• OWASP, OSSTMM d’internal AUDIT Disaster Recovery e Business Continuity per la protezione dati.

Esperienze lavorative

Maggio 2015 – Oggi Figura ricoperta Senior Security Enginner Datore di lavoro Hitachi Systems CGT Luogo Milano Principali attività e responsabilità I'm responsible for the entire delivery and success of security consulting projects by managing a team of consultants and the relationships with the Clients. Particularly, the activities are focused on the following topics:
-Security Strategy (evaluation of current maturity level, definition of security master plan, etc);-Security Governance (definition of security policies, processes, procedures and metrics, etc);
-Risk Management (IT risk assessment, definition of IT risk management methodologies, etc);
-Security Compliance (gap analysis in respect of Privacy, PCI DSS, ISO 27001 requirements);
-Business Continuity & Disaster Recovery (Business Impact Analysis, Risk Assessment, definition of strategies and procedures, etc);
Additionally, I support the Management for the growth of the business unit and during the presales activities.

Gennaio 2014 – Marzo 2015 Figura ricoperta Security manager Datore di lavoro Araknos Srl Luogo Casalecchio di Reno Principali attività e responsabilità

-Analysis of network infrastructure for insertion and sizing of the framework SIEM + Akab2
– Managing the entire product line life cycle from strategic planning to tactical activities.
-Specifying market requirements for current and future products by conducting market research supported by on-going visits to customers and non-customers.
-Driving a solution set across development teams (primarily Development/Engineering, and Marketing Communications) through market requirements, product contract, and positioning. Developing and implementing a company-wide go-to-market plan, working with all departments to execute.
-Analyzing potential partner relationships for the product.

Luglio 2002 – Dicembre 2013  Figura ricoperta CTO and Security Specialist Datore di lavoro Archebit SPA Luogo Milano Principali attività e responsabilità

– Planning and supervision of the new service infrastructure at IDC,  XaaS methods oriented.
– Coordination and supervision of projects of business continuity (DR & BC)
– Virtualization & Cloud Security consulting; Penetration testing & vulnerability management; Remediation/Mitigation strategies (Patch Management, Configuration Management); Policy, Standards & Regulatory Compliance (including ISO,CIS, NIST-SCAP, PCI DSS, HIPAA/HITECH)
– My function was also to be a technical expert in these security solutions to assist the sales team to promote our products’ usage with resellers’ channel and end-customers. I helped resellers inRFP answers and in  qualifying  the good architectures.

Gennaio 1999 – Giugno 2002 Figura ricoperta Senior System Engineer Datore di lavoro CGA Group Luogo Milano/Roma Principali attività e responsabilità

As a Systems Engineer-Security Specialist, my responsibilities included pre-sales consulting engagements to deliver vulnerability management solutions and services covering Netware, Microsoft and UNIX environments. I spent significant time becoming proficient in vulnerability assessment, system hardening, and auditing via hands on experience with numerous products.
I worked to ensure project execution in accordance with our needs. I helped in writing project proposals, specifications and so,  during the delivery phase I led a team of technicians and I was responsible of the project on all levels (profitability, time execution, customer relationship, etc.). I was involved in business development according to the Company strategies,  supporting the sales and marketing departments. Among the most important projects, the review, study and implementation of security policies and analysis of the new security infrastructure.

Istruzione e Formazione

Aprile 1994 Titolo della qualifica rilasciata Specializzazione in tecniche biomedicali telematiche Istituto di istruzione o formazione Univerista di P isa CNR Luogo PISA

Conoscenze linguistiche

Lingua Italiano Capacità di lettura/scrittura Madrelingua Capacità di espressione orale Madrelingua

Lingua Inglese Capacità di lettura/scrittura Buono Capacità di espressione orale Buono Note Inglese tecnico buono comprensione buono

Lingua Francese Capacità di lettura/scrittura Scolastico Capacità di espressione orale Scolastico

Conoscenze informatiche

FW e periferiche di sicurezza (Ottimo)
SW di base e HW di Sistema (Ottimo)
Compliance e audit sicurezza (Ottimo)
Pentest a Audit di sicurezza (Ottimo)
Networking e TCP (Ottimo)
I state below my technical skills in detail:
1. Detailed knowledge of the architectural elements of the CISC and RISC computer.
2.  IT infrastructures engineering and administration, relationships management, work organization, resources   coordination, project leading.
3.  UNIX, Microsoft, Linux O.S. (Solaris, Red Hat, HP-UX, IBM AIX, Windows 2012 server)
4. Clustering (, Red Hat Cluster, HP Service Guard, PowerHA, VERITAS Cluster)
5.  Virtualization and Cloud Computing (VMware, Red Hat Enterprise Virtualization, Open Stack, KVM, Oracle   VM, Xen, Verizon CaaS, XEN, Citrix XenServer).
6. Real time Operating Systems and Cluster for high-performance calculus
7. IT Security management, hardening, auditing, assessment, penetration testing, incident handling, ethical hacking; Computer, network and mobile forensics: ITIL incident management with subsequent safety measures and preparation of replication actions to intrusion.st for deploying and delivery project, for local and geographically distributed networking environments focused on security related concepts (FW,VPN,IDS,Strong Auth.).  Excellent knowledge of encryption theory.
Ability to conduct analysis for the verification of compliance with international standards of security, competence to implement security analysis of systems and infrastructure using methodologies such as OWASP, OSSTMM.
8. Business Continuity Planning and Disaster Recovery (Data Replication, Global Copy/Mirror, Business Copy, Tiered Storage management and troubleshooting (I have  maximum autonomy in the conduct of internal audit practices and validation  of projects of Disaster Recovery and Business Continuity for data protection);
9. Project management, planning and scheduling, resources management, customer relationship management, supplier’s relationships management, project quality management, project delivery and deployment. I also have a remarkable experience in a good range of Customers from different sectors, and in several roles (from service delivery to pre-sales,  to consulting and development);
10. Competency to design and manage issues related to a structure ISP (AS, DNS, Mail Services, internet sites and dynamic CMS, Addressing and routing IP v4 / v6). Good knowledge of the concepts behind the design and management of Private and Public Cloud systems and in general "ecosystem XaaS;
11. Broad technical background that allows me to design, implement and follow, even directly, Information Systems dedicated, shared and cross-platform (Unix, Microsoft, OS / 2, OS/400, etc..) Knowledge of Citrix MetaFrame 4.0 platform. Knowledge of logic and management of major systems Hypervisor virtualization (VMWare, Xen, KVM, etc.). Ability to configure and install the shared storage (SAN, NAS, etc.);
I have a thorough knowledge of network protocols and Specifically the TCP / IP stack, I am able to work on projects of complex structures in LAN and WAN, and practical and theoretical knowledge of the instruments of direct analysis (Sniffer). Ability to install and configure complex structures at the level WAN and VLAN, routing and switching. Experience in advanced diagnostic and monitoring devices, protocols, compression and caching;