Skip to content
View FelipeYorrisoon's full-sized avatar
🏠
Working from home
🏠
Working from home
0 followers · 1 following

Block or report FelipeYorrisoon

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
FelipeYorrisoon/README.md

Software Supply Chain Security & Cyber Due Diligence

Exposing hidden technical liabilities before they impact valuation — for M&A and Private Equity transactions

Malware Analysis Supply Chain Cyber DD C/C++/ASM

I work at the intersection of deep technical security and investment risk — helping PE firms and M&A advisors understand what they're actually acquiring when they buy a software company.

Most tech due diligence stops at architecture diagrams and pentest summaries. I go deeper: source code, dependency trees, build pipelines, and binary integrity — translating what I find into financial and operational risk that deal teams can act on.

What I focus on

Software Supply Chain Risk

  • SBOM generation, analysis & gap assessment
  • Dependency confusion & malicious package detection
  • Open source license exposure in acquisitions
  • Third-party component integrity (signing, provenance)

CI/CD & Pipeline Security

  • Build pipeline attack surface mapping
  • GitHub Actions / pipeline poisoning patterns
  • Container image and registry risk
  • Secret exposure in repos and cloud configs

Cyber Due Diligence for Deals

  • Pre-LOI and pre-close security assessments
  • Red flag identification with deal impact framing
  • Cost-of-remediation estimates for valuation
  • Post-merger integration security planning

Deep Technical Analysis

  • Static & dynamic code analysis (C/C++, Assembly)
  • Malware and implant detection in acquired codebases
  • Legacy system risk quantification
  • Trust boundary mapping across APIs and cloud

Who I work with

PE operating partners, M&A counsel, and tech DD boutiques that need a security expert who can read the actual code — not just run automated scanners and hand over a report.

Primary focus: SaaS, fintech, and healthtech targets where software supply chain risk is material but rarely assessed at depth.

Background

  • Malware analyst — static and dynamic analysis, reverse engineering, binary forensics
  • Low-level systems: C, C++, x86/x64 Assembly
  • Software supply chain security, SBOM analysis, CI/CD attack surface
  • Translating technical risk into deal-relevant language for non-technical stakeholders

Currently building

A methodology for software supply chain due diligence tailored to M&A timelines — combining SBOM analysis, pipeline security review, and deep code inspection into a structured assessment that fits inside a deal's data room process.

Open to conversations with PE operating partners, M&A advisors, and tech DD teams. Focused on what scanners miss.

Popular repositories Loading

  1. FelipeYorrisoon FelipeYorrisoon Public