Omar Morando

A partner you can trust

What I Do

Cyber security OT

Ethical hacking, penetration testing, vulnerability analysis in OT domain. More then 20 years in OT/ICS Industrial Automation domain (SCADA, PLC, remote I/O, fieldbus).

ScadaSploit Framework

I'm the developer of "ScadaSploit", a framework which includes dozens of auxiliary modules and exploits dedicated to OT systems. It's widely used during sessions of vulnerability analysis and penetration testing.

Coding

Deep knowledge in software development for mobile robots, embedded systems, IoT and real-time. Languages: C/C++, Python, C#, Java. Frameworks: Qt/QML, PyQt, ROS.

Training & Consulting

Training and dissemination of issues related to cyber security, privacy and data protection. We can help you to evaluate the resources and impact of implementing your cyber security process from design to operational.

Resume

Experience

04/2022 - present
Sababa Security

Chief Technology Officer

As Chief Technology Officer (CTO), I'm focused on Sababa's cybersecurity requirements, opportunities and technology challenges. I'm responsible for the strategy of developing and delivering innovative products and services to customers.

12/2021 - 04/2022
Sababa Security

Adversary Cyber Security Director

After over 10 years as an independent consultant in embedded development and ethical hacking, I joined the Sababa team with great enthusiasm. Now I lead the offensive security Business Unit, coordinating a team of incredibly talented penetration testers capable of performing offensive security activities in IT, ICS and Automotive.

10/2020 - present
CNH Industrial - Freelance

OT Cyber Security Specialist (external consultant)

Joined the on-board Telematics team to provide support for the implementation of cybersecurity in the ECUs on board of connected vehicles. My activity is to define the guidelines for the implementation of hardware and software cyber security in compliance with the ISO/SAE 21434 and UNECE R155 requirements.

2010 - 12/2021
freelance

Cyber security, ethical hacker, OT specialist

I was a freelance security researcher and penetration tester focused on offensive OT/ICS security, with 20+ years of experience in the industrial automation domain working with SCADA, PLC, fieldbus, remote I/O • I'm the developer of "SCADAsploit", a framework which includes dozens of auxiliary modules and exploits dedicated to OT systems, in particular PLC and SCADA mainly present on the Italian market • Training and dissemination on cyber security and ICS protection issues • Design and development of real-time software on embedded systems for industry and mobile robots.

2017 - 12/2019
DigiSky

R&D UAV Systems

I was part of the international team involved in the technical development and cyber security aspect of "Use case scenario" within the European Research and Innovation project "Horizon 2020 - CPSwarm", focused on the development of algorithms and control systems for swarms of drones, with self-organization and fully autonomous flight and with a secure communication layer between swarm agents.

2008 - 2010
Progea International

International Business Developer

I was in charge of further developing and managing worldwide sales for Progea, Italian company specialized in SCADA and HMI applications • Start-up of the new branch in Lugano, starting new subsidiaries and distributors • Building new professional teams • Training, technical support, sales forecasting, international marketing and communication, conventions and exhibition.

2005 - 2008
Caterpillar Group - CGT

Business Developer Manager

Reporting directly to the General Manager, I was in charge of business development working in close contact with other Managers • Market analysis, competition and geomarketing, which led to the improvement of commercial coverage and efficiency • Business development with targeted actions to strengthen the service network offer.

2000 - 2005
Schneider Electric

Group Product Manager - Industrial Automation Systems

I was in charge of directing the product teams responsible for the industrial automation products, including: SCADA and PC based software, PLC, industrial PC, remote I/O and networks with a total turnover of over € 20 million.

1995 - 2000
Schneider Electric

Product Manager

I was responsible for major PLC lines, SCADA and PC based software. I acquired expertise in product marketing plans, competition analysis, price definition, promotions, exhibitions, events • Launch of new products, definition of sales budget and communication plans, creation of commercial documents • As a product specialist, I’ve provided technical support on ICS systems to the sales network in the pre/after-sales phase. • Training of sales network for new products and direct support for major clients • Speaker at dozens of technical conferences.

1990 - 1995
Schneider Electric

Software Engineer

Software Engineer for SCADA systems • Technical support on SCADA supervision software and networks, and joined the sales network at the pre/after-sales stage and for technical intervention at clients’ premises • Technical trainer • Development of SCADA and HMI applications, integration with new specific functionality using C/C++ language.

1987 - 1990
Comau - Robotic Division

Software Engineer

I worked in a team for development of new SCADA system for control and monitoring automated plants for Fiat Auto (SCADA based on Digital MicroVAX system).

12/2021 - 04/2022
Sababa Security

Adversary Cyber Security Director

After over 10 years as an independent consultant in embedded development and ethical hacking, I joined the Sababa team with great enthusiasm. Now I lead the offensive security Business Unit, coordinating a team of incredibly talented penetration testers capable of performing offensive security activities in IT, ICS and Automotive.

Certifications

CompTIA PenTest+

CompTIA Security+

EC-Council CPENT (pending)

Practical Ethical Hacking

Bug Bounty Hunting

Industrial CyberSecurity Certified Professional

Automotive CyberSecurity Certified Professional

Technologies

Cyber security, ethical hacking, pentesting

95%

SCADA, PLC, remote I/O, fieldbus

95%

Embedded systems, IoT, ECU/TCU, RTOS

90%

Frameworks: Qt/QML, PyQt, ROS

80%

I2C, SPI, CAN, GPIO, IRQ, UART, WiFi, Bluetooth

85%

Coding skills

C/C++

95%

Python

85%

C#

80%

Java

70%

RTOS /// multithreading

90%

What I do

Risk Assessment

Security consulting

Contact

Email: me [at] omarmorando [dot] com

Fingerprint: 2297 5D4A 0516 9D93 0DE3 B318 1FEF 288E 0BE6 256F
PGP Key

How Can I Help You?