Juan Pablo Tosso

Cybersecurity Research Engineer

Backend Developer

Penetration Tester

Open-Source Developer

Juan Pablo Tosso
Juan Pablo Tosso
Juan Pablo Tosso
Juan Pablo Tosso

Cybersecurity Research Engineer

Backend Developer

Penetration Tester

Open-Source Developer

About Me

Hello! I’m Juan Pablo Tosso.

I'm a cybersecurity researcher from Chile, currently working in traceable.ai, I enjoy writing open-source code, hiking, biking, spending time with my children, traveling, writing, and reading. I used to be a white hat hacker, but now I turned into the blue side.

I’m the founder and main developer of the Coraza WAF project.

My main programming languages are Golang, Python, and Ruby.

Some things about me:

  • I speak English, Spanish, and some Japanese. I’m currently studying Chinese.
  • I have this blog to test Coraza ;D
  • I have two amazing children
  • Age 30
  • Residence Chile
  • Company Traceable AI
  • Address Santiago, CL
2022 - Present
Research engineer
Traceable Inc.

Research related to API security, design and develop new API security products, and guide customers to make the most of Traceable AI.

2022 - Present
Project Leader
OWASP Foundation

Founder, leader, and maintainer for the OWASP Coraza Web Application Firewall project. I have led the development and maintenance of the project from v1 to v3.

2019 - 2022
Chief Cybersecurity Officer

Makros is a Chilean cybersecurity consultancy company. I managed multidisciplinary teams and led projects like Penetration Testing, Vulnerability Management, and DevSecOps integrations.

2016 - 2019
Chief Executive Officer
Coraza Technologies

Coraza Technologies was my first startup attempt. My role was to lead Coraza Web Application Firewall as an enterprise cybersecurity product. I led a small team of engineers and managed to raise seed funding.

2012 - 2016
Ethical Hacker

Ethical hacking and penetration testing. During these years, I had the chance to test systems from industries like OT, banking, e-commerce, retail, insurance, and more.

  • Golang
  • Python
  • Ruby
  • C
  • Web Application Firewall
  • Open-Source
  • Linux/GNU
  • Penetration Testing
  • Backend Development
  • Frontend Prototyping
  • SQL and NoSQL
  • Distributed Systems
Other skills
  • Containers
  • Kubernetes
  • Application Security
  • Team Management
  • English
  • Spanish
  • Chinese
December 26, 2021 All you need is sync.Pool

I have ignored sync.Pool for a long time but it has come to an end. One of Coraza’s greatest memory…

December 19, 2021 Protect against log4j attacks using Coraza WAF

I’m not going to write a huge post on how to protect against log4j using Coraza but I will show…

December 11, 2021 Coraza has reached 100% compatibility with OWASP Core Ruleset

I began this project in July 2020, it’s been 17 months of hard work and a lot of redesigns but…

December 8, 2021 How Coraza got 10% faster in a day

First some context, I was running some benchmarks on Coraza using the OWASP Core Ruleset on Apache-Modsecurity and Coraza-Caddy and…

Get in Touch

I won’t give you a dummy contact form, here is my email: jptosso@gmail.com

Feel free to contact me to talk about Coraza or anything. I also answer Twitter (@jptosso) and LinkedIn (@jptosso).