IT Integrator

Security Architect


I am a senior IT Security Systems Architect, with an extensive experience built working for several big organizations.

Working many years in IT Security engineering, assurance, architecture, analysis, I have gained a very good overview on security practices for complex infrastructures.

My primary focus is on technical security.
I am experienced in security architectures, design – delivery -- operations, platforms and change management. Fully exposed to methodologies for offensive security, risk – threat management, vulnerability assessment, events monitoring, incident handling practices, forensic analysis, fraud prevention - profiling.

Project and team management.
I have been always relating with clients and stakeholders, assessing business requirements and presenting, delivering and supporting solutions aimed to secure their business services and workflows. Have built experience in infrastructural projects, products selection (technical and market scouting), systems integration, and built a strong know-how with many technologies. .

Have built experience in program management, solutions design, systems integration, and a strong know-how in many technologies and methodologies. I am keen to learn new scopes quickly and like to work out effective solutions in all contexts, interacting with teams members. I am always ready (and value very much) to listen. I strongly believe in knowledge sharing being at the base of the internet as we know it.

I am fluent in Italian, English, and conversational Russian, can speak and understand at basic level Spanish and French.

Latest Experience

IT Security Solution Architect
ING Direct -- Remote
Privileged Access Management - IT Security solutions architect.
IAM - PAM Architectures -- Cybersecurity Solutions

IT Security Analyst
HID Global -- Malta
Security Analysis, Vulnerability Assessment
Advisor on Information Security matters, contributor to solutions design, security control effectiveness. Vulnerability and compliance scans, oversee of security policies and standards adherence. Internal audits lead and focal point for independent external audits. Release, Control and Validation for the formal Change Request Process.

IT Security Solutions Architect
Euroclear -- Brussels -- Belgium
Privileged Access Management Architecture, design, delivery, assurance, auditing.
Worked at designing and delivering the integration and implementation of PAM control systems.
Responsible for following up on incidents response conducting logs analysis and addressing compliance audits.
Have followed a defense in depth approach for datasets protection based on the classification of data, preventive auditing, adoption of a data-centric security layering and a detailed incident response plan.
Have ensured that all PAM and IAM control applications enforcing the adopted policies (Cyberark, Power Broker, Sailpoint) had their activity logs collected and parsed by behavioral analysis and patterns matching tools (Arcsight – CyberArk PTA) and the alert information derived were submitted in real time to intelligence screening.

IT Security Solutions Architect
YPTO/NMBS -- Brussels -- Belgium
Privileged Access Management processes design and implementation.
I have been responsible for re-shaping the company PAM control processes throughout the NMBS (Belgian railways company) organization.
I have worked together with company CISO and the program management in charge of company digital transformation at implementing a robust model for the IAM – PAM domain.
Have designed the new process and control systems.

Security Solutions Architect
Toyota Motor Europe -- Brussels -- Belgium
Application security and access control processes development, assurance.
Main technologies:
Forge-Rock Open AM /Open IDM, CA Siteminder, Oracle XML GW, Beyond Trust Power Broker

Design and implementation of solutions aimed to provide access security: Management of privileged access policies, study and development for enterprise LDAP schemas, implementation and management of Unix Apache web servers, reverse proxies, secure access modules and their interaction with applications containers (Tomcat- Websphere-Jboss-Jetty).
Focused on security and compliance for web/cloud based applications.

Main protocols: REST, SOAP, SAML, XACML, 0Auth

Infrastructure security project management: Solutions design and implementation of security controls, responsible for the proper enforcement of procedures and processes, study of solutions aimed to automate the deployment of secure applications and enforcement of operational processes and practices.
In charge for solutions aimed to the management of global access control processes.
Have managed and delivered a project for a secure access solution to the main TME application servers pool.
Member of Enterprise Architecture team working at the choice of a new enterprise IDM solution and oversee of cross functional projects for the IT services continuous change management and innovation, member of change management committee and reviewer for the access control domain.
Monitoring solutions (SolarWinds--Nagios).

Security Integrator
CyberArk LTD -- London -- GB -- Utrecht -- The Netherlands
As CyberArk LTD representative / consultant, I have been responsible for supporting the implementation and daily operation of the Cyber-Ark Privileged Identity Management application suite and infrastructure for international clients.

I have dealt with implementation, maintenance and integration of core identity management architectures on a worldwide scale, studying and delivering solutions aimed to perfect the identity and access management processes.
I have been hired as a consultant working on definite projects, focused on compliance and assurance.

Cyber-Ark LTD Certified Professional Partner

Security Operations Specialist
Selex Elsag (Finmeccanica) -- Rome -- Italy

As a member of company SOC, i have been dealing with development, support and maintenance of applications. Responsible for assurance of critical security services, i have been managing a plethora of systems and technologies:

The main internal security infrastructure based on VmWare and Microsoft solutions providing authentication and roles based authorization to operators in the security organization, integrated with many specific systems and services.

I have been consolidating several applications into a single management scope, distributing them through Microsoft virtual apps services. Deployed and managed the EPO E-Policy Orchestrator suite from MCAFEE.

Deployed and maintained the CyberArk password management infrastructure.

I have been developing and managing a VmWare based mediated access system that enables company personnel to work on sensitive data and critical systems while having their activities logged analytically but never disclosed if not otherwise disposed for forensic analysis, assuring the integrity, confidentiality and non repudiability of the data.

Entitled for personal reliability and security clearance to look for evidences in the event of investigations.
Followed and assured compliance assesments, audit checks, risk analysis and mitigation, policies enforcement, incident handling.

IT Security Operations Specialist / Analyst
Telecom Italia -- Rome -- Italy
Arcitectures management, systems administration (security infrastructure systems design, integration, monitoring, and troubleshooting) incident handling, compliance, vulnerability assessment and reporting, logs analysis, auditing.

In this position, as a consultant systems engineer and security specialist at company security operation center, i have been responsible for working on:
The main company antivirus infrastructure (Symantec) and its reports.
IDS infrastructure and monitoring/reporting (IBM ISS - Sourcefire).
Authentication systems and Identity management services, (CA Siteminder SSO, Alladin PKI, RSA-Secure-ID).
Privileged identity systems - passwords management (Cyberark EPV, Lieberman ERPM.
GRC solutions (RSA Archer, SAS).
Internal (departmental) CMS (MS sharepoint).
Internal security infrastructures (Vmware V-Sphere and Microsoft directory services).
Asset and monitoring tools (OCS - Solar Winds, Nagios, Ops-View).
Siem (Novell E-Sentinel - Net-Forensics).

As security specialist, have been maintaining and troubleshooting applications, deploying risk mitigation plans, following incidents handling and audits reports, performing vulnerabilities assessments and penetration tests, retrieving evidences by conducting logs analysis and events screening, taking part in forensic analysis.

Products specialties:

Ids/ips: ISS Site protector, Sourcefire/snort,
Correlation - forensics: E-sentinel, Net-Forensics, RSA Envision,
Access control: Ovpn, Check Point,
Infrastructure and virtualization: Vmware - Hyperview,
Monitoring: Nagios,
Access control: Cyber-Ark EPV, Lieberman ERPM, RSA-PKI

I have been implementing, maintaining and troubleshooting security applications, documenting and following their change management, deploying post-incidents mitigation plans, following incidents handling and audits reports, performing standard vulnerabilities assessments and penetration tests on all systems I have been managing, retrieving evidences by conducting logs analysis and events screenings, took part in major forensic analysis and investigations.

I have been reviewing technical documentation and response to security controls for all the solutions i have been delivering and managing.

Systems Integrator and Presale Engineer
Getronics -- Amsterdam -- Rome
Comune di Roma Dip. II, Sistemi informativi ed informatici dipartimentali.
City of Rome -- Lottomatica (gaming and payment services to public administration)

• I have been taking part of a complex re-engineering of the network and services at City of Rome IT department control room. The main point was the actualization of the many interconnected networks and the change management for the migration of the infrastructure from the existing Microsoft NT star model to the upcoming active directory technology.

• I have been managing a team of 7 engineers, collecting pre-requisites, writing the technical documentation, discussing the deployment phases with the senior engineering, deploying the new high availability infrastructure, putting in place patches distribution, antivirus, back-up processes and leveraging the transition moving many critical services and applications. In the team: 2 dba, 1 networking specialist, 4 systems engineer.
• I have been ensuring that all of the project sprints were accomplished in a timely fashion, reporting about advancements to stakeholders and supporting personnel after delivering the new assets and applications, worked side by side with security auditors, checking policies and systems hardening, writing guidelines, technical documents and manuals for operations. I have been handling the deployment of an asset inventory database.

As IT consultant I also participated in a project for the interconnection of the payment terminals distributed nationwide to the Lottomatica* banking and billing services, delivering the main infrastructural servers and supporting the development of payment system model and connection, authentication and proper functioning of client terminals.
I have been deploying client systems images and putting in place a security patches distribution plan, creating and implementing digital certificates for proper encrypted communication and creating vpn tunnels for securing endpoints communication channels.

*Lottomatica is one of the biggest italian companies in the gaming and lottery industry, providing also payment services to the public administration.

Technologies (Specialties and familiarities)

Virtualization technologies:
Vmware, Hiper-V --

Cloud services: MS Azure (service level experience and security)

Storage systems, fiber switches (EMC2 – HP- Hitachi), Netapp, Veritas, Legato Networker --

Web Servers /Containers:
Apache, IIS, Tomcat, Jboss Websphere, Jetty --

Scripting -- Development:
Bash, some Java/JavaScript, Php, Powershell --

MySql, Ms Sql server, Oracle (experience with basic administration)--

Infrastructure monitoring and asset:
Nagios, OCS, OPSView, Solarwinds --

Net Forensics, Mcafee ESM, HP Arcsight --

IDS / IPS, Antivirus, Endpoint Protection / DLP:
IBM Iss, Sourcefire, Macafee EPO - NSM - Virus Scan -- XDR solutions

Access Control /PAM:
CA Siteminder, CyberArk PAS: EPV--PSM-AIM, Lieberman ERPM, Forge-Rock OpenAm /Open IDM, Oracle XML Gateway, PBIS (Power Broker Identity Services), LDAP management --

OS Server / Workstation / Cloud Infrastructure:
Windows, Unix / Linux *nix flavors, VmW ESX --

Microsoft ecosystem:
SCCM, Active Directory --

Administered and maintained LANs, knowledge of layer 2 and 3 switching --

Routing - Firewalling technologies, Basic administration of Cisco, Juniper appliances, Bluecoat proxies, F5 Load Balancers--

Endpoint Protection Technologies:
Symantec DLP, Tripwire, n-Circle --

Threats / Malware Protection:
FireEye, Qualys --

Frameworks and Standards
I am aware of and can reference the following security frameworks and protocols:

Older background is on my Linkedin profile

IT Security
IT Architecture
Sys Engineering

Contact info