IT Security Specialist / Consultant
2012 - ad oggi
As a member of a security operations center team, i deal with development, support and applications maintenance. Responsible for assurance of critical security services,
i have been managing a plethora of systems and technologies: for instance, the main internal security infrastructure based on vmware and microsoft products that provides authentication and roles to operators in the security organization, integrated with many specific systems and services.
I have been re-deploying a whole lot of user management application, distributing them through an application server running microsoft remote programs service.
I manage a vmware based mediated access system that enables company personnel to work on sensitive data and critical systems while having their activities logged analytically but never disclosed if not otherwise disposed for forensic analysis, assuring the integrity, confidentiality and non repudiability of the data.
I am entitled for personal reliability and security clearance to look for evidences in the event of investigations.
On the security governance side, i follow and assure compliance, audit checks, risk analysis and mitigation, policies enforcement, incident handling.
As IT security consultant and systems engineer, i constantly interact with several enterprise's departments and their senior management, as infrastructure engineering, security engineering, security governance and analysis, network operation center, network authorization officers, network engineering, identity management administrative lines. As security consultant and specialist i also interact with external suppliers, software vendors, technology partners for projects developments, with external clients and all company departments, managing their support requests, solving their problems,assessing their technical needs, providing expertise, communication with specialized support lines, studying and proposing solutions.
IT Consultant / Tutor
IMOP - State Politeknik University. I have been involved with an interdisciplinary project made available
by the EURES program, where i have been learning the russian language while helping as a support officer - tutor in the institute didactic organization / infrastructure.
Senior Security Specialist / Consultant (SOC)
Telecom Italia (Rome)
In this position, as systems engineer and security specialist / consultant at company security operation center, i have been responsible for working on:
The main company antivirus infrastructure (Symantec) and its reporting,
IDS infrastructure and monitoring/reporting (IBM ISS - Sourcefire),
authentication systems and Identity management services, (CA Siteminder SSO, Alladin PKI, RSA-Secure-ID, RSA Archer)
password and credentials management system (Cyberark EPV, Lieberman ERPM)
internal (departmental) CMS (MS sharepoint)
internal security infrastructures (Vmware V-Sphere and Microsoft directory services), monitoring (Nagios)
Asset and monitoring tools (OCS - Solar Winds, Nagios, Ops-View)
Siem (Novell E-Sentinel - Net-Forensics),
As security specialist / consultant, have been maintaining and troubleshooting applications, deploying risk mitigation plans, following incidents handling and audits reports, performing vulnerabilities assessments and penetration tests, retrieving evidences by conducting logs analysis and events screening, taking part in forensic analysis.
(ids/ips): ISS Site protector, Sourcefire/snort,
(correlation - forensics): E-sentinel, Net-Forensics, RSA Envision,
(access control): Ovpn, Check Point,
(infrastructure and virtualization): Vmware - Hyperview,
(otp systems - identity management): Cyber-Ark, RSA-PKI
As security consultant, i have been discussing operational issues regarding projects deployed with senior technical and security engineering, relating with senior management to define and discuss advancements in development stages of projects, change management of technologies and assets, definition of operational plans, response to audit checks and solutions compliance issues. As security specialist i have been reviewing technical documentation and response to security controls for all the solutions i have been delivering and managing.
Private Consultings (2003 -2010)
I have been consulting privately for many firms .. among them:
Pubblicita` In (Digital Prints, Roma)
Forum P.A. (Fiera di Roma),
Arcoscenico (Scenography, Roma),
Starfarm (Media, Roma),
Fondazione Rosselli / Cotec Economic research institute P.A.( www.cotec.it...)
I.S.S. (Biomedical engineering, Roma),
La Sapienza State University of Rome (Chemical and mechanical engineering departments)
Titanus Film-making productions,
La 7 Telecomitalia Media,
Studio Legale De Crescenzo / CdC servizi finanziari (Roma)
Dari Automazioni industrial and scenographic automation (Roma)
Infrastructures, security and compliance assesments, data storage and back up / workflow automations
Project manager - IT Consultant
City of Rome
As a systems engineer and manager for several aspects of the whole project, I have been taking part of a complex re-engineering of the network and services at City of Rome IT department control room. The main point was the actualization of the many interconnected networks and the change management of the infrastructure from the existing microsoft NT star model to the upcoming active directory technology.
I have been managing a team of 7, collecting pre-requisites, writing the technical documentation, discussing the deployment phases with the senior engineering, deploying the new high availability infrastructure, putting in place patches distribution, back-up processes and leveraging the transition moving many critical services and applications.
In the team: 2 dba, 1 networking specialist 4 systems engineers.
I have been ensuring that all the projects phases tasks were accomplished in a timely fashion according to gannt, and supported personnel after delivering the new assets and applications,
worked side by side with auditors, checking policies and systems hardening,
writing guidelines, technical documents and manuals for operations.
As IT consultant I also participated in a project for the interconnection of the payment terminals distributed nationwide to the Lottomatica* banking and billing services, delivering the main infrastructural servers and supporting the development of payment system model and connection, authentication and functioning of client terminals. I have been deploying client systems images and putting in place a security patches distribution plan, creating and implementing digital certificates for proper encrypted communication and creating vpn routes for the secured traffic channels.
*Lottomatica is one of the biggest italian companies in the gaming and lottery industry, providing also payment services to the public administration.
IT Systems engineer - IT Security Consultant
In a well established wed design and development company,
i have been responsible for administering web servers and containers, configuration and tuning for security, access control, testing and development, balancing and availability.
I have been keeping dns records, back-ups of contents and databases.
Working on co-located hosting machines, i have been ensuring proper functionality for web hosting applications, keeping systems up to date and hardened, providing logs analysis, balancing traffic and work loads.
IT Systems engineer / Developer / Consultant
As IT Consultant and Systems engineer i have been taking part at the development of
contacts and inventory applications mainly for art galleries, photo studios, high resolution photo archives, catalogs for travel shops, real estate agents.
I have been taking part to the re-development of the technological infrastructure for a very important auction house active in the figurative art secondary market.
I have been working in a team of developers customizing market applications code to suit client needs and building a displaying systems for auctions bids and exhibition halls, interconnected with real time ticks from a web application operated by auctions officers.
Part of the project was the development of a a one click emailing and printing application for marketing purposes consisting of a web based catalog for artworks and a clients electronic rolodex behind.
As IT Systems engineer i have been working with Microsoft and Linux - Unixwares technologies, Apple, Lucent and Agfa products, Allaire, Macromedia, Adobe software.
Contax srl (Rome)
In this position as a Junior systems administrator, i have working on pre-printing systems, office automation. As technologist - technical support, have delivered and maintained file servers, production printing terminals and printing chains, workstations, small business LAN's and office automation applications.
Worked mainly with Microsoft 3x systems, Apple McIntosh FX workstations, IBM AS400, SCSI disks arrays and plotting firmwares.