💼 I am a Principal Security Engineer with experience building security functions at Fortune500, pre-IPO companies, and exponential growth startups. Currently, I own efforts to secure GitLab's SaaS cloud infrastructure and container technologies.
✍🏻 I curate CloudSecList, a newsletter that keeps thousands of security professionals informed about current happenings and news related to the security of cloud-native technologies, and CloudSecDocs, a website collecting and sharing my technical notes and knowledge on cloud-native technologies, security, technical leadership, and engineering culture.
📚 I blog about cloud security, strategy, and technical leadership, and I'm writing "The CloudSec Engineer", a book on how to enter, establish yourself, and thrive in the cloud security industry as an individual contributor.
🔑 I also run a boutique security advisory firm, and I am an advisor and angel investor of a few early-stage startups.
I am a member of the CNCF Security Technical Advisory Group (STAG), part of the committee tasked with creating the Certified Kubernetes Security Specialist (CKS) Certification, part of the AWS Community Builders program, and maintainer of Cartography. I am also a mentor in the Lead the Future program, a non-profit that helps young italian talents to pursue a career in the STEM field.
I hold a Master's Degree in Engineering of Computing Systems from the Politecnico di Milano University, and international certifications such as CISSP, CCSP, CNCF CKS, AWS Certified Solutions Architect (CSA), AWS Certified Security - Specialty (SCS), GCP Associate Cloud Engineer, GCP Professional Cloud Security Engineer, Microsoft Certified Azure Fundamentals, HashiCorp Infrastructure Automation & Security Automation Certifications (Terraform & Vault), and OSCP.
I published and presented at several security conferences, including KubeCon, Black Hat, AppSec, DEEPSEC, BSides, ACSAC, CCS, and NATO's CYCON.
Previous to Gitlab, I was:
- The Lead Cloud Security Engineer at Thought Machine, working on the architecture and implementation of best-in-class protective and detective security controls for Thought Machine's Vault: a complete retail banking platform built from the ground up as a cloud-native, service provider agnostic, container-based solution. In particular, I focused on the security of the cloud environments and the Kubernetes clusters hosting their core banking platform.
- A Senior Security Engineer at Mastercard, responsible for building and leading its Offensive Security Program while managing a geographically distributed team performing penetration testing and red teaming engagements. In addition, I provided security guidance around the company's migration to cloud-native technologies by ensuring the security and robustness of the new architecture and the integration of containerization technologies (i.e., Docker and Kubernetes) within the main CI/CD pipeline.
- A Security Consultant at MWR Infosecurity (now F-Secure Consulting), working extensively on security assurance projects (with a specialisation in mobile applications), and looking after research for MWR's UK mobile practice. While at MWR, I was heavily involved in research surrounding mobile security: I created Needle (the iOS Security Testing Framework) and the "Offensive iOS Exploitation" training, which I delivered at international security conferences.