Gustavo Lichti

I'm a cybersecurity professional with over 15 years of experience leading security initiatives across cloud environments, development teams, and enterprise organizations in Brazil and globally. My work sits at the intersection of technical rigor and strategic vision: building security programs that actually work, not just check compliance boxes.

Throughout my career, I've operated as a security leader (CISO level), managed security service provider, cloud security architect, and hands-on practitioner. I've built DevSecOps programs from the ground up, designed cloud security architectures, led incident response efforts, and developed security cultures within engineering teams.

Beyond the day job, I conduct independent security research, most notably into WhatsApp's attack surface, trust exploitation in messaging platforms, and identity-based vulnerabilities. This research has been presented at BSides SP, Campus Party, FEBRABAN Tech, OWASP events, and multiple DevOpsDays conferences across Brazil.

Security and technology exist to solve real problems. Not to add complexity, not to impress auditors, and definitely not to create security theater. Every conversation I have, whether with a startup founder or a CISO of a major bank, starts with that question.

I believe the best security practitioners think like attackers. Not because they want to break things, but because understanding how systems fail is the only way to build systems that don't. This adversarial mindset, combined with engineering discipline and business awareness, is what separates effective security from security that just looks good on paper.

Clarity matters more than complexity. The best security solutions are the ones teams actually use, understand, and can maintain. I prioritize practical implementations over theoretically perfect architectures.