I am a Security Engineer with experience building security functions at Fortune500, Pre-IPO companies, and exponential growth startups.
Currently, I'm a Staff Cloud Security Engineer at Gitlab, owning efforts related to securing GitLab's SaaS infrastructure, alongside cloud and container technologies.
At the same time, I curate CloudSecList, a newsletter that highlights security-related news focused on the cloud native landscape, and CloudSecDocs, a website collecting and sharing my technical notes and knowledge on cloud-native technologies, security, technical leadership, and engineering culture. I'm also a member of CNCF Security Technical Advisory Group (STAG), part of the committee tasked with creating the Certified Kubernetes Security Specialist (CKS) Certification, and maintainer of Cartography.
Previously, I was the Lead Cloud Security Engineer at Thought Machine, working on the architecture and implementation of best in class protective and detective security controls for Thought Machine's Vault: a complete retail banking platform, built from the ground up as a cloud native, service provider agnostic, container based solution. In particular, in this position, I focused on the security of the cloud environments, as well as of the Kubernetes clusters, hosting their core banking platform.
I hold a Master's Degree in Engineering of Computing Systems from the Politecnico di Milano University, and international certifications such as CISSP, CCSP, CNCF CKS, AWS CSA, GCP Associate Cloud Engineer, GCP Professional Cloud Security Engineer, Microsoft Certified Azure Fundamentals, HashiCorp Infrastructure Automation & Security Automation Certifications (Terraform & Vault), and OSCP.
I published and presented at several security conferences including KubeCon, Black Hat, AppSec, DEEPSEC, BSides, ACSAC, CCS, and NATO's CYCON.
Currently Working On
Please refer to the "Projects & Publications" page for a short list of what I'm currently working on in my spare time.