Thiago Goncalves

Senior Software Engineer & Founder | Security-First AI Platforms | Developer Tools

St Petersburg, FL

Professional Summary

I'm a Senior Software Engineer and Founder building trustworthy, security-first AI platforms and developer tools. Over twenty years across infrastructure, security, and distributed systems — often in adversarial or failure-prone environments — deeply shape how I approach AI: reliability, integrity, and privacy aren't afterthoughts, they're the starting point. I've built and shipped products used by developers today, including Continuity, an AI memory architecture that preserves long-term context across tools and sessions, and RedArchives, an integrity-first evidence platform built to protect high-risk data in human rights and investigative contexts. My background in offensive security taught me how systems fail and how they're exploited — which is why my work now focuses on building AI platforms that withstand adversarial conditions, not just ideal ones.

Experience

Founder & Solo Developer

Hackerware · Freelance

Jun 2022 - Present · Remote

Building security-first AI platforms and developer tools from concept to production. Focused on systems where context integrity, provenance, and adversarial resilience are design requirements — not afterthoughts.

RedArchives — Preserving truth when evidence is at risk.

War crimes evidence is routinely deleted — over 15,000 videos lost in just 10 days. RedArchives is a blockchain-anchored platform built for ICC and tribunals to preserve, verify, and present evidence that withstands nation-state-level adversarial pressure.
Designed a zero-trust architecture with AES-256 encryption, AI-powered deepfake detection, and geographically distributed storage achieving 99.9% availability by design.
Engineered the full evidence lifecycle: field collection → AI verification → blockchain anchoring → distributed storage → court-ready documentation.
Built for environments where integrity isn't optional — threat model accounts for nation-state actors, multi-jurisdictional collaboration, and adversarial tampering.

Tech Stack:

Blockchain, AI/ML, Geographic Redundancy, Cryptographic Hashing, RBAC

Continuity — AI memory for developers who are tired of re-explaining their codebase.

AI tools forget what developers already know. Continuity preserves long-term context across sessions, tools, and workflows — so engineers stop re-explaining their system on every prompt.
Built as a VS Code extension and CLI with MCP server integration, enabling seamless context persistence across major AI code assistants.
Engineered TypeScript AST parsing for documentation and delta tracking, with a file protection system that detects exposed secrets before they reach AI models.
Designed for local-first, security-conscious environments where context integrity, provenance, and developer control matter as much as capability.

Tech Stack:

TypeScript, Node.js, Webpack, MCP, File Watchers, VS Code Extension API

Senior Information Technology Specialist

ShineOn · Full-time

May 2022 - Jan 2026 · St Petersburg, Florida

Delivered over $85K in annual savings through strategic SaaS audits, license optimization, and vendor renegotiation.
Consolidated disparate security systems (access control, cameras, network) into a unified Ubiquiti environment, significantly reducing the attack surface.
Spearheaded company-wide Jira adoption and served as the primary escalation point for all critical IT incidents.
Authored and enforced IT compliance policies for access control, data handling, and disaster recovery, maintaining 99.9% system availability.
Reduced organizational risk via systematic system hardening, rigorous patch management, and improved access control protocols.

Pentester / IT Specialist

Quantum IT · Freelance & Self-employed

Jun 2003 - Present · Apollo Beach, Florida

Provided offensive security assessments for SMB/enterprise clients, translating technical findings to business risk. Also managed comprehensive IT infrastructure and systems.

Conducted end-to-end penetration tests on networks, web apps, and cloud infrastructure, identifying OWASP Top 10 vulnerabilities.
Utilized Burp Suite, Nessus, Nmap, Metasploit, and custom scripts to execute SQL injection, XSS, and authentication bypass tests.
Produced executive-level risk reports with CVSS scoring and actionable remediation guidance aligned with NIST, ISO, and HIPAA standards.
Managed Windows/Linux servers, Active Directory, Group Policy, and virtualization platforms.
Designed and secured network architectures with VLANs, firewalls, and VPNs.