We are passionate icon


We believe that quality is the natural product of passion and care. We love what we do and continuously work on mastering our craft. Every engagement is finely executed with dedication and attention to details.

We have expertise icon


Our team has decades of experience in application security. We are industry leaders in penetration testing, reverse engineering, and source code review. Doyensec researchers have found and reported numerous vulnerabilities in widely-deployed products, secured fortune 500 enterprises, advised startups and worked with tech companies to eradicate security flaws.

We provide focused security icon


Security craftsmanship is all about the individualized attention to our clients and the delivery of tailored security principles and products. We concentrate on application security and do fewer things better.

We do high-level research icon


The fast changing landscape of technology and security threats requires constant innovation. We are dedicated to providing research-driven application security and therefore invest 25% of our time exclusively to research where we build security testing tools, discover new attack techniques and develop countermeasures.

Luca Carettoni picture

Luca Carettoni

With over 15 years of experience in the application security field, Luca Carettoni is a respected web security expert. Throughout his career, he has worked on security problems affecting multiple industries and companies of different sizes. At LinkedIn, he managed and led an entire team responsible for identifying new security vulnerabilities in applications, infrastructure and open source components. Prior to that, Luca worked as the Director of Information Security at Addepar, a startup that is reinventing global wealth management. Proud to be a Matasano Security alumni, he helped bootstrap the Silicon Valley office by delivering high-quality security assessments to software vendors and startups. As a security researcher, he discovered numerous vulnerabilities in software products of multiple vendors including 3com, Apple, Barracuda, Cisco, Citrix, HP, IBM, Oracle, Sun, Siemens, VMware, Zend and many others. Since the beginning of his career, he has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master's Degree in Computer Engineering from the Politecnico di Milano University.

John Villamil picture

John Villamil

John has worked in a variety of infosec roles from forensics and consulting to large enterprise security. He was most recently part of the Yahoo! Paranoids red team, operating on a network with over 600,000 systems servicing nearly a billion users. That kind of scale totally alters the security dynamic when designing tools and scoping targets. Previously, he was a consultant and researcher at Accuvant Labs, responsible for executing tightly scoped projects for third party clients and cutting-edge vulnerability research. Before Accuvant, John spent a few years at Matasano Security. This is where his consulting career blossomed. He worked with dozens of clients, finding hundreds of bugs across the entire gambit of programming languages and web services. During his career, education and training were paramount. He routinely volunteered to kickstart training programs and to become a mentor to juniors in the field. John has also spoken at conferences around the world and has given lectures in universities on topics like fuzzing and dynamic program analysis. In his own research, he enjoys exploring complicated code and has reported dozens of security flaws in browsers, kernels, security software, phones and more. He is also known for creating art on the chess board.

US Office
350 Townsend Street, Suite 840
San Francisco, CA 94107 - USA

John Villamil

EMEA Office
Ul. Florianska 6, Suite 1B
03-707 Warsaw - Poland

Luca Carettoni

When working with Doyensec, you will be working directly with its founders. We are the points of contact, the negotiators, the problem solvers, and the hackers.

For proposals or questions: info@doyensec.com or +1 (628) 333 9093

Doyensec is hiring!