Server-Side Template Injection (SSTI): When Django Templates Become a Weapon
May 11, 2026
Django Security Series — Post 3 | Series I: Injection Attacks OWASP A03:2021 — Injection | Reading time: ~14…
About Me
Transitioning into Cybersecurity | Public Law Attorney — Security, Forensics & GRC
I am a career-transition professional moving from 20 years of legal practice — specializing in Public Law — into cybersecurity. What I bring to the field is a foundation that most junior candidates simply cannot replicate: structured legal reasoning, deep knowledge of regulatory and compliance frameworks, evidence-handling discipline forged in practice, and two decades of managing sensitive data under strict legal obligations.
Public law practice demands rigorous documentation standards, a thorough understanding of institutional risk, and the ability to navigate complex regulatory environments — competencies that map directly onto Governance, Risk & Compliance (GRC), Digital Forensics & Incident Response (DFIR), and Security Operations. Whether interpreting LGPD/GDPR compliance requirements, applying chain-of-custody procedures, or identifying systemic risk across a portfolio of 20,000+ clients, the analytical discipline was always the same.
To formalize this transition, I earned a Postgraduate degree in Digital Security (10.0/10.0 — PUCRS), hold CompTIA Security+, CompTIA Network+ and CompTIA Cybersecurity Analyst+ certifications. I am also enrolled in a Cybersecurity Risk Management diploma with Co-op at CCTB (Vancouver), which bridges my legal and analytical background with hands-on technical training.
Hands-on Lab & Training Focus
Through structured lab environments and self-directed practice, I am actively building technical depth in:
- SIEM & Log Analysis: Splunk (TryHackMe, HTB labs), alert triage workflows, log correlation.
- Network Analysis: Wireshark pcap analysis, traffic pattern recognition, Nmap reconnaissance.
- Scripting & Automation: Python scripting for data extraction and workflow automation — a genuine strength from years of development work on production Django applications.
- Frameworks: NIST CSF, OWASP Top 10, ICP-Brasil PKI (deep expertise), LGPD/GDPR compliance.
What I Bring to a Security Team
I am targeting roles where professional maturity, regulatory literacy, and analytical rigor are valued alongside technical skills — including SOC Analyst, GRC Analyst, and Digital Forensics Analyst positions. My public law background provides a natural bridge to roles involving compliance audits, incident documentation, legal hold procedures, and evidence chain-of-custody — areas where legal and technical expertise intersect directly.
The technical depth is being built deliberately and will continue growing on the job. I am based in Vancouver, BC, and available to relocate to any city in Canada immediately if the opportunity requires it. Reach out via Email or connect on LinkedIn.
Certifications
Experience
Independent Software Developer
Self-EmployedFeb 2014 — Present (12 years)
Engineered proprietary VBA-based legal-tech solutions, including a complex judicial calculation engine, automating financial data processing while ensuring strict mathematical accuracy and data integrity for court submissions.
Architected and developed custom full-stack web applications and automation tools (Python, Django) to optimize business operations and manage personal financial data.
Engineered a Judicial Debt Management System using Django and PostgreSQL, processing large-scale client portfolios and automating document workflows.
Developed a legally valid digital petition platform ("Petição Brasil") integrated with the Brazilian Government PKI (ICP-Brasil) to ensure secure authentication and chain-of-custody validation.
Senior Attorney & Legal Operations Lead
Henrique Teixeira Advogados AssociadosMar 2012 — Mar 2026 (14 years)
Led a legal and administrative team of 30+ professionals across four locations, standardizing investigative, analytical, and operational workflows to support a portfolio of 20,000+ clients.
Conducted rigorous analysis of complex documents, contracts, and case evidence, leveraging critical thinking to identify risks, build strategies, and ensure regulatory compliance.
Standardized procedures and documentation during organizational changes to improve consistency and quality control.
Authored a long-running legal blog at thiagohenrique.adv.br covering Public Law and digital-rights topics.
Lawyer
Henrique Teixeira Advogados AssociadosSep 2010 — Feb 2012 (1 year)
Provided comprehensive legal counsel and representation for public educators across the State of Maranhão, managing a high volume of specialized public sector litigation.
Legal Assistant
Henrique Teixeira Advogados AssociadosDec 2004 — Aug 2010 (5 years)
Developed a comprehensive understanding of firm operations, progressing through multiple support roles to ensure efficient daily administrative and legal workflows.
Education
Cybersecurity Risk Management with Co-op — Network and System Security Management
Canadian College of Technology and Business (CCTB)2025 — Present
Furthering technical specialization in Cybersecurity Risk Management. Program covers network security, systems hardening, risk assessment, and co-operative work placement in the Canadian tech sector.
Postgraduate Lato Sensu — Specialization in Digital Security
PUCRS — Pontifícia Universidade Católica do Rio Grande do Sul2024 — 2026 · 10.0 / 10.0
Focused on the intersection of legal frameworks and technical security. Covered Digital Security strategies, Data Governance, and the management of complex data ecosystems to ensure organizational compliance and resilience. Competencies: Compliance, Cybersecurity Governance, Data Protection, Risk Management.
Postgraduate Lato Sensu — Public Law
PUCRS — Pontifícia Universidade Católica do Rio Grande do Sul2022 — 2024 · 9.7 / 10.0
Advanced specialization focused on Public and Constitutional Law, covering administrative law, constitutional principles, and public sector governance. Competencies: Constitutional Law, Administrative Law, Public Governance.
Bachelor of Laws (LL.B.) — Law and Legal Studies
UNICEUMA — Universidade CEUMA2005 — 2010
Featured Projects
Digital Petitions & the Legal Validity of Popular Will: An ICP-Brasil Authentication Proposal
Final Paper — PUC-RS (Score: 10/10)
Published a final paper with a perfect score of 10/10, exploring the intersection of Direct Democracy and Information Assurance. Developed a technical framework applying the CIANA Pentagon (Confidentiality, Integrity, Availability, Non-repudiation, Authentication) to validate digital petitions using ICP-Brasil PKI infrastructure and SHA-256 cryptographic signatures.
The research evolved into Petição Brasil — a live civic-tech platform described as the only Brazilian platform that unites participatory democracy and legal security. Citizens create public petitions, sign them with any ICP-Brasil certificate (Gov.br, e-CPF, A1/A3), and receive an automatically generated chain-of-custody PDF with cryptographic evidence and QR code — giving petitions the same legal standing as physical documents before public bodies, legislative chambers, and courts. The platform also enables Popular Legislative Initiative (Brazilian Constitutional Art. 61, §2º), making it the first fully digital, zero-cost path for any citizen to propose laws to Congress. LGPD-compliant, free forever, and privacy by design.
Controle de Precatórios — Judicial Debt Management System
Full-Stack Django Application | Brazilian Legal Tech
Full-stack Django application to centralize the management of judicial precatórios (court-ordered government debt instruments) issued against Brazilian public entities, built for a law firm with thousands of clients.
Tracks each precatório (government debt writ) by CNJ (Conselho Nacional de Justiça — National Council of Justice) number with independent payment statuses for three financial components: crédito principal (principal debt), honorários contratuais (contractual attorney fees), and honorários sucumbenciais (loser-pays attorney fees). Includes client/CPF (Cadastro de Pessoas Físicas — Brazilian taxpayer ID) management, alvará (court payment order) and requerimento (formal petition) workflows with configurable phase pipelines, a diligências (legal task) tracker with urgency and deadline controls, secure 50 MB PDF uploads to AWS S3, financial dashboard aggregates, and a bulk Excel import pipeline. Deployed on Heroku with PostgreSQL and gunicorn.
Recent Posts
Cross-Site Scripting (XSS): Stored, Reflected and DOM-Based Attacks — and Why mark_safe and Unsafe Markdown Are Equally Dangerous
May 07, 2026
Django Security Series — Post 2 | Series I: Injection Attacks OWASP A03:2021 — Injection | Reading time: ~15…
SQL Injection: How Attackers Break Your Database and How Django's ORM Stops Them
May 04, 2026
Django Security Series — Post 1 | Series I: Injection Attacks OWASP A03:2021 — Injection | Reading time: ~12 min The…
How We Built Automatic Signature Verification for Digital Democracy in Brazil — And Why It Changes Everything
March 10, 2026
Most online petition platforms collect emails. Our project collects legally-valid cryptographic proof. I'm sharing the…
Available for SOC, GRC or Digital Forensics Analyst roles in Canada — based in Vancouver and available to relocate to any city in Canada immediately.
Get in Touch