I'm a Cloud Security Engineer at Thought Machine, working on the architecture and implementation of best in class protective and detective security controls for Thought Machine's Vault: a complete retail banking platform, built from the ground up as a cloud native, service provider agnostic, container based solution. In particular, in this position, I’m focusing on the security of the containerisation technologies used (i.e., Docker and Kubernetes), as well as of the deployments on the different cloud providers (AWS, GCP, Azure).
Previously, I was a Senior Security Engineer at Mastercard, responsible for building and leading its Offensive Security Program, while managing a geographically distributed and agile team performing penetration testing and red teaming engagements to evaluate the security of Mastercard’s networks. In addition, I was also responsible for providing security consultancy around the migration of the company to cloud native technologies, by ensuring the robustness of the cloud infrastructure, and the security and integration of containerisation technologies within the CI pipeline.
Before Mastercard I was a Security Consultant at MWR Infosecurity (now F-Secure Consulting), working extensively on security assurance projects (with a specialisation in mobile applications), and looking after research for MWR's UK mobile practice. While at MWR, I was heavily involved in research surrounding mobile security: I created Needle (the iOS Security Testing Framework) and the "Offensive iOS Exploitation" training, which I delivered at international security conferences.
I hold a Master's Degree in Engineering of Computing Systems from the Politecnico di Milano University, and international certifications such as CISSP (Certified Information Systems Security Professional), CCSP (Certified Cloud Security Professional), AWS CSA (Certified Solutions Architect - Associate), OSCP (Offensive Security Certified Professional), and CREST CRT (Registered Penetration Tester).
I both published and presented at several security conferences including Black Hat, AppSec, DEEPSEC, Bsides, ACSAC, CCS, and NATO's CYCON. I'm a contributor of the OWASP Project and a Technical Reviewer of both technical books and IEEE Journals.