As the Chief Information Security Officer at EQS Group, a leading provider of digital solutions for investor relations and corporate compliance, I am responsible for ensuring the security, integrity, and availability of our data, systems, and services.My core responsibilities include designing and implementing security strategies, policies, and frameworks, leading and mentoring security teams, managing security incidents and audits, and advising senior management and clients on security best practices and solutions.I am passionate about creating a secure and resilient digital environment that supports EQS Group's mission and vision.

The SANS CISO Network is open exclusively for CISOs and senior security professionals around the world and our aim is to help ease the pressure of working as a security decision-maker by providing an environment in which ideas and lessons-learned can be shared amongst a peer group of influencers and thought leaders. You can also find and follow our SANS CISO Network page on Linkedin below: https://click.email.sans.org/?qs=c6719b3377f90e803be0053dadf9527409a4326da43a6047c23ed8f4a40278790d7ee615d4c39572f77e6dba5c276023a28cb5e6ecfe6d08

The ISCO is the primary customer contact for all security related subjects at strategic and tactical level like security policy, compliancy and risk management. It is a client facing activity, related to a specific project or program. The ISO is the link between the business and security teams of the clients and OBS security organization.The role of the ISCO is to:- Protect the interests of the client relying on information, and to protect the systems and communications that deliver the information, from harm resulting from failures of availability, confidentiality, integrity, authenticity and non-repudiation- Improve Information Security processes- Act as a trusted advisor for all security concerns- Align security strategy with client business goals taking into consideration allocated budgets- Set and enforce security policies and business continuity- Ensure the compliance with security requirements defined in the contract- Ensure the compliance with OBS security requirements, security standards and certifications.- Reduce the complexity of managing security during huge implementations/migrations- Provide support during compliance audits- Interface between the client security team and the Orange organization- Provide assistance in risk management- Provide assistance in technical design

I report to the Head of Security under Security Engineering, with the goal of establishing Networks & Hosts Security Architecture and definition of Principles. My role also includes- Establishment of Networks & Hosts Security Standards - Support of Security Designs, verification of their correct implementation, as well as the implementation of projects, especially related to networks and hosts security - Support for Transformation Projects and outsourcing initiatives- Support for Design and Implementation of Cyber Projects, such as anti-DDoS, DLP, NAC, removable media encryption, Email and Office 365 Security and Encryption, EDR and APT tools, Next-Gen Antivirus, Cloud seecurity.

I have moved under the reporting line of the CISO since that new job role has been created.As part of the InfoSec team, I had both a local (European) and global role.At the local level, main responsibilities include:• SPOC for InfoSec and Privacy issues in Europe (+12 locations)• support of InfoSec projects/initiatives, working directly with the management of business divisions, development personnel, operations, facilities, third parties etc.• provide IT Security expertise in case of litigations, M&A activities, audits, incidents• perform penetration testing and forensic analysis, as required• helps design, implement, and maintain security-related processes and procedures as relates to both technical and business considerationsAt the Global level, I was responsible for providing and maintaining IT Security Architecture.Responsibilities included:• provide InfoSec vision, problem anticipation and solving - especially related to Cloud computing, protection of PII and PHI - on an enterprise level, as well as develop and create concepts and blueprints for the IT security architecture technologies, as well as policies and standards;• delivering the Risk Management function such as risk assessment tools, templates, processes and workflows, Cybersecurity Framework and ISMS - spanning organisation-wide processes including Healthcare Informatics and Product Development;• risk assessment and overseeing of third-party, emerging threats, M&A, new projects, and medical devices' development; identification of the appropriate functionalities and required technologies to mitigate risks, and design of the mitigations;• planning/development of the Cybersecurity Framework and ISMS;• oversee/track procurement and maintenance agreements with InfoSec vendors and their roadmaps;• consultancy or direct participation and leadership in projects such as Incapsula and F5 WAF, Rapid7 Nexposé, PKI, CipherCloud CASB, Palo Alto Networks, Varonis FIM, hardening (950K USD CAPEX).

The primary objective of the job role was to assure the integrity and security of all ResMed information and computing infrastructure, by assessing data security risks, and developing security measures to safeguard information against accidental or unauthorised modification, destruction, or disclosure across all company business units.Responsibilities included:• Undertake technical evaluations• Assist with the establishment of IT Security standards, policies and processes• Develop and conduct security awareness / education sessions for staff within Europe• Perform security and compliance control reviews• Perform continuous security and compliance monitoring• Be a central point of contact to assist with the co-ordination and execution of external audit activity• Assist in security incident reporting and handling• Act as the Data Protection Officer• Reporting – generate IT security metrics in global/regional monthly or quarterly reports, reports in significant trends and vulnerabilities.

My duty is to evaluate business strategies and project requirements, and define security requirements and technologies needed for Vodafone Group.Responsibilities includes:• Determine security requirements for networks, data centre and applications;• Author and co-author of security policies and standards, especially about the networks;• Evaluation and selection of security vendors;• Architecture and design of security systems and platforms which include IDS/IPS, Web Application Firewalls, Database Activity Monitoring, Vulnerability Scanners, Hypervisor-level virtualisation security technology, VPNs, LANs and WANs, email backbone security technology, PKIs, SEM/SIEM tools;• Assessment of enterprise and customer projects, planning and design of security protection.

Manager in charge for the Network Security of the Data Centre and Head Quarters of the whole Vodafone Group.Responsibilities included:• Budget management up to 1M € CAPEX and 500K € OPEX• Coordination of 4/5 highly specialised security consultants• Network Security of Data Centres of Düsseldorf, Milan, London, Dublin, Doha• Network Security of Headquarters in UK, Düsseldorf, Budapest, Luxembourg, Internal Office Networks• Management of the Intrusion Detection and Prevention Systems• External Threat and internal Vulnerability scanning• Policy and Guidelines for network security, firewall management, etc. at the Group level• Layer 3 Network Map of all Vodafone networks (Data Centres and backbone)• Review and security assessment of Network Security of Vodafone projects• Support for network compliance and auditing

Team leader and coordinator of a pool of specialists which is in charge to deploy the Vodafone Live! Portal for several Vodafone local markets.Responsibilities included:• Deploying, maintaining and troubleshooting the live portals, from the pre-production to the live system• Developing new solutions for monitoring and alarming the application software• Implementing KPIs• On-call night shifts, when superseding the relations with customers on critical issues was needed.• Led the deployment of two Operators (HU, EG) and worked in deployment of many others (UK, NL, etc.). My HU project was the first successful launch of the new major release of the Vodafone Live! portal, and EG was the second one, so I was then involved as an help for other portals.• Overall responsible for the deployment of security prevention measures and remediation within the production environment. This often means deploying security measures for Apache and Tomcat.• Overall responsible for deployment of HTTPS certificates within Vodafone GSP. This involves handling certificate creation, requests and installation for Apache, Tomcat and Vodafone proprietary applications used for customer charging.• Main interface between the deployment team and Vodafone GSP Security for this task.• Planning the security incident handling for the Vodafone Live! portal and a procedure to export real billing data in a sanitized format in the pre-production environment to accomplish performance tests with the real country’s massive user’s load.

In March 2004 - May 2005 I was in Ivrea (Torino) as a consultant and system architect and administrator. I was in charge for the backend for the “Vodafone Live!” mobile phones' WAP portal for Vodafone Italy, mainly involved in re-engineering the system on the customer’s platform, by defyining and implementing architectural, system administration and configuration features.On May 2005 I moved in Milan, to work in a Vodafone experimental project for customer support named MISP, engineering the back-end and defining and implementing architecture, system administration and configuration.From June to Dec 2005 I finally moved to Düsseldorf to Vodafone Global Service Platforms (GSP), applied in the integration of the all the country specific facilities in a unique location. I supported the production and pre-production environments, troubleshooting and proposing and implementing solutions to easy architectural, system administration and configuration.

Senior system and network technical architect and administrator, with a degree certificate in Mathematics and Computer Sciences and over 10 years working experience in Information Technologies field. Please see my profile for my expertises and areas of streghts.

I worked in Florence for Nuovo Pignone S.p.A. as a consultant. I was charged to attend to Oracle Application procedures which manage the company’s Finance and Project Accounting. I developed the back-porting of a Java procedure in Oracle Enterprise environment towards a PL/SQL stored procedure.

I worked as a system architect (in Unix/J2EE environment) and computer analyst and consultant for CSI Piemonte in Torino, through ICTeam Torino s.r.l.. The first project was about the management of regional water basins (October to December); the second one focused on the new polls management system for the town of Torino and Piemonte region (from January to July).

I co-developed the SQL's interface to a custom application for monitoring gas and oil pipelines and platforms, running on Compaq's Tru64 Unix. The software is written in C++ and is made of an object-oriented SQL engine which is a heavy customization of an Open Source multi-threaded DBMS called “Lago”, which I ported to Tru64 Unix and added several features that were originally missed like ORDER BY, LIKE and BETWEEN statements. The software communicates to the monitoring application through a special library which I developed, which I named “commlib”. The software has a client-side ODBC interface too.

I was in Milan to work in UniCredit in a project to port a Visual Basic application which uses MVS services to web and XML standards. We used IBM WebSphere as a web container and application server for XSL/XSL:FO transformation and the “Roma” protocol for MVS queries.

I worked in Rome as a consultant with Sistemi Informativi s.p.a., a society owned at 100% by IBM; I was involved in developing the Java application which aimed at replacing the current ticketing system of Trenitalia s.p.a., the Italian Railways, and in the development of the Trenitalia's web site http://www.trenitalia.com, and specially in the on-line ticketing system.

I did some spare consulting and training works of confidential nature on Linux, MySql and C++.

I was a consultant for JDI s.r.l. in Rome in developing a web site which uses EJB (Enterprise JavaBeans), Resin, Apache and Oracle 8i on Linux. I was involved in planning the back end, writing Java code and developing the database, and in every administration issues.

I was a trainer for Exetica s.r.l. in Florence, teaching in two weeks-class on the MySQL database in the middle of a longer course about web technologies, promoted by Regione Toscana (the regional council of Tuscany). I teach about relational databases and their theory, MySql’s Linux and Windows installation, interfacing and using MySql with PHP.

I worked for UBM, an affair bank owned by the UniCredit group, coordinating the development and implementing the corporate web site. I developed the site on Linux and from scratch; I used to be the coordinator for everything that was put into the site, from hardware and software resources, to the outsourced productions and editorial contributions. I worked through WebEgg, former Logica Siel which is in the Finsiel and Telecom Italia group (the Italian telecommunication monopoly).

I worked as consultant in Omnitel Pronto Italia s.p.a. through I&T and Softec Informatica before, then through Microsoft Consulting Services, on the http://www.2000.it web site, optimising the “portal” navigation for different browsers, handling banners and meta-tags for search engine spiders, coding in HTML and JavaScript, consulting for the portal conception and technologic solutions, and handling the coordination between the graphics team and Microsoft's technicians.

I worked through Softec Informatica and I&T as a consultant and C++ programmer for former Oasis GmbH, now AmEurotech, in his Milan's location. I participated in a project regarding a gambling application running on Windows NT 4.0, and I also started to write a three-dimensional graphics version of that application, with an internal Python's scripting interpreter. This application was done with Microsoft Visual C++ 6.0 and NuMega's SoftIce and BoundsChecker, and was embedded in a special kiosk which was installed in Italian and Greece's Casinos and pubs.

I was an employer of Softec Informatica s.r.l. located in Borgo a Buggiano (Pistoia); I mostly worked for Nuovo Pignone (an industry now owned by General Electrics) in Florence. I worked as a developer in different environments (Oracle's PL/SQL, Pro*C and Pro*Fortran on OpenVMS, Oracle, Access and Visual Basic on Windows 95/NT, DB2 on IBM Mainframes etc.) and I did some other spare works on Windows NT and Unix systems (Linux, BSD, NextStep) for other Softec's customers. I worked on the business intranet and web site. Finally I worked as consultant on Microsoft's Internet Information Server and Apache web servers, and installed a Java Servlet web server on Linux.

With other three colleagues, we started to work as consultants in the technical assistance and web site productions; we created the Assistenza.net firm. We installed and administrated a famous web server (http://www.italian.it, and other domains on the same server). After a while Assistenza.net signed a collaboration agreement with the company which manages a chain of computer shops Essedi Informatica (Playnet).

I co-founded "Nayma", a video games and multimedia-based software house. We mostly worked for Cecchi Gori Group (we did part of the “Il Ciclone” CD-ROM, an Italian movie, and moreover some videogame's spots for a local TV show), and Regione Toscana (the Tuscany Regional council - some parts of the multimedia DVD-ROM “Passeggiate Toscane”, “Tuscany Walks”). We also produced two games and some web sites. The company closed because of different points of views between the founders. Some of the Nayma's employers moved to Belluno to work for a software house, and they published the game “Roasted Mots” initially developed by Nayma, and now distributed by Leader.

I worked with Softeam / Consorzio Nexus, a software house located in Florence. I developed programs in some environments as Microsoft Access, PowerBuilder, Borland Delphi, Visual C++, Watcom C on QNX OS working on-site for Softeam's customers; some of these customers included: Space Electronic disco in Florence, the National Library in Florence, Galileo industries in Florence, Oto Melara military industries located in La Spezia (near Genoa). I've also co-developed the Windows 3.1 version of “EasyVet”, software for veterinarians, and I had experiences in web administration and my first sights on Linux.