Stefano Lorenzi Born in Bergamo, April 17th, 1972 Email: [email protected] Mobile phone: +393891678572 SUMMARY Technical and strategic skills in Cyber-Security with more than 10 years of experience in IT fields. Working with Finmeccanica’s Group, I gained experience in preventing and managing IT incidents using the main international standards (NIST and SANS). I colloborated with many Governmental Institutions, such as Italian Police and Italian Army, on Remediation, Vulnerability Assessment/Penetration Test, Malware Analysis and Forensic and played military NATO Cyber Defense eXcercise (CDX) in 2012 and 2015 in the Italian Blueteam. MAIN WORKING EXPERIENCES From November 2008 on – Selex Elsag Cyberlabs (Finmeccanica Group) Finmeccanica is Italy's main industrial group, leader in the high technology sector, and ranks among the top ten defence groups worldwide. It operates in the Aerospace, Defence and Security sectors. The group I work with is focused on Incident Handler and my main tasks are Incident Handling, managing Vulnerability Assessment, Penetration Test, Forensic, log analysis, Malware detection (APT discovery) in companies of the Group, in Italy and abroad. In particular: CERT Team Leader Vulnerability Assessment and Penetration Test Produce Vulnerability Assessment project and report Focal point with technical customer personnel. I follow the accident investigation network, determine the cause of the safety problems Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action Make recommendations on the appropriate corrective action for incidents Produce security incident reports and briefings to be distributed to the team lead and manager. Appropriately inform and advise management on incidents and incident prevention Professional grow in Selex Elsag Cyberlabs From 2008 to 2010: IT developer in Delphi using Oracle as Database. I developed security and Hack tool, mainly in Network Forensics area From 2011 – 2013: Incident Handler, managing Vulnerability Assessment, Penetration Test and Forensic. IT Security teacher for emplyees at Selex. Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali . Stefano Lorenzi Form 2014: CERT Operation Leader with 8 reports. My team work on Incident Handling, Penetration Test, Forensic and Malware Analysis. Knowledge Tools: Vulnerability Assessment o Nessus, nmap, metasploit, fierce, ZAP, DirBuster, tcpdump, wirshark, sqlmap, hydra Forensic o Volatility, autopsy, Foremost, Scalpel, RegRipper, Malware Analysis o Cuckoo, peframe, yara, GFI sandobox General o Sysinternals, Scapy Language Delphi, Java and python For vulnerability Assessment and Penetration test I use OSSTMM methodology for infrastructor task and OWASP methodology for Web application. I have written below) many tools in python, java and Delphi language (see Personal Projects From 2006 to 2008 – Sopra Group Sopra is a consulting, IT services and software development company. I worked as Project Manager in Sisal, the main italian company of gaming and entertainment products, such as superEnalotto, Totocalcio, Totogol etc, a company authorized by the Bank of Italy to provide payment services including. My main tasks were to develop plays together with 3 reports. All written softwares were interconnected with sqlite database. From 2001 to 2006 – San Giorgio Automazione A industrial automatisation company, that gave me the opportunity to work as consultant developer at the plant of Tenaris Dalmine (Bergamo), the first Italian company for industrial pipes without welds. Here I could work in a large team, collaborating with other professionalities of all levels of the plant and managing directly the performances of machinaries thorught the software I wrote. My main tasks were: Delphi IT Developer of software for industrial automation. Interconnection between PLC and PC. All written softwares were interconnected with Microsoft SQLServer database. From 1997 to 2001 – Italgael National and international import- export company. I worked as employee. From 1990 to 1997 – Orobica Trasporti Employee in a national road transport company. Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali . Stefano Lorenzi EDUCATION Postgraduate course in “IT Security and legal regulations” at Università di Modena. Marks: 110/110 with Lode. Master Degree in Computer Science - Università degli Studi di Milano. Marks: 93/110. Bachelor’s degree in Computer Science - Università degli Studi di Milano. Marks: 96/110. CERTIFICATION WITH COURSERA PLATFORM June 2015: Certification in “Malicious Software and its Underground Economy: Two Sides to Every Story” – University of London. Marks 86% March 2015: Certification in “Usable Security” – University of Maryland. Marks 84.0% March 2015: Certification in “Hardaware Security” – University of Maryland. Marks 96.3% January 2015: Certification in “Cryptography” – University of Maryland. Marks 100% November 2014: Certification in “Software Security” – University of Maryland. Marks 95.6% November 2014:Certification in “Programming in Python” – University of Rice. Marks 99.3% Personal projects I developed a Live Linux Based distribution which is focused on the IT security incidents managing and it’s thought for CERT groups (Computer Emergency Response Team). It puts together tools of three main category: Vulnerability Assessment, Forensic and Malware Analysis. It can be found in my Official Web Site (www.certtoolkit.org). Scanfolder: Scanfolder is an open source tool to analyze a subfolder of your disc (or dd file mounted on your PC). With this tool is possible to find some bad MD5 or find some know malicious pattern with YARA, or extract some data like IP, email address, credit card number, ssn and more data type. It can be found in my web site (http://www.stefanolorenzi.org/site/?page_id=601). This tool is wrote in python and it has a web GUI. FileInspection: An automatic tool for Static Analysis. This software allows the user to discover the system calls inside the PE files, identify the suspicious ones, find IP, URL, Antidebug or anti VM. Arpscanspoof: Lately, I wrote a hack tool in python to discover the machines in a network, and attack one of these machines with a “man in the middle” attack (MITM). It can be found in my personal web site (http://www.stefanolorenzi.org/site/?p=342). This tool is wrote in python language Pcaparse: this tool, wrote in python, gets a pcap file and extracts a lot of information and statistics detail. It’s possible to see if there are some packets with bad TCP Flags, or if there are SQL injection or XSS attacks. This tool Can reproduce picture, PDF and HTML page there are in pcap file. VAAR: Vulnerability Assessment Automatic Report. I’m now completing a software, that is Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali . Stefano Lorenzi developed for the automatic writing of reports about Test. This software is wrote in Java Vulnerability Assessment and Penetration APT-Demo: This tool is a prototype of malware, wrote in Delphi only to show what is possible to do with this malware type. There are a malware and a remote command and control. Thanks to this tool it is possible to see the process that is active in remote machine. It’s also possible to get the screenshot, to active a keylogger, to take a picture with webcam, to download and upload file, to record the microphone and to restart the machine. LANGUAGES English: good understanding of books and technical papers. I attend an English lesson at level B1. Ai sensi art. 13 D. Lgs. 30/06/2003, N.196 sulla tutela della privacy, autorizzo al trattamento dei miei dati personali .