About

Martín Martín

Offensive security professional based in Madrid. 18+ years finding the bugs attackers would exploit.

I've been obsessed with offensive security since I was 12. By that age I was on the staff of one of the biggest Spanish-speaking cybersecurity forums of its time. At 14 I was part of a small group researching some of the first flaws in the Bluetooth protocol. Along the way I was finding bugs in the software of that era (phpBB and other mainstays) and reporting them to vendors in a time when bug bounty programs didn't exist yet. Forums, IRC channels and breaking things on my own. Self-taught the whole way.

Linux was the other obsession. That's why my professional career started as a sysadmin in 2007: servers, networks, breaking things and putting them back together. The admin side gave me infrastructure depth; the offensive side, the one I'd been doing on my own since I was a kid, is what I've spent more than two decades sharpening.

Today it's offensive security full time. Pentesting across web, mobile, cloud, API and LLM/GenAI environments. Red team and purple team programs. Bug bounty and CVE research. 6 CVEs published so far, more than 1,000 vulnerabilities reported across hundreds of organizations, and findings that have helped protect more than 127K+ websites.

In practice: I run pentests for clients, I publish what's safe to publish, and I teach. 200+ students through private training and lectures with a 9.5/10 average rating. Available for mentoring sessions, private training and conference talks on offensive security, bug bounty and security careers.

Background

18+ years in IT & security

Corporate path

Same company

Senior Offensive Security LeadCurrent

2026 – PresentGlobal Enterprise · Remote

Offensive Security Lead2025 – 2026

Global Enterprise · Remote

Senior Security Specialist2023 – 2025

Global Enterprise · Remote

Security Analyst2022 – 2023

Global Enterprise · Remote

IT Operations2013 – 2022

Global Healthcare Company · Madrid

Server & Network Administrator2008 – 2013

Spanish SME · Madrid

IT Support Technician2007 – 2008

Spanish Banking Group · Madrid

Independent path

Independent Security ProfessionalActive

2016 – PresentBug Bounty · Pentesting · Training

What I do as freelance

1,000+ vulnerabilities reported

Bug bounty programs & pentests

6 published CVEs

Vulnerability research & disclosure · 127K+ sites protected

Open-source tools

Recon & offensive security automation

200+ students trained · 9.5/10

Mentoring, private training & bootcamp lectures

Talks & speaking

Conferences, universities & meetups

Certifications

Certified Ethical Hacker EC-Council · CEH Verify Certified Red Team Operator Zero Point Security · CRTO Verify Certified API Pentester The SecOps Group · C-APIPen Verify Certified AI/ML Pentester The SecOps Group · C-AI/MLPen Verify Red Teaming LLM Apps DeepLearning.AI Verify

Full details on LinkedIn

Testimonials

What people say

Client

"We were preparing for our ISO 27001 certification and needed a proper pentest. Martín found issues that our previous vendor and automated scans had completely missed. Clear report, zero fluff, and he took the time to walk our devs through every fix."

Executive at a fintech company

Colleague

"Martín is the type of teammate that makes you wonder how you managed before he joined. His work on alert and incident handling has been excellent. He ran several internal pentests and delivered detailed reports that were key to improving our overall security."

Former colleague, Security team

Want to work together?

Pentests, mentoring, talks, or just want to chat about a finding.

Based in Madrid · Working remotely worldwide · Typically reply within 24h