About me

investigato

I'm a nurse. I'm a pentester. I'm a developer.
All three, at the same time, on purpose.

Since 2006

20 years working with systems that can't fail

In the hospital, you learn to read a room fast. The alarms, the silences, the thing that's almost wrong before it becomes critically wrong. Pattern recognition like that doesn't leave you, it just finds new systems to interrogate. Now those systems run on Active Directory, HTTP, and trust relationships nobody ever audited.

I have my OSCP and CPTS, have a published CVE, and play on a competitive HackTheBox team. I build tools when what I need doesn't exist. The clinical background isn't backstory. It's the reason I care who gets hurt when security fails.

US

Remote-first. Available worldwide.

OSCP & CPTS

Learned, earned, and still going.

Go, Rust, C#, Python

Statically-typed is my love language, but I'll use whatever gets the job done.

CVEs & Bugs

Original research, disclosed responsibly.

20 years RN exp

Obstetrics & NICU
Safety is the bottom line.

Script Kitties

Real cats. Actual hacking.
No conflict.

How I work

The principles behind the practice

Nursing left me with some habits I won't turn off. You'll see them in every engagement, every tool I build, and everything I write.

Read the room

Environment, relationships, context: that's where the real vulnerabilities are. Not the app or network, but how they're used.

Innovate when necessary

I get creative when what's available doesn't fit the job.

Write like it matters

Clear communication -> faster fixes -> better security. Plus, if I can't explain it, I probably don't understand it as well as I should.

Good to know

Frequently asked questions

Things people tend to ask once they learn about the background.

The background

Why did you leave nursing?

After nearly two decades at the bedside, I became increasingly aware of how catastrophically under-tested the technology around patients is. Medical devices, EHR systems, clinical infrastructure, these things fail and the patients don't get a warning. The combination of everything I know is how I work on fixing that.

Does the clinical background actually transfer?

More than people expect. Clinical nursing builds fast pattern recognition under pressure, comfort with ambiguous information, the habit of documenting everything, and a very specific relationship with systems that must not fail. All of those carry directly into security work, especially in healthcare and high-stakes environments.

What does "investigato" mean?

It's a silly mix of "investigator" and "gato" (Spanish for cat). The cat theme runs throughout the brand: tools, characters, the whole dojo aesthetic and through my house partly because I have actual cats
Also "script kitties" is much more fun than "script kiddies".

The work

Are you available for work?

Yes. I'm available for full-time, contract, and consulting work. If you think I might be a good fit for your team or project, reach out.

What are your areas of interest?

People, processes, and paths. The who, the how, and the where. How people actually use systems versus how they're supposed to. How processes create gaps nobody planned for. How an attacker gets from nothing to somewhere they shouldn't be. That's the stuff I find genuinely interesting regardless of the engagement type.

What tools have you built?

Check out the projects page or go to my GitHub .

Let's talk

Looking for someone who thinks differently?

Twenty years of high-stakes clinical work on top of offensive security credentials is a rare combination. If that matters to your team, I'd like to hear from you.

Get in touch