Ricardo Prieto
I'm a Penetration Tester and Security Consultant specializing in web application security, network penetration testing, and AI/ML security. As the Hack The Box Ambassador for Argentina and New Zealand, I drive community growth through hands-on meetups, CTF challenges, and collaborative learning, while sharing insights via my platform PhiloCyber to advance cybersecurity knowledge globally.
Key Skills
Experience
Cybersecurity Tutor
TripleTen, United States (Remote) | February 2025 - Present
- Delivered engaging real-time tutoring sessions via Discord, specializing in red teaming methodologies, advanced penetration testing techniques, and hands-on exploitation exercises.
- Enhanced AI-driven learning platforms and curriculum content through systematic validation and refinement, ensuring alignment with current offensive security practices and emerging attack vectors.
- Facilitated targeted 1-on-1 mentorship programs and technical reviews, creating customized learning paths focused on practical attack scenarios and real-world penetration testing challenges.
Co-Founder & Ambassador, Hack The Box Meetups (Argentina & New Zealand)
Hack The Box (HTB) | May 2024 - Present
- Founded and led Hack The Box's meetup programs in New Zealand and Argentina, organizing in-person events, CTF challenges, and workshops for 500+ members.
- Negotiated partnerships with institutions to secure free event spaces, enhancing community outreach and engagement.
- Collaborated with global teams to promote cross-country knowledge sharing and mentorship between members of varying skill levels.
Senior Penetration Tester & Security Consultant
Bastion Security Group, Wellington (NZ) | May 2023 - December 2024
- Conducted comprehensive security assessments: web app/network pentesting, API testing, code reviews, and risk analysis.
- Led vulnerability management initiatives and delivered internal technical trainings on web application exploitation.
- Managed end-to-end client projects, including scoping, sales, and high-quality deliverables.
Cybersecurity Engineer
Mercado Libre (MELI), Buenos Aires (ARG) | September 2022 - April 2023
- Led vulnerability management for internal/external sources (HackerOne, MELI Warfare), prioritizing and validating fixes.
- Automated security controls using Python, SQL, and BI tools (Tableau, Google Data Studio) to mitigate risks in software dependencies.
- Created training content for developers and security teams, focusing on secure coding practices.
Cybersecurity Researcher
Onapsis, Buenos Aires (ARG) | December 2020 - September 2022
- Researched and implemented security rules/permissions for SaaS platforms (Salesforce, SuccessFactors).
- Developed Python-based security modules interacting with internal APIs for automated validation checks.
- Trained internal teams on SaaS platform security and administration.
Offensive Security Analyst
Deloitte, Buenos Aires (ARG) | December 2019 - December 2020
- Performed vulnerability assessments on web apps, APIs, and infrastructure for international clients.
- Conducted static/dynamic code analysis (JavaScript, Python) and delivered bilingual reports (English/Spanish).
HTB Argentina Community Ambassador
HTB invited me in May 2024 to co-build a New Zealand cybersecurity community focused on hands-on learning, collaboration, and mentorship. Later that year, I joined their super established Argentinian team, strengthening a global hub for shared knowledge and growth ❤️
Our Mission
We're building a cybersecurity community where curiosity meets collaboration. Through hands-on challenges and mentorship, we empower learners at every level—because growth thrives when no one's left behind.
What We Offer
Sharpen skills in interactive workshops, tackle real-world scenarios in CTF challenges, and brainstorm solutions in open forums. Think of it as a playground for practical learning, where theory becomes action.
Connect & Grow
Forge bonds with peers and industry leaders through virtual meetups and local events. Whether swapping career advice or teaming up on projects, this is where relationships turn into opportunities.
Earn & Celebrate
HTB fuels the fun with exclusive swag, platform perks, and recognition for standout contributions. We reward effort—because every step forward deserves applause.
PhiloCyber Project: Knowledge for All
My mission is to provide free, high-quality cybersecurity content in English and Spanish. Through practical videos and insightful blog posts, I aim to break down barriers, share my passion, and make it easier for everyone to enter and thrive in this vital industry.
Certifications
These are the certifications I have obtained over the years.
My Presentations
Here are presentations I've given on my YouTube channel, conferences and events.
Prompt Injection Attacks
October 2023
Prompt Injection Highlights:
- Attack vectors against AI systems
- Defense mechanisms for prompt engineering
- Real-world case studies of successful exploits
- Best practices for secure AI deployment
Server-Side Template Injection Workshop
August 2023
SSTI Workshop Topics:
- Template engine vulnerabilities
- Exploiting Jinja2 and Twig templates
- From detection to RCE methodology
- Practical hands-on exercises
HTTP Request Smuggling
April 2023
HTTP Request Smuggling (EN):
- CL.TE and TE.CL attack vectors
- HTTP/2 desync vulnerabilities
- Detection methods and exploitation
- Advanced chaining with cache poisoning
HTTP Request Smuggling (Spanish)
February 2023
HTTP Request Smuggling (ES):
- Vectores de ataque CL.TE y TE.CL
- Vulnerabilidades de desincronización HTTP/2
- Métodos de detección y explotación
- Encadenamiento avanzado con envenenamiento de caché