My main role involves simulating cyber-attacks against web applications and IT infrastructures to identify vulnerabilities before malicious actors can exploit them. This involves using a combination of automated tools (e.g., sqlmap, msfconsole) and manual techniques to scan for known vulnerabilities. The proactive approach allows clients to assess the robustness of security measures currently in place and recommend enhancements tailored to each client's unique environment. In the dynamic realm of AI and Gen-AI, I provide guidance to secure the entire AI pipeline against the most notorious security threats, including data poisoning, model theft, and prompt injection.In alignment with industry best practices, my work incorporates frameworks and standards such as the OWASP guidelines, MITRE's CVE system, and the CWE for systematically identifying and cataloging vulnerabilities within software and hardware. Leveraging the latest version of CVSS, I prioritize vulnerabilities based on their severity to ensure that the most critical issues are addressed promptly. This structured approach facilitates a comprehensive vulnerability management process, enabling clients to mitigate potential threats effectively and maintain resilience against evolving cyber security challenges.

During my thesis, in collaboration with Ermes, we developed a machine learning model capable of detecting, with a great accuracy, Angler Phishing attacks on Twitter. The realization process involved using Twitter APIs for data collection and web scraping to enrich our dataset, all through the power of the most famous Python libraries for machine learning. Aimed at strengthening the cyber security on social media platforms, our work represents a step forward in protecting users from sophisticated online scams.

I contributed to the development of web applications based on new technologies, such as Angular and Spring-Boot. I managed databases using MySQL and SQL Server, ensuring data integrity and performance. Furthermore, my work extensively involved the usage of AWS components, such as: IAM, S3, EC2, ECS, ECR, Cognito, to Lambda functions, CloudWatch, and API Gateway. I also implemented Docker for containerization, enhancing deployment processes, and maintained version control with Git, contributing to efficient team collaboration and code management.