About me

About Carlos and this site

About this site

This website is mostly a repository of resources where I collaborated, sessions I participated in, and ocassionaly other things related to hobbies (maybe something about ergonomic keyboards, or desk set ups coming?) or anything that caught my attention and want to have at hand.

About me

I’m (among other things) a digital security trainer, auditor, and advisor with experience working mostly with civil society actors like human rights defenders, journalists, and targeted activists and groups. My biggest interests in this field are facilitation and the learning aspects of digital security and threat modeling, creation of materials, and training on more advanced threats for local security practitioners, as well than working with high and extreme risk actors.

Currently, I’m open to working on consultancies. The work I usually do includes:

  • Digital security trainings, assessments, consultations, organizational policy development, control deployment, incident response, etc. I also have experience organizing and conducting trainings for other security practitioners who want to become trainers, auditors, and first responders, among others. Currently, my interest is more focused on computer forensics, malware analysis, and integrating technical context into other aspects of security, including physical, emotional, financial, administrative, and regulatory.
  • Technical material development, including guides, tutorials, courses, and other resources. Most of my experience is in digital security-related products, but I also have experience with different kinds of technical materials, such as tool documentation and first-contact materials for new audiences. I also have experience with translations between English and Spanish.
  • Organizational process review and rework, not only to make sure security and privacy considerations are incorporated, but also to make sure the processes are efficient, leverage technology in a way that makes sense, and make people’s lives easier. My experience includes the execution of risk, need, and capacity assessments.
  • Technical research, I’m particularly interested in technical surveillance and censorship
  • Facilitating activities with a clear goal in mind and understanding the audience, I can develop and execute exercises to gather necessary information, ensure alignment, or enhance processes and dynamics within groups.

If you are interested in connecting to discuss work opportunities, you can reach out to contact[at]cguerra.com

I have worked in global, regional and in-country projects and organizations, the biggest ones are:

Internews: Greater Internet Freedom

My role involved designing and implementing the digital security strategy for 39 countries across 8 regions. This meant working closely with in-country organizations and consultants to develop activities that would strengthen the digital resilience of civil society actors on the ground. Some specific highlights from this program include developing a tutorial to analize suspicious documents in search of malware, helping coordinate the internal evaluation on the security assessment framework SAFETAG, and organizing the Organizational Security Village.

Internews: Civic DEFENDERS

So far, I contributed to the program proposal and designed the strategies and processes for implementing activities in 16 countries across 8 regions in the world, as well as global activities tailored to increase the capacity of the consortium of local organizations implementing the main activities. My work focused on digital security and circumvention technology, aiming to bolster the resilience of at-risk civil society groups.

Conexo

Here I worked on a variety of projects, from conducting digital security training for journalists in sensitive zones, to developing organizational security policies for human rights organizations being persecuted, and speaking in lectures for college students on digital security all in many Latin American countries.

Fake Antenna Detection (FADe) Project

Here I was the technical lead of research of anomalies in cell phone networks looking for the presence of fake base stations in 10 localities in Latin America. I mostly helped design the monitoring campaigns and deploy and manage all the technical infrastructure to analyze the data, employing novel methodologies/tools to find and process the relevant data like the seaglass project from the University of Washington and crocodile hunter (now RayHunter) from the Electronic Frontier Foundation.

Derechos Digitales

After my Ford/Mozilla Open Web Fellowship, I joined the Derechos Digitales team, where I provided IT support and implemented security-related activities across Latin America. This included trainings, audits, and network building for civil society actors. I also had the opportunity to deepen my IT administration skills, developing, for example, an Ansible playbook for secure static/PHP/WordPress deployments (which might be updated soon).

Venezuela Inteligente (now VESinFiltro)

Here I helped the team to develop a monitoring campaign to measure technical censorship in Venezuela around 2014 and also later as a collaborator for other activities. I contributed in a couple of quick research pieces around phishing campaigns conducted by the Venezuelan government, there we uncovered and analyzed DNS poisoning and spoofing in the country main ISP, making users to redirect legitimate traffic to malicious clone websites targeting opposition simpatizers.

Also…

  • I was an Ford/Mozilla Open Web Fellow for the 2017-2018 cohort hosted in Derechos Digitales (after the fellowship I joined the team :)
  • I have done many consultant gig in Latin America, Spain, and the US conducting digital security trainings and audits for civil society organizations and media outlets, as well as training for new trainers and auditors.
  • Some others around election monitoring, surveillance tech, supporting incidents, etc.

Besides more technically specialized stuff, I’m also very interested in process improvement (as in mapping, optimization, systematization, automation, etc.), databases, and process documentation.

Some other initiatives where I collaborated

From more active content development to advise, to participation in conversations leading to some products:

CC BY-NC-ND
© 2020 - 2025 Carlos Guerra
Built with Hugo
Theme Stack designed by Jimmy