SECURITY OPS
EN PT
root@securityops:~$ ./portfolio --boot Systems & Security Engineering

Cristian Cezar Moisés

Security Engineer/Cryptography /Infrastructure

I design and build post-quantum cryptography, formally verified systems software, secure transport protocols, and privacy-first self-hosted infrastructure — in Rust, C11 and Python, on Linux.

In Code We Trust.
View Projects What I Offer Hire / Contact
01 — Profile

Engineering, not marketing.

I'm a Systems & Security Engineer based in Caxias do Sul, Brazil. By day I work in IT for an industrial group; outside that, I independently build and maintain Security Ops — a privacy-first stack of self-hosted services and open-source cryptographic software.

My focus is the parts of security that have to actually hold: post-quantum cryptography (ML-KEM, ML-DSA), formal verification (Jasmin, Frama-C/ACSL), constant-time implementation, secure transport protocols, and data compression. Every performance claim is a measured number or labelled as an estimate — no benchmarks I can't reproduce.

I ship in Rust, C11, Python and Bash, deploy on Linux with Docker and GNU Guix, and host everything across clearnet and Tor. I work in tight, buildable increments: complete code, real tests, NIST/RFC vectors where crypto is involved.

02 — Services

What I build for clients.

Websites, software, and security work — delivered as complete, documented, buildable deliverables.

01

Web Design & Development

Fast, privacy-first websites and web apps. Static-first, no trackers, accessible, and built to load instantly — like this page (zero JavaScript).

HTML/CSSA11yPerformance
02

Software Development

Systems software in Rust, C11 and Python — CLIs, daemons, SDKs and protocol implementations. Zero-warning builds, tested, packaged for real install.

RustC11Python
03

Post-Quantum Migration

Cryptographic inventory, crypto-agility assessment, and migration audits to ML-KEM / ML-DSA. Find what breaks under a quantum adversary — before it does.

ML-KEMML-DSAAudit
04

Secure Infrastructure

Hardened, self-hosted deployments with defense-in-depth: Docker, GNU Guix, nftables, WireGuard, Tor + clearnet. Threat-modelled in plain English.

DockerGNU GuixHardening
05

Formal Verification & Audit

Constant-time review, side-channel analysis, threat modeling, and machine- checked proofs with Jasmin and Frama-C/ACSL for code that has to be correct.

JasminFrama-CCT review
06

Commercial Licensing

Several projects ship AGPL-3.0 with a commercial license option for enterprise and banking use. Talk to me about dual-licensing and integration.

AGPL-3.0B2BSDK
03 — Projects

Open-source & product work.

A selection of what I build and maintain. Source lives at git.securityops.co.

// transport

Evelin

Post-quantum secure transport layer. Named after my late mother. AGPL-3.0 with a commercial license option.

RustML-KEM-1024ML-DSA-87ChaCha20-Poly1305
 // protocol

BTP

Berkeley Transport Protocol — a post-quantum transport with no CA trust model and a cross-witness mesh. Targeting IRTF / PQUIP discussion.

RustML-KEM-1024ML-DSA-87BLAKE3
 // compression

VaptVupt

Compression codec: LZ77 + 4-way interleaved tANS + order-1 context model, AVX2-accelerated.

Rust[MEASURED] +1.07% ratio vs zstd-3AVX2
 // backup

Zupt

Compression + post-quantum encrypted backup, with VaptVupt as the default codec. CLI plus an Android client.

RustKotlinAGPL-3.0
 // sdk

libzuptsdk

In-house cryptography SDK providing a hybrid KEM and primitives shared across the Security Ops projects.

RustML-KEM-768X25519 hybrid
 // android

ObliterateX

Secure deletion for Android — crypto-erase backed by the Android Keystore for irrecoverable data destruction.

KotlinAES-256-GCMKeystore
 // search

Security Search

A privacy metasearch instance — no tracking, no fingerprinting, self-hosted on clearnet and Tor.

PHPSelf-hostedTor
 // tooling

PQC Toolkit

Cryptographic inventory scanner, crypto-agility checks, and migration-audit tooling for the post-quantum transition.

RustPythonScanner
 // comms

E2EE Suite

End-to-end encrypted communication tools: SecVid · KeyWave · SecChat · TempChat.

RustE2EEPQC
 // emacs

whatsapp.el

A full WhatsApp client for GNU Emacs over a Baileys bridge — 70 commands, 80 keybindings.

Emacs LispNode.jsBaileys
04 — Stack

Tools of the trade.

Languages

RustC11Python BashKotlinEmacs Lisp

Cryptography

ML-KEMML-DSASLH-DSA ChaCha20-Poly1305AES-256-GCM BLAKE3SHA-3Argon2id HKDFX25519/Ed25519

Verification

JasminFrama-C/ACSL EasyCryptdudectThreat Modeling

Systems

LinuxGNU GuixDocker NginxnftablesWireGuard TorForgejo

Let's build something secure.

Have a website, a piece of software, or a post-quantum migration in mind? Send a message — I read every one.

sac@securityops.co
securityops.co git.securityops.co LinkedIn ORCID