trainers and auditors.
  • Some others around election monitoring, surveillance tech, supporting incidents, etc.

Besides more technically specialized stuff, I’m also very interested in process improvement (as in mapping, optimization, systematization, automation, etc.), databases, and process documentation.

Some other initiatives where I collaborated

From more active content development to advise, to participation in conversations leading to some products:

CC BY-NC-ND
Built with Hugo
Theme Stack designed by Jimmy