By day, I am an Senior Offensive Security Researcher;
by night, a dedicated Bug Bounty Hunter
I'm a Senior Offensive Security Researcher with over 10 years of experience finding vulnerabilities in web applications, networks, mobile apps, and APIs.
My security research has led to successful vulnerability discoveries and responsible disclosures with major organizations including X (formerly Twitter), NASA, World Health Organization (WHO), United Nations (UN), Red Bull, Starbucks, NordVPN, Bitwarden, and various U.S. Department of Defense entities, among many other organizations.
I spent 6 years in the Philippine banking industry at Metropolitan Bank & Trust Company (Metrobank), where I led the Offensive Security Team from 2023 to 2025. Currently, I'm working as a Elite Web Application Security Specialist for a North American banking institution.
When I'm not hunting for vulnerabilities, you'll find me coding side projects, gaming, traveling to new places, or behind the camera capturing moments. I believe this blend of technical precision and creative thinking helps me spot security issues others might miss.
The Global Information Assurance Certification (GIAC) program is a leading provider and developer of Cyber Security Certifications.
Authenticate
Certificate is earned by completing the CyberWarFare Labs Red Team Analyst Course and successfully passing the 6 hours practical examination.
Authenticate
Certification created by The SecOps Group. Candidates have to prove their knowledge on application pentesting in practical exam.
Authenticate
Intermediate-level exam to test candidate's knowledge on core concepts of network security and practical pentest skills.
Authenticate
SANS Challenge Coins: The Ultimate Recognition to Elite Cybersecurity Professionals
AuthenticateCertification On progress..
Contributing to security through responsible disclosure
National Aeronautics and Space Administration - Received Letter of Appreciation for vulnerability disclosure.
Global health agency - Received recognition for security contribution.
Federal agency - Received official recognition for vulnerability report.
Social media platform serving millions worldwide.
Global coffee company with high security standards.
Leading VPN service for speed and security.
Red Bull is the most popular energy drink brand with a market share of 43%, and the third most valuable soft drink brand.
Online cashback, deals and coupons platform founded in 2006, operating in France, Germany, Spain, and Poland.
American multinational corporation founded in 1892 that manufactures, sells and markets soft drinks worldwide.
Open source password management solutions.
World's largest health and beauty retail group.
Enterprise work management platform.
Adult entertainment platform.
Web form builder and data collection platform.
Adult entertainment platform.
Acknowledgments for contributions to private programs and more are kept confidential.
From people who trust in my work
"During our time working together at ePLDT, I had the pleasure of witnessing Steven's exceptional adaptability and continuous pursuit of learning. His ability to quickly adapt to new situations and technologies, combined with his eagerness to learn and grow, made him a valuable asset to our team. Steven's dedication to staying ahead of the curve in the ever-evolving field of cybersecurity is truly commendable."
"I had the privilege of working alongside Steven Floresca on a project focused on web application penetration testing, and I was truly amazed by his proficiency and knowledge in this field. Steven displayed an extensive grasp of web application vulnerabilities, successfully identifying and exploiting weaknesses that had been overlooked by others."
"I had the opportunity to learn a great deal about penetration testing and information security while working with Steven. His diverse experience significantly contributed to the success of our team and enhanced the quality of our engagements. Steven consistently demonstrated deep expertise and excellence in both his technical work and his people management skills. What truly sets him apart, though, is his generosity in sharing knowledge—he’s always willing to teach and support his colleagues. He is a perfect example of a leader in a penetration testing team."
For recommendations or collaboration, don't hesitate to reach out