Daniel López

Security Engineer

About Me

Hello, my name is Daniel López, and I am a Security Engineer with over 6 years of experience working in Security Operations Centers (SOC). Throughout these years, I have been involved in the analysis, containment and remediation of threats for multiple international clients across diverse sectors.

Also, in my spare time, I enjoy coding, building projects, and researching threats (which I often share on my Twitter account @0xDanielLopez). I have a particular fondness for programming in Python & Bash and exploring technologies such as AWS or playing with APIs.

These diverse interests enable me to stay up-to-date with the latest advancements in the field and to be continually learning.




Free feed of Indicators Of Compromise (IOCs) shared at Twitter

TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Focused on URLs, domains, IPs and SHA256/MD5 hashes, TweetFeed serves a Free Feed with these data that are constantly shared by researchers at Twitter.

This is a website built mainly with Bootstrap / JavaScript in frontend and Python / Bash in backend.



Free feed of active phishing cases

Website designed to identify and monitor possible active phishing cases. Searches suspicious websites, take a screenshot, grab some details (like IP, hosting provider or certificate) and serves them in a Free Feed.

This is a website built with Django / Bootstrap in frontend and Python / Bash in backend.


Cloud Software Group

Security Engineer

Oct. 2020 - Present


As a Security Engineer at the SOC of Cloud Software Group -multinational cloud computing and virtualization technology company (former Citrix)- I am responsible for analyzing, containing, and remediating all types of cyber threats (malware infections, mail campaigns, Fraud/Abuse cases, Data Loss Prevention…). In this role, I work primarily with Splunk as Security Information and Event Management (SIEM) tool, Microsoft Defender for Endpoint (MDE) as Endpoint Detection and Response (EDR) tool, and XSOAR as Security Orchestration, Automation and Response (SOAR) tool. I am also a member of the Cyber Threat Intelligence (CTI) team, where I research new kinds of threats and Tactics, Techniques and Procedures (TTPs), and stay up-to-date with emerging cyber threats.

Banco Santander

Global SOC Security Analyst

Aug. 2018 - Oct. 2020


As a Cybersecurity Analyst at the SOC of Banco Santander -Spain’s largest bank- I was responsible for managing all types of cybersecurity alerts and performing in-depth studies under direct request of customers. In this role I worked primarily with Splunk as SIEM, Falcon CrowdStrike as EDR solution and IBM Resilient as SOAR.


CyberSOC Security Analyst

Aug. 2017 - Aug. 2018


As a Security Analyst at Deloitte’s CyberSOC -largest professional services network- I analyzed and monitored all types of security alerts in real-time for multiple customers: Data Loss Prevention (DLP), Managed Security Service Provider (MSSP), and various Security Information and Event Management (SIEM) tools such as Splunk or QRADAR.


Universidad de Sevilla

Master's Degree in Telecommunications Engineering

2015 - 2019

During my Master’s Degree in Telecommunications Engineering at University of Seville, I gained a deep understanding of the principles and practices of modern telecommunications networks and systems. Throughout my studies, I was exposed to a wide range of topics including network architectures, signal processing, wireless communications, and network security.

Universidad de Sevilla

Bachelor's Degree in Telecommunications Engineering

2011 - 2015

I completed my Bachelor’s Degree in Telecommunications Engineering at University of Seville, where I gained a comprehensive understanding of the fundamental principles and practices of telecommunications engineering as well as developed my computer science and programming skills.

Certifications and Courses

  • GIAC Security Essentials (GSEC) / SANS SEC401 [badge]
  • MITRE ATT&CK Defender™ - Fundamentals Badge Training [badge]
  • MITRE ATT&CK Defender™ - Cyber Threat Intelligence Certification Training [badge]
  • MITRE ATT&CK Defender™ - SOC Assessments Certification Training [badge]
  • Security Engineering on AWS [badge]
  • Architecting on AWS – Accelerator [badge]
  • ITIL Foundation [badge]
  • Scrum Foundation Professional Certificate [badge]

At News / Media

  • Telenotícies migdia - 12/04/2023 [TV3 - midday TV news (~32.15)]
  • Telenotícies migdia - 02/06/2023 [TV3 - midday TV news (~27:48)]
  • Se ofrece ciberataque gratis en Telegram: el nuevo anzuelo de los robos ‘online’ [elconfidencial.com]
  • Siguen las campañas de phishing suplantando a la Agencia Tributaria, ahora también por SMS [ESET blog]
  • Están suplantando la web de Correos con kits vendidos en Telegram que usan sus bots para recopilar contraseñas. Y hay muchos kits así [genbeta.com]
  • Así pueden estafarte con la declaración de la Renta [elcorreo.com]
  • Telegram abre paso a la venta de kits para suplantar webs como la de Correos a través de bots [mundodeportivo.com]
  • phishunt.io, cazando phishings [derechodelared.com]
  • Suplantan la identidad de tenistas como Rafa Nadal para incentivar la descarga de vídeos con malware [20minutos.es]
  • El ciberataque vía Youtube que ha suplantado a Nadal o a Djokovic durante Wimbledon [escudodigital.com]
  • Continuan los SMS con falsos envíos de FedEx: cómo identificarlos y eliminar esta amenaza [ESET blog]
  • FedexBanker: El nuevo troyano bancario para Android que utiliza tus paquetes para robarte las credenciales [hispasec.com]
  • Los timos con criptomonedas que usan imágenes de famosos continúan muy activos [ESET Blog]
  • How does a modded crypto wallet steal credentials of an user? [@themalwarebug - medium.com]
  • Aplicación maliciosa para Android se hace pasar por una versión de la cartera de criptomonedas MetaMask [ESET Blog]
  • Best Cyber Threat Intelligence Feeds [silentpush.com]

A Little More About Me

  • Enjoy riding my bike and going to the gym (helps me a lot avoiding burnout)
  • In free cycles also love playing videogames (mostly League of Legends or CounterStrike)
  • Member of CuratedIntel trust group
  • I’m Enneagram Type 5