IT Integrator

Security Architect


I am a senior IT Project Manager and Security Specialist - Architect, with extensive experience working for several big organizations in the Finance / Telco / Government / Automotive sectors. Working many years in IT Security Engineering, I have gained a very good overview of security best practices for complex infrastructures. My primary focus is on technical security. I am experienced in security architectures design, platforms management and change management. Have a good experience with methodologies for security events monitoring, Incident handling practices, forensic / fraud management. Project management, team building and coordination, selection and management of teams. I have been always relating with clients and stakeholders, assessing business requirements and presenting, delivering and supporting solutions aimed to secure their services and workflows. Have built experience in datacenter virtualization projects, products selection (technical and market scouting), systems integration, and built a strong technological know-how in many technologies and methodologies. I am keen to learn new scopes quickly and like to work out effective solutions in all contexts, interacting with teams members. I am always ready (and value very much) to share knowledge and listen. I am fluent in Italian, English, and conversational Russian, can speak and understand at basic level Spanish and some French. I am looking for IT Security roles and I am available to discuss any opportunities.

Latest Experience

Current Position
Security Systems Architect - Integrator
Toyota Motor Europe -- Brussels, Belgium

IDM - PAS Access control and identity management processes development, assurance. Privileged access management. Main technologies: Forge-Rock Open AM, CA Siteminder, Oracle XML GW Design and implementation of secure access middle-wares, management of access policies, deployment of Unix Apache web servers, reverse proxies, secure access modules, application containers (Tomcat -- Websphere, Jboss -- Jetty). Focused on security and compliance for web/cloud based applications. Protocols: REST, SOAP, SAML Solutions: ID-Based, Federated - 0Auth SSO Infrastructure security: Design and implementation of controls, responsible for the proper enforcement of security processes, study and project management for solutions aimed to streamline and automate applications security. Monitoring solutions (SolarWinds--Nagios).

Security Integrator
CyberArk LTD --London, GB -- Utrecht, The Netherlands

As CyberArk LTD representative presales engineer / consultant, I have been responsible for supporting daily operations of Cyber-Ark PAS and infrastructures for big financial istitutions. I have dealt with implementation, maintenance and integration of core identity management architectures on a worldwide scale, studying and delivering solutions aimed to perfect the identity and access management processes. I have been hired as a consultant working on definite projects, focused on compliance and assurance. Cyber-Ark LTD Certified Professional Partner

2012 -- 2014
Security Operations Specialist
Selex Elsag (Finmeccanica)

As a member of company SOC, i have been dealing with development, support and maintenance of applications. Responsible for assurance of critical security services, i have been managing a plethora of systems and technologies: The main internal security infrastructure based on VmWare and Microsoft solutions providing authentication and roles based authorization to operators in the security organization, integrated with many specific systems and services. I have been consolidating several applications into a single management scope, distributing them through Microsoft virtual apps services. Deployed and managed the EPO E-Policy Orchestrator suite from MCAFEE Deployed and maintained the CyberArk password management infrastructure. I have been developing and managing a VmWare based mediated access system that enables company personnel to work on sensitive data and critical systems while having their activities logged analytically but never disclosed if not otherwise disposed for forensic analysis, assuring the integrity, confidentiality and non repudiability of the data. Entitled for personal reliability and security clearance to look for evidences in the event of investigations. Followed and assured compliance assesments, audit checks, risk analysis and mitigation, policies enforcement, incident handling. As IT security consultant and systems engineer, i have been constantly interacting with several enterprise's departments and their senior management, as infrastructure engineering, security engineering, security governance and analysis, network operation center, network engineering, identity management administrative lines, external suppliers, software vendors, technology partners for projects developments, with external clients and all company departments, managing their support requests, solving their problems,assessing their technical needs, studying and proposing solutions.

2006 -- 2011
IT Security Operations Specialist / Analyst
Telecom Italia

Project management, systems administration (security infrastructure systems design, integration, monitoring, and troubleshooting) incident handling, compliance, vulnerability assessment and reporting, logs analysis, auditing. In this position, as systems engineer and security specialist / consultant at company security operation center, i have been responsible for working on: The main company antivirus infrastructure (Symantec) and its reports, IDS infrastructure and monitoring/reporting (IBM ISS - Sourcefire), Authentication systems and Identity management services, (CA Siteminder SSO, Alladin PKI, RSA-Secure-ID) Privileged identity systems - passwords management (Cyberark EPV, Lieberman ERPM. GRC solutions (RSA Archer, SAS) Internal (departmental) CMS (MS sharepoint) Internal security infrastructures (Vmware V-Sphere and Microsoft directory services), monitoring (Nagios) Asset and monitoring tools (OCS - Solar Winds, Nagios, Ops-View) Siem (Novell E-Sentinel - Net-Forensics), As security specialist / consultant, have been maintaining and troubleshooting applications, deploying risk mitigation plans, following incidents handling and audits reports, performing vulnerabilities assessments and penetration tests, retrieving evidences by conducting logs analysis and events screening, taking part in forensic analysis. Products specialties: (ids/ips): ISS Site protector, Sourcefire/snort, (correlation - forensics): E-sentinel, Net-Forensics, RSA Envision, (access control): Ovpn, Check Point, (infrastructure and virtualization): Vmware - Hyperview, (monitoring): Nagios, (access control): Cyber-Ark EPV, Lieberman ERPM, RSA-PKI As security consultant, i have been discussing projects relating with business management to define and discuss viability, budgets, advancements in development stages, change management, definition of operational plans, response to audits (internal and external), compliance issues. As security specialist i have been reviewing technical documentation and response to security controls for all the solutions i have been delivering and managing.

2002 -- 2006
Systems Integrator and Presale Engineer

Comune di Roma Dip. II, Sistemi informativi ed informatici dipartimentali, Via della Greca 5, City of Rome, Lottomatica (gaming and payment services to P.A.) City of Rome As a project manager and systems engineer, I have been taking part of a complex re-engineering of the IT network and services at City of Rome IT department control room. The main point was the consolidation of the many interconnected networks and the change management of the infrastructure from the existing Microsoft NT model to the upcoming Active Directory technology. I have been managing a team of 7 specialists, collecting pre-requisites, writing the technical documentation, discussing the deployment phases with senior engineering, deploying the new high availability core infrastructure, putting in place patches distribution, back-up processes and leveraging the transition moving many critical services and applications. In the team: 1 dba, 1 networking specialist 4 systems engineers. I have been ensuring that tasks at all the projects phases were accomplished in a timely fashion according to defined timeline and supported personnel after delivering the new assets and applications, worked side by side with auditors, checking policies and systems hardening, writing guidelines, technical documents and manuals for operations. As IT consultant I also participated in a project for the interconnection of the payment terminals distributed nationwide to the Lottomatica* banking and billing services, delivering the main infrastructural servers and supporting the development of payment system model and connection, authentication and proper functioning of client terminals. I have been deploying client systems images and putting in place a security patches distribution plan, creating and implementing digital certificates for proper encrypted communication and creating vpn tunnels for securing endpoints communication channels. *Lottomatica is one of the biggest italian companies in the gaming and lottery industry, providing also payment services to the public administration.

Technologies (Specialties and familiarities)
Virtualization technologies: Vmware, Hiper-V -- Storage / San / Nas: Storage systems, fiber switches -- Systems Management / Deployment: MS SCCM - MDT, Chef, Puppet, Zenwork -- Data Management: Storage technologies (EMC2 - HP - Hitachi), Veritas, Legato Networker, Bacula -- Web Servers /Containers: Apache, IIS, Tomcat, Jboss Websphere, Jetty -- Scripting: JavaScript, C#, Php, C/C++ shell -- Database: MySql, Ms Sql server, Oracle (Basic Administration)-- Infrastructure monitoring and asset: Nagios, OCS, OPSView, Solarwinds -- Siem/Correlators: Net Forensics, Mcafee ESM, HP Arcsight -- IDS / IPS, Antivirus, Endpoint Protection / DLP: Iss Site protector, Sourcefire, Macafee EPO - NSM - Virus Scan -- Identity / Access Management: CA Siteminder - RSA SecurID - CyberArk EPV-PIM-PSM-AIM, Lieberman ERPM, OpenSSO - OpenAm, Oracle XML Gateway -- OS Server / Workstation: Windows Unix / Linux *nix flavors, VmW ESX MAC Os -- Microsoft technologies SCCM, Active Directory Microsoft Proxy Server, ISA Server, Sharepoint -- Administered and maintained LANs in Fast Ethernet, Token Ring, Apple Talk technologies, knowledge of layer 2 and 3 switching -- Understanding of routing - firewalling technologies, basic IOS administration Endpoint Protection Technologies: Symantec DLP, Tripwire, n-Circle -- Threats / Malware Protection: FireEye, BitDefender

Older background is on my Linkedin profile

IT Security
IT Architecture
Sys Engineering
Project Management

Contact info