Skip to main content

Hello, I'm

María Izquierdo

I |

Cybersecurity Engineer. Securing systems, applications & digital identities

Cybersecurity

Network defense & threat detection

Secure Dev

AppSec, DevSecOps & secure code

AI for Security

Threat analysis & anomaly detection

SCROLL

Know Who I Am

María Izquierdo García

I'm a Cybersecurity Engineer with dual degrees in Computer Science and Business Administration from the University of Granada, industry certifications from Cisco (CCST Cybersecurity) and Microsoft (SC-900), and real-world software engineering experience at Bracelit. In June 2026, I'm starting a Master's in Cybersecurity at UNIR to deepen my expertise.

My professional background includes building production web platforms with Angular, Laravel, and Astro, working with JWT authentication, secure API design, and role-based access controls. I understand what developers build, which gives me a strong foundation for protecting it. My bachelor thesis on visual classification and preference inference earned a perfect 10/10.

0/10 Thesis Grade
0 Security Certs
0+ Years Dev Experience
0 Degrees

Where I've Worked

May 2025 - Present

Software Engineer

Bracelit, Granada, Spain

  • Built a club member management web application end-to-end: Angular frontend and Laravel backend handling payments, PII, and member documents with role-based access controls aligned with PCI-DSS and GDPR requirements
  • Conducted security-focused code reviews across JavaScript, PHP, and TypeScript codebases, identifying 30+ vulnerabilities and code issues; authored secure coding guidelines reducing integration risks by 25%
  • Automated credential printing and invitation workflows, reducing human-error attack surface by 20%
Angular Laravel TypeScript RBAC PCI-DSS GDPR Code Review
Nov 2024 - Apr 2025

Software Engineer Intern

Bracelit, Granada, Spain

  • Built access management app for Málaga Fair, integrating physical and digital credential validation for 3,000+ attendees
  • Designed UI for Boxlit IoT devices using Ionic, gaining exposure to IoT attack surface considerations
  • Optimized QR/NFC scanning module for data integrity and secure transmission, reducing errors by 23%
Ionic IoT Security QR/NFC Data Integrity

What I Work With

JavaScript
JavaScript
TypeScript
TypeScript
Angular
Astro
HTML5
HTML5
CSS3
CSS3
PHP
PHP
Laravel
Python
Python
Flask
Flask
JWT Auth
REST APIs
MySQL
MySQL
MongoDB
MongoDB
Flutter
Flutter
Dart
Dart
Ionic
Wireshark Learning
Nmap Learning
Burp Suite Learning
OWASP ZAP Exploring
OWASP Top 10 Studying
CIA Triad Studying
Zero Trust Studying
Network Protocols Studying
Incident Response Studying
PyTorch
PyTorch
Computer Vision
CNNs
Transfer Learning
Git
Git
Docker
Docker
Linux
Linux
Figma
Spanish
Native
English
B2

What I've Built

BACHELOR'S THESIS: 10/10

Secure Visual Classification Platform

Architected a secure full-stack platform around its trust boundaries: a Flask REST API with authentication and role-based access control over Redis-managed sessions, backed by a multi-database design that isolates concerns — PostgreSQL with parameterized queries, Redis for secure sessions, and MongoDB for isolated log layers. Endpoints were validated and hardened per OWASP, with Docker for runtime isolation.

Flask REST API PostgreSQL Redis MongoDB Docker
FOUNDER & CSO

Dream Car Garage

Web platform for car enthusiasts to curate dream collections, featuring garage management, gamified evolution system, leaderboards, and a comprehensive automotive database (Carpedia) with 600+ vehicles.

Web App Security Product Leadership
IN DEVELOPMENT
CLOUD SECURITY

Cloud Security Architecture Lab

Designed a least-privilege AWS environment from threat assumptions — scoped IAM roles, VPC segmentation, and tight S3 access policies chosen to minimize the blast radius of a single compromised credential. Codified as Terraform IaC for reproducible, auditable deployments, with CloudTrail audit logging for detection and incident traceability.

AWS Terraform IAM VPC CloudTrail
IN DEVELOPMENT
APPLICATION SECURITY

Application Security Pipeline

Threat-modeled the application with STRIDE to prioritize the highest-risk flows, then placed CI/CD security gates where they catch the most impactful defect classes before release. Implemented with Semgrep, OWASP ZAP, and Trivy plus a documented secure code review process, tuned to cut false positives and stay actionable for developers.

STRIDE Threat Modeling Semgrep OWASP ZAP Trivy

Certifications & Roadmap

Cisco Certified Support Technician Cybersecurity

Cisco Certified

Cisco Systems, 2025

Network security, vulnerability assessment, threat landscape analysis, incident handling, and security operations fundamentals.

Security, Compliance, and Identity Fundamentals

Microsoft Certified

Microsoft Learn, 2025

Identity and access management, Microsoft Entra ID, Zero Trust architecture, compliance management, and information protection.

Introduction to Trading, ML and GCP

Coursera

Coursera, 2022

Machine Learning and Google Cloud Platform

How Google Does Machine Learning

Coursera

Coursera, 2022

Google's approach to ML at scale

CompTIA Security+

Target: Q1 2027

CompTIA

Network security, threats & vulnerabilities, security operations, incident response, and security architecture fundamentals.

eJPT: Junior Penetration Tester

Target: Q2 2027

INE Security

Hands-on penetration testing fundamentals, network scanning, web application security testing, and vulnerability assessment.

Academic Background

BTech in Computer Science & Computer Engineering

ETSIIT, University of Granada

UGR Top 100 (Shanghai Ranking 2024)

Thesis: "Visual Classification & Preference Inference System". Grade: 10/10

BSc in Business Administration

FCCEE, University of Granada

Dual degree combining technical engineering expertise with business strategy and management foundations.

Upcoming

MSc in Cybersecurity

UNIR, Universidad Internacional de La Rioja

Starting June 2026. Advanced training in network security, digital forensics, penetration testing, and security architecture.

Get In Touch

I'm actively seeking opportunities in cybersecurity, from security operations to application security and security engineering. With a software development background and industry certifications, I bring a builder's perspective to security. Starting a Master's in Cybersecurity at UNIR in 2026. Open to conversations about security, development, and technology.