Hello, I'm
María Izquierdo
Cybersecurity Engineer. Securing systems, applications & digital identities
Cybersecurity
Network defense & threat detection
Secure Dev
AppSec, DevSecOps & secure code
AI for Security
Threat analysis & anomaly detection
Know Who I Am
I'm a Cybersecurity Engineer with dual degrees in Computer Science and Business Administration from the University of Granada, industry certifications from Cisco (CCST Cybersecurity) and Microsoft (SC-900), and real-world software engineering experience at Bracelit. In June 2026, I'm starting a Master's in Cybersecurity at UNIR to deepen my expertise.
My professional background includes building production web platforms with Angular, Laravel, and Astro, working with JWT authentication, secure API design, and role-based access controls. I understand what developers build, which gives me a strong foundation for protecting it. My bachelor thesis on visual classification and preference inference earned a perfect 10/10.
Where I've Worked
Software Engineer
Bracelit, Granada, Spain
- Built a club member management web application end-to-end: Angular frontend and Laravel backend handling payments, PII, and member documents with role-based access controls aligned with PCI-DSS and GDPR requirements
- Conducted security-focused code reviews across JavaScript, PHP, and TypeScript codebases, identifying 30+ vulnerabilities and code issues; authored secure coding guidelines reducing integration risks by 25%
- Automated credential printing and invitation workflows, reducing human-error attack surface by 20%
Software Engineer Intern
Bracelit, Granada, Spain
- Built access management app for Málaga Fair, integrating physical and digital credential validation for 3,000+ attendees
- Designed UI for Boxlit IoT devices using Ionic, gaining exposure to IoT attack surface considerations
- Optimized QR/NFC scanning module for data integrity and secure transmission, reducing errors by 23%
What I Work With
What I've Built
Secure Visual Classification Platform
Architected a secure full-stack platform around its trust boundaries: a Flask REST API with authentication and role-based access control over Redis-managed sessions, backed by a multi-database design that isolates concerns — PostgreSQL with parameterized queries, Redis for secure sessions, and MongoDB for isolated log layers. Endpoints were validated and hardened per OWASP, with Docker for runtime isolation.
Dream Car Garage
Web platform for car enthusiasts to curate dream collections, featuring garage management, gamified evolution system, leaderboards, and a comprehensive automotive database (Carpedia) with 600+ vehicles.
Cloud Security Architecture Lab
Designed a least-privilege AWS environment from threat assumptions — scoped IAM roles, VPC segmentation, and tight S3 access policies chosen to minimize the blast radius of a single compromised credential. Codified as Terraform IaC for reproducible, auditable deployments, with CloudTrail audit logging for detection and incident traceability.
Application Security Pipeline
Threat-modeled the application with STRIDE to prioritize the highest-risk flows, then placed CI/CD security gates where they catch the most impactful defect classes before release. Implemented with Semgrep, OWASP ZAP, and Trivy plus a documented secure code review process, tuned to cut false positives and stay actionable for developers.
Certifications & Roadmap
Cisco Certified Support Technician Cybersecurity
Cisco Systems, 2025
Network security, vulnerability assessment, threat landscape analysis, incident handling, and security operations fundamentals.
Security, Compliance, and Identity Fundamentals
Microsoft Learn, 2025
Identity and access management, Microsoft Entra ID, Zero Trust architecture, compliance management, and information protection.
Introduction to Trading, ML and GCP
Coursera, 2022
Machine Learning and Google Cloud Platform
How Google Does Machine Learning
Coursera, 2022
Google's approach to ML at scale
CompTIA Security+
CompTIA
Network security, threats & vulnerabilities, security operations, incident response, and security architecture fundamentals.
eJPT: Junior Penetration Tester
INE Security
Hands-on penetration testing fundamentals, network scanning, web application security testing, and vulnerability assessment.
Academic Background
BTech in Computer Science & Computer Engineering
ETSIIT, University of Granada
UGR Top 100 (Shanghai Ranking 2024)
Thesis: "Visual Classification & Preference Inference System". Grade: 10/10
BSc in Business Administration
FCCEE, University of Granada
Dual degree combining technical engineering expertise with business strategy and management foundations.
MSc in Cybersecurity
UNIR, Universidad Internacional de La Rioja
Starting June 2026. Advanced training in network security, digital forensics, penetration testing, and security architecture.
Get In Touch
I'm actively seeking opportunities in cybersecurity, from security operations to application security and security engineering. With a software development background and industry certifications, I bring a builder's perspective to security. Starting a Master's in Cybersecurity at UNIR in 2026. Open to conversations about security, development, and technology.