Experiences
Head of OT Cybersecurity & SCADAsploit Developer
(01/2023 - present) Sababa Security
Recent events are highlighting even more how Cybersecurity in the OT world is developing into one of the most fundamental areas in the field, especially when it comes to the protection of critical infrastructures and strategic industrial sites. • After having matured 20+ years of experience in PLC and SCADA systems, I have now taken up the leadership of Sababa’s OT Cybersecurity. • I am a trainer and speaker at security conferences/trainer, such as University of Genova, SUPSI (Switzerland), CSET, HackInBo, BSides (Rome, Budapest, Athens, Milan, Sofia), E-TechEurope, Black Hat Europe, SANS ICS Summit on offensive security techniques in the OT domain. • I’m the developer of SCADAsploit, a C2 pre and post-exploitation framework for Adversary Simulation and penetration testing in OT/ICS targeting the main PLC manufacturers, such as Schneider Electric, Siemens, Rockwell, ABB and more.
Chief Technology Officer
(04/2022 - 12/2022) Sababa Security
As Chief Technology Officer (CTO), I’m focused on Sababa’s cybersecurity requirements, opportunities and technology challenges. I’m responsible for the strategy of developing and delivering innovative products and services to customers.
Adversary Cyber Security Director
(12/2021 - 04/2022) Sababa Security
After more than 10 years as an independent consultant in embedded development and ethical hacking, I joined the Sababa team with great enthusiasm. Now I lead the offensive security Business Unit, coordinating a team of incredibly talented penetration testers capable of performing offensive security activities in IT, ICS and Automotive.
Automotive Cyber Security Specialist
(10/2020 - present) CNH Industrial - Iveco Group
As an external consultant, I joined the on-board Telematics team to provide support for the implementation of cybersecurity in the ECUs on board of connected vehicles. My activity is to define the guidelines for the implementation of hardware and software cyber security in compliance with the Automotive ISO/SAE 21434 standard and UNECE R155 requirements.
Cybersecurity Consultant, ethical hacker, OT specialist
(2010 - 12/2021) Freelance
I was a freelance security researcher and penetration tester focused on offensive OT/ICS security, with 20+ years of experience in the industrial automation domain working with SCADA, PLC, fieldbus, remote I/O • I’m the developer of “SCADAsploit”, a framework which includes dozens of auxiliary modules and exploits dedicated to OT systems, in particular PLC and SCADA mainly present on the Italian market • Training and dissemination on cyber security and ICS protection issues • Design and development of real-time software on embedded systems for industry and mobile robots.
R&D UAV Systems
(2017 - 12/2019)
DigiSky
I was part of the international team involved in the technical development and cyber security aspect of “Use case scenario” within the European Research and Innovation project “Horizon 2020 - CPSwarm”, focused on the development of algorithms and control systems for swarms of drones, with self-organization and fully autonomous flight and with a secure communication layer between swarm agents.
International Business Developer
(2008 - 2010) Progea International
I was in charge of further developing and managing worldwide sales for Progea, Italian company specialized in SCADA and HMI applications • Start-up of the new branch in Lugano, starting new subsidiaries and distributors • Building new professional teams • Training, technical support, sales forecasting, international marketing and communication, conventions and exhibition.
Business Developer Manager
(2005 - 2008) Caterpillar Group - CGT
Reporting directly to the General Manager, I was in charge of business development working in close contact with other Managers • Market analysis, competition and geomarketing, which led to the improvement of commercial coverage and efficiency • Business development with targeted actions to strengthen the service network offer.
Schneider Electric
(2000 - 2005) Group Product Manager - Industrial Automation Systems
I was in charge of directing the product teams responsible for the industrial automation products, including: SCADA and PC based software, PLC, industrial PC, remote I/O and networks with a total turnover of over € 20 million.
(1995 - 2000) Product Manager
I was responsible for major PLC lines, SCADA and PC based software. I acquired expertise in product marketing plans, competition analysis, price definition, promotions, exhibitions, events • Launch of new products, definition of sales budget and communication plans, creation of commercial documents • As a product specialist, I’ve provided technical support on ICS systems to the sales network in the pre/after-sales phase. • Training of sales network for new products and direct support for major clients • Speaker at dozens of technical conferences.
(1990 - 1995) Software Engineer
Software Engineer for SCADA systems • Technical support on SCADA supervision software and networks, and joined the sales network at the pre/after-sales stage and for technical intervention at clients’ premises • Technical trainer • Development of SCADA and HMI applications, integration with new specific functionality using C/C++ language.
Software Engineer
(1987 - 1990) Comau - Robotic Division
I worked in a team for development of new SCADA system for control and monitoring automated plants for Fiat Auto (SCADA based on Digital MicroVAX system).