About me

Paulino Calderon (@calderpwn on Twitter) is the co-founder of Websec, a company offering information security consulting services based in Mexico (https://websec.mx/) and Canada (https://websec.ca/). When he is not traveling to a security conference or conducting on-site consulting for Fortune 500 companies, he spends peaceful days in Cozumel, a beautiful island in the Caribbean, working on remote projects, learning new technologies, developing new tools, or simply enjoying the beach.

Paulino’s contributions are used by millions of professionals in the cybersecurity industry. In 2011, Paulino joined the Nmap team during the Google Summer of Code to work on the project as an NSE developer. He focused on improving the web scanning capabilities and vulnerability detection in Nmap in past years. Additionally, he has been a Google Summer of Code mentor for students in 2015, 2017 (Nmap), and 2019 (OWASP IoT Goat). He collaborates with the OWASP organization by occasionally committing to projects like the OWASP Mobile Security Testing Guide, OWASP JuiceShop, and OWASP IoTGoat. He is also the chapter leader of the OWASP Riviera Maya and organizer of events like OWASP LATAM Tour Mexico and 8.8 Mexico.

He has published Nmap: Network Exploration and Security Auditing Cookbook (Now on its 3rd edition), Mastering the Nmap Scripting Engine, and Practical IoT Hacking with NoStarchPress. He loves attending information security conferences and has given talks and participated in workshops in over 50 events in China, Germany, Canada, United States, Mexico, Colombia, Peru, Bolivia, Chile, El Salvador, Honduras, Paraguay, and Curacao.

I haven’t updated my CV in so long, that it will be best for you to request my CV along with more information about the project 🙂 You can also look me up on Amazon!


I’ve had the opportunity to speak and/or give workshops at the following conferences (Private conferences not listed here):

    • Reunión de Comunidad Underground de México (@ CPMX, México city)
    • Bugcon 2012 (Workshop) (@ Instituto Politécnico Nacional, México city)
    • 2ndo Congreso Internacional de Vanguardia Tecnológica (@ Universidad Anáhuac Mayab, Mérida)
    • GuadalajaraCON (@ Universidad de Gualadajara, Guadalajara)
    • Startup Weekend Mérida (@ Universidad Anáhuac Mayab, Mérida)
    • 7a semana de la seguridad informática (@ FES Aragón UNAM, México city)
    • EC Council Global Partners Conference (@ Sheraton Maria Isabel, México city)
    • HackerHalted USA 2012 (@ Intercontinental hotel, Miami, FL) [Oct 31, 2012]
    • XI Congreso de Ingeniería “La Ingeniería Aplicada a la Seguridad y Desarrollo Nacionales” (@ Escuela Militar de Ingenieros, México city)[Nov 2012]
    •  Día Internacional de Seguridad en Cómputo (@ Universidad Autónoma del Estado de México, Toluca)[Nov 2012]
    • Security Zone 2012 (@ Medellín, Colombia) [Dec 6, 2012]
    • BugCON 2013 (@ Instituto Politécnico Nacional, México city) [Feb 2013]
    • BSides Vancouver [March 1, 2013]
    • GuadalajaraCON (@ Universidad de Gualadajara, Guadalajara) [March 2013]
    • Congreso Proxy 2013 (Hermosillo, MX)
    • 4to Congreso Nacional de Hacking Etico y Computo Forense (Bogota, CO)
    • CITIS 2014 (Mazatlan, MX)
    • Campus Party Mexico (Guadalajara, MX)
    • Soluciones Inteligentes (@ Instituto Tecnológico de Toluca)
    • Google Summer of Code Mentor Summit 2015 [SF, US]
    • DragonJARCON 2015 [Manizales, CO]
    • OWASP LATAM Tour 2016 Capítulo Perú [Lima, PE]
    • OWASP LATAM Tour 2016 Capítulo Bolivia [Santa Cruz, BO]
    • CITIS 2016 [Mazatlán, MX]
    • Campus Party Guadalajara 2016 [Guadalajara, MX]
    • Blackhat USA Arsenal 2016 [Las Vegas, US]
    • DEFCON 24 [Las Vegas, US]
    • Congreso Internacional de seguridad UANL [Monterrey, MX]
    • Cyber Security Summit Imperva [Mexico city, MX]
    • Cyber security versus Cyber Crime by ISACA Chapter Curacao [Curacao]
    • Bugcon 2016 [Mexico, city]
    • OWASP LATAM Tour 2017 Riviera Maya [Cancun, MX]
    • Google I/O Extended 2017 [Cancun, MX]
    • Smart city & Hacking (@ UNID) [Cozumel, MX]
    • DragonJAR Security Conference 2017 [Bogotá, CO]
    • 8.8 [La Paz, BO]
    • 8.8 Lucky [Santiago, CL]
    • Expo Cyber Security Summit [Tegucigalpa, Honduras]
    • OWASP LATAM TOUR 2018 México [Cancun, México]
    • OWASP LATAM TOUR 2018 El Salvador [El Salvador]
    • DEFCON China [Beijing, China]
    • DurivaCON [Mexico City]
    • Congreso Internacional de la Seguridad de la Información [Universidad Autónoma de Nuevo Leon, MTY, MX]
    • DragonJARCON 2018 [Bogota, Colombia]
    • 8.8 Perú [Lima, Perú]
    • 8.8 Bolivia [La paz, Bolivia]
    • FIADI [Panamá]
    • FIT [Guatemala, Guatemala]
    • CIDSI 2019 [Sucre, Bolivia]
    • 8.8 México [CDMX, México]
    • Panel automatización Checkmarx: Mitos y realidades [Virtual]
    • Foro Ciberseguridad Kingston [Virtual]
    • Hackday Paraguay 2020 [Virtual]
    • CCOSS 2020 [Virtual]
    • 8.8 Leyendas 2020 [Virtual]
    • 8.8 Mexico 2020 [Virtual]
    • Azul Web Night [Virtual]
    • Código Hacker de Grupo BAL [Enero 2021, Virtual]
    • NahamsecCON 2021 [Virtual]
    • IoT Village 2.0 2021 [Virtual]
    • RSA 2021 Resilience [Virtual]
    • DragonJARCON 2021 [Virtual]
    • EkoParty Radio Space 2021 [Virtual]
    • SecureCON 2021 [Virtual]
    • Conferencia ciberseguridad FEMCO 2021 [Virtual]
    • 8.8 Mexico 2021 [Virtual]
    • Alluxio Community Day April 2022 [Virtual]
    • BSides El salvador 2022 [Virtual]
    • 8.8 Real 2022 [Oct 2022, Santiago, Chile]
    • EkoParty [Buenos Aires, Argentina]
    • Conferencia Security Week 2022 [Nov 2022, Virtual]
    • Github Universe 2022 [Dec 2022, San Francisco, USA]
    • Black Hat Arsenal 2023 [Aug 2023, Las Vegas, USA] (Upcoming)
    • DragonJAR 2023 [Sept 2023, Bogota, Colombia] (Upcoming)

5 thoughts to “About me”

  1. hola, vi tu conferencia en Campus Party 7 y me gustaría tener la presentación, ya que se me hizo muy interesante, crees que podrías publicarla en la pagina?

  2. Hi Paulino,
    I am trying to implement Rainmap as with a port scanner tool that I am building. Is there a way to save or retrieve previous scan results on the rainmap GUI ?
    Right now, it appears to me that the person who gets the email of the scan results, is the only person with the results. Is there a page on the Rainmap GUI where the results get saved and can be viewed by anyone that has permissions?

Leave a Reply

Your email address will not be published. Required fields are marked *