EDT
RELEASE TO PUBLIC
A Working Document — 2026 Edition

ThiagoGoncalves.

Working at the intersection of AI platforms and cybersecurity — designing the infrastructure around models (memory, guardrails, auditability) so they hold up in production, under scrutiny, and against misuse.

[email protected]linkedin / thiagogoncalvesofficialgithub / Alienfader
Thiago Goncalves
PLATE I — Subject, Builder-Operator.2026/04
§ 01

Statement of Intent

Senior software engineer with 20+ years building and securing production systems. I work at the intersection of AI platforms and cybersecurity — designing the infrastructure around AI models (persistent memory, evaluation boundaries, guardrails, auditability) so they hold up in production, under scrutiny, and against misuse. Founder-operator with end-to-end ownership: architecture, implementation, deployment, iteration. Background in offensive security (CEH, TryHackMe rank #231 US) shapes how I design AI systems — adversarial conditions assumed, trust boundaries explicit, failure modes engineered for, not hoped against.

§ 02

Selected Highlights

  • H-01
    91.4%
    token reduction

    Continuity's five-layer architecture (Decision Capture → Validation → Persistent Store → Semantic Retrieval → Context Injection) bounds context injection rather than dumping history. Local SQLite + HNSW index, sub-15ms retrieval, zero telemetry.

  • H-02
    Oct 2025
    shipped before the platforms

    Published Continuity to the VS Code Marketplace in October 2025. Anthropic shipped a near-identical Session Memory architecture for Claude Code months later — independent validation of the design.

  • H-03
    RedArchives
    tamper-evident archive

    Evidence preservation for human rights documentation. Cryptographic fingerprinting, blockchain-anchored provenance, explicit threat model covering insider risk, post-hoc tampering, chain-of-custody disputes, and decade-scale temporal attacks.

  • H-04
    $85K+ / yr
    savings at ShineOn

    Through SaaS rationalization and vendor consolidation. Identified and remediated silent security drift without service disruption.

§ 03

Professional Record

R-01
Sep 2022
Present
Remote
Founder-Operator

Founder & Technical Lead

Hackerware LLC

Security-focused applied AI lab. Builder-operator across architecture, implementation, deployment, and iteration.

// Project — R-01.01

Continuity — Persistent context system for AI-assisted development.

  • 01Identified the core failure mode: AI assistants produce inconsistent output because architectural decisions, constraints, and rationale are lost between sessions. Treated context as infrastructure, not convenience.
  • 02Designed five-layer architecture (Decision Capture → Normalization & Validation → Persistent Store → Semantic Retrieval → Context Injection). Achieved 91.4% token reduction vs. naive history retrieval; sub-15ms retrieval using local SQLite + HNSW index.
  • 03Built MCP security interception layer that validates and gates tool execution before LLM-initiated actions reach the file system or external services — enforcement boundary, not policy document.
  • 04Designed human-in-the-loop correction model: corrections stored as scoped annotations with timestamps, not global overrides. Prevents contamination of unrelated future outputs and resolves conflicts deterministically (narrower scope wins within applicability window).
  • 05Resolved a real failure mode in production: early iterations over-weighted semantic similarity, causing stale decisions to interfere with current work. Introduced explicit decision scope and applicability gating; behavior became predictable, trust recovered.
  • 06Security-first defaults: 100% local storage, zero telemetry, on-device vector index. Shipped to VS Code Marketplace October 2025; active paid users in production.
Stack //TypeScript, Node.js, MCP, SQLite, HNSW, VS Code Extension API, CLI
// Project — R-01.02

RedArchives — Tamper-evident digital evidence platform.

  • 01Designed for environments where evidence must survive adversarial challenge, insider threats, and legal scrutiny over decades. Mission: preserve documentation of war crimes and human rights violations with cryptographic integrity that doesn't depend on trusting the platform operator.
  • 02Built layered integrity architecture (Artifact Ingestion → Provenance Ledger → Metadata Store → Verification Layer → Presentation Layer) with explicit separation of duties between storage, verification, and presentation.
  • 03Implemented blockchain-anchored cryptographic fingerprinting at ingestion; fingerprints cover normalized metadata, not just content, preventing semantic rewriting without detection. Designed for algorithm agility and re-verification paths to address long-term cryptographic decay.
  • 04Modeled explicit adversarial threats: post-hoc tampering, chain-of-custody disputes, insider risk, temporal attacks, selective disclosure, platform trust collapse. Same integrity discipline informs how I design trust-critical AI systems (training data provenance, evaluation artifacts, feedback integrity).
Stack //Blockchain Anchoring, Cryptographic Fingerprinting, Distributed Storage, Verification Layers
R-02
May 2022
Feb 2026
St Petersburg, FL
Full-time

Senior IT & Security Systems Specialist

ShineOn

Owner-on-call for production systems in a fast-scaling e-commerce environment.

  • 01Delivered $85K+ annual savings through SaaS rationalization, vendor consolidation, and lifecycle management. Consolidated access control, cameras, and network into a unified Ubiquiti environment, reducing attack surface.
  • 02Identified and remediated silent security drift — configuration changes that weakened controls without triggering alerts. Restored posture without service disruption and introduced verification checks to detect future drift.
  • 03Led incident response and root-cause analysis across endpoints, identity, and network telemetry; investigated suspicious activity using Microsoft Defender and system logs; produced runbooks, post-mortems, and audit-ready evidence.
  • 04Administered and hardened Windows/Linux endpoints, virtualization, identity, and network infrastructure. Spearheaded company-wide Jira adoption; primary escalation for critical incidents; maintained 99.9% availability.
R-03
Nov 2021
Present
Remote
Independent

Penetration Tester (Independent)

Quantum IT
  • 01Full-scope penetration tests across networks, web applications, cloud infrastructure, and endpoints for SMB/enterprise clients. Tooling: Burp Suite, Nessus, Nmap, Metasploit, SQLMap, Kali Linux, custom scripts.
  • 02Identified OWASP Top 10 vulnerabilities and high-risk findings (SQLi, XSS, auth bypass, broken authorization, API flaws, lateral movement, privilege escalation). Delivered executive risk reports with CVSS scoring, remediation guidance, and compliance alignment (NIST, ISO, HIPAA).
R-04
2003
Present
Remote
Independent

IT Specialist

Independent Practice

Foundation for the operational instincts that shape my current security and AI platform work.

  • 01Windows/Linux server administration, Active Directory, Group Policy, virtualization, hybrid cloud (AWS/Azure).
  • 02Network architecture (VLANs, firewalls, VPNs), system hardening, patch management.
  • 03Mentorship of junior staff.
§ 04

Core Competencies

  • C-01

    AI Platform & Security

    persistent contextsemantic retrieval (embeddings, HNSW)MCP tool interceptionguardrailsevaluation-aware workflowshuman-in-the-loop correction without RLHF-style contaminationprompt injection / jailbreak / unsafe tool-use testing

  • C-02

    Security Engineering

    threat modelingoffensive security (web/API/cloud, OWASP Top 10, MITRE ATT&CK)incident response & DFIREDR/SIEM (Microsoft Defender)identity (Entra ID / Azure AD)tamper-evident system designprovenance & auditability

  • C-03

    Software & Infrastructure

    TypeScript, Node.js, PythonVS Code extension architecture, MCP / language serversAWS, Azure, Docker, Git, CI/CDLinux & Windows administration, virtualization, network segmentation

  • C-04

    Communication & Ownership

    architecture decision recordsrunbookspost-mortemsexecutive-ready risk reportingfounder-level scoping, vendor management, end-to-end delivery

§ 05

Credentials Index

  • CR-01
    Certified Ethical Hacker (CEH)
    EC-Council
  • CR-02
    Microsoft Cybersecurity Analyst Specialization
    Entra ID · Defender · threat vectors · SC-900 prep
  • CR-03
    ISC2 Cybersecurity Specialization
    2024
  • CR-04
    TryHackMe Leaderboard
    Rank #231 United States · top 2,000 worldwide
  • CR-05
    Captain — Children of Exu
    Huntress CTF · 2023
Verified Credentials // Credly
C-001
C-002
C-003
C-004
C-005
C-006
C-007
C-008
C-009
C-010
C-011
C-012
C-013
C-014
C-015
C-016
C-017
C-018