short bio

Joao M. Ceron is a Security Engineer and Cybersecurity Researcher with 20+ years of experience spanning SOC operations, network security research, and incident response. Currently working as a Solutions Architect at Torq, where he designs and deploys agentic AI solutions for enterprise SOCs. He holds a Ph.D. in Computer Engineering from the University of São Paulo, and has contributed to cybersecurity projects funded by the U.S. Department of Homeland Security and presented research at USENIX Security.

---

My career spans from hands-on security operations to cutting-edge research and AI-driven security automation. I began my security career in 2005 as a Security Analyst at Rede Tchê CERT-RS and System & Network Administrator at RNP PoP-RS, handling computer security incidents for the academic network of Rio Grande do Sul state. I then served as a Security Analyst at the Federal University of Rio Grande do Sul (UFRGS), where I founded TRI (UFRGS Computer Security Incident Response Team) and managed security operations for the university. In 2010, I joined Brazilian National CERT (CERT.br) as a Security Analyst, where I investigated computer security incidents across networks connected to the Brazilian Internet for nearly 8 years, handling real-world attacks including phishing, DDoS, malware, and misconfigured services used in amplification attacks.

In my academic journey, I pursued a Master's degree in Computer Science at the Federal University of Rio Grande do Sul, focusing on botnet tracking mechanisms using network flows and malware analysis. You can find my master's thesis [here] (in Portuguese only), and related publications in the papers section. During my Ph.D. at the University of São Paulo, I developed a malware analysis environment based on SDN (Software-Defined Networking) to manipulate network flows and trigger unseen malware behaviors. My Ph.D. thesis is available [here] (also in Portuguese), with associated publications in the papers section.

As a Postdoctoral Researcher at the University of Twente in the Netherlands, I conducted research on DDoS attacks, IoT malware, and botnet detection. I delivered a critical infrastructure security report on IoT devices for the Ministry of Justice and Security of the Netherlands, and collaborated as a Visiting Researcher at the University of Southern California on DDoS mitigation techniques. I then joined SIDN as a Network Security Research Engineer, leading DDoS mitigation research for the .nl country-code top-level domain registry and developing Anycast-based defense strategies for critical DNS infrastructure.

In industry, I worked as a Network Security Engineer at ProtonMail, contributing to privacy-focused security solutions for one of the world's largest encrypted email providers. At Nubank, Latin America's largest digital bank serving 100M+ customers, I served as SOC Tech Lead, leading the end-to-end implementation of SOAR platforms (Google SecOps, Torq) and designing automated security playbooks that significantly reduced incident response times. I pioneered early adoption of AI model integration into security operations to enhance threat analysis and decision-making.

Currently, as Solutions Architect at Torq, I design and deploy agentic AI solutions for enterprise SOCs, leveraging Multi-Agent Systems (MAS) to autonomously handle Tier-1 security operations. I architect AI-driven workflows that enable autonomous threat triage, investigation, and remediation at machine speed, helping clients close 90%+ of alerts without human intervention through natural language-driven security automation using LLM-powered orchestration.

My work has included contributions to cybersecurity projects funded by the U.S. Department of Homeland Security, and I have presented research on DDoS mitigation and Anycast at the USENIX Security Conference. You can find a comprehensive list of my publications in the papers section, including work on planning for Anycast as Anti-DDoS, SDN-based malware analysis, IoT botnet investigation, and SIP attacks.