Fortify Software (an HP company)
- Software Security Consultant
2008 - 2012As Senior Security Consultant I am focusing on projects that involve large customers or that require a deep security knowledge, ranging from risk analysis to code review and technical solutions and implementation. I am able to interact with every customer's level of management, ranging from executives to technical and operating resources.
I am able to revise the customer's infrastructure security level both from the technical as well as from the policies and procedures points of view.
Also, I have experience with auditing and compliance standards and security guidelines such as ISO 27001, ISO 13335, NIST Recommendations, EU/Italian Privacy Law, PCI Data Security Standard, etc.
Verizon Business
- Senior Security Consultant
PUTEAUX2008 - 2008I worked as Senior Security Consultant at Verizon Business, one of the three operating units of Verizon Communications, delivering advanced IP, data, voice, wireless and security solutions to large business and government.
I was responsible for security analysis of customer networks, systems and applications, also performing vulnerability assessments and penetration tests and other kind of security analysis at every level.
While working at Verizon I certified as Qualified Security Assessor for the PCI Data Security Standard and performed PCI auditing activities for large italian and international companies.
I developed a deep knowledge of web application firewall technologies. I successfully advised customers about solutions, driving them through the whole design, implementation and management process.
Secure Network
- Senior Security Consultant
2004 - 2008I have been working for 4 years as Senior Security Consultant at Secure Network S.r.l., an Italian company focused on Information Security services, consulting and education.
I was responsible for security analysis of customer networks, systems and applications, also performing regularly vulnerability assessments and penetration tests and other kind of security analysis at every level.
I have been involved in computer forensics investigations, usually interacting directly with customers' lawyers.
I have been in charge of designing and implementing network and system architectures based on specified security requirements.
I also worked on a long-term project in conjunction with a customer security team to design and document security policies to be applied, following the guidelines specified by the ISO 27001 standard.
Also, I held courses on a wide range of security topics (see the “Teaching” section).
DyLogic
- Developer
2002 - 2003While working as developer at DyLogic I helped in integrating new services and technologies in the unified messaging platform. I have been programming in Java software components that interacted with SMS carriers and Italian TLC companies. I also developed portions of the Java applications leveraging the messaging platform, such as multi-channel message exchange services, SMS chat services, etc.
I have also been part of the team working on videoconferencing systems, focusing on the development of a C++ client application (comparable to MS NetMeeting). I took care mostly of GUI and user interaction.
Self-Employed
- Freelance IT Consultant
1999 - 2002As a freelance consultant I carried out various IT related projects:
- IT infrastructure design and implementation
- IT security and hardening
- Web sites creation
- Software applications development
