Tommaso Bonfà Email and Phone Number

I currently hold this job position. I am responsible for the review and quality assurance of the company's information security services. Some of the activities I perform involve the management and maintenance of security platforms (SIEM) using an approach based on MITRE Framework and specific customer needs. In addition, I do strategic review of business KPIs to understand any inefficiencies and improve the effort of Cyber Security services. In addition, I do risk and security posture… Show more I currently hold this job position. I am responsible for the review and quality assurance of the company's information security services. Some of the activities I perform involve the management and maintenance of security platforms (SIEM) using an approach based on MITRE Framework and specific customer needs. In addition, I do strategic review of business KPIs to understand any inefficiencies and improve the effort of Cyber Security services. In addition, I do risk and security posture analysis, devising medium- to long-term solutions to improve the security level of customers. Show less

At this stage, I was involved in developing and maintaining technology solutions for the purpose of improving and automating the company's work and service in the area of Cyber Security. Specifically, I developed back-end and front-end in JavaScript (Node & React) as well as both relational (MySQL) and non-relational (MongoDB) databases. For the development of the tools in question, I had to manage and implement API communication interfaces between the third-party applications and the… Show more At this stage, I was involved in developing and maintaining technology solutions for the purpose of improving and automating the company's work and service in the area of Cyber Security. Specifically, I developed back-end and front-end in JavaScript (Node & React) as well as both relational (MySQL) and non-relational (MongoDB) databases. For the development of the tools in question, I had to manage and implement API communication interfaces between the third-party applications and the implemented systems. Show less

In this phase of my experience in HWG, I was involved in the design, installation and maintenance of various Splunk infrastructures (SIEM). Specifically, I led entire on-boarding of Splunk based SIEM infrastructure projects up to 7 instances (machines) on-prem and cloud. I am, therefore, able to manage the entire Spunk SIEM lifecycle, from package installation to configuration and content creation (dashboard, correlation search, integrations, ..). During this period I also achieved the… Show more In this phase of my experience in HWG, I was involved in the design, installation and maintenance of various Splunk infrastructures (SIEM). Specifically, I led entire on-boarding of Splunk based SIEM infrastructure projects up to 7 instances (machines) on-prem and cloud. I am, therefore, able to manage the entire Spunk SIEM lifecycle, from package installation to configuration and content creation (dashboard, correlation search, integrations, ..). During this period I also achieved the certification of Splunk Enterprise Administrator. Show less

During this path I was able to learn and put into practice Red Team concepts that allowed me to carry out Vulnerability Assessment and Pentration Test activities. In particular, I focused on infrastructural assessment activities using tools such as Nessus and custom tools or scripts for Reconnaissance, Fingerprinting and assessment activities of target systems. Also, I'm able to use Metasploit and run/write scripts for manual vulnerability exploitation. In the last period of my journey, I was… Show more During this path I was able to learn and put into practice Red Team concepts that allowed me to carry out Vulnerability Assessment and Pentration Test activities. In particular, I focused on infrastructural assessment activities using tools such as Nessus and custom tools or scripts for Reconnaissance, Fingerprinting and assessment activities of target systems. Also, I'm able to use Metasploit and run/write scripts for manual vulnerability exploitation. In the last period of my journey, I was able to approach assessment activities also on web applications but at a less advanced level. Last but not least, I am able to draw up an entire document and/or report containing the description of the activities carried out. Show less

At the beginning of my career path in HWG, my task was to handle security incidents from platforms such as SIEM, EDR, NDR... During this path I was able to learn analysis and correlation techniques that allowed me to improve my critical and analytical thinking, asking the right questions for cyber problem solving. In addition, to improve my threat detection skills, I delved into different topics and technologies with their related threats and vulnerabilities in addition to studying real cyber… Show more At the beginning of my career path in HWG, my task was to handle security incidents from platforms such as SIEM, EDR, NDR... During this path I was able to learn analysis and correlation techniques that allowed me to improve my critical and analytical thinking, asking the right questions for cyber problem solving. In addition, to improve my threat detection skills, I delved into different topics and technologies with their related threats and vulnerabilities in addition to studying real cyber attacks to improve my ability to detect malicious pathways. Show less

During this internship in which I developed my thesis, I conducted studies and insights into some of the DNS protocol threats and related mitigations. As a result of my research, I designed a Brand Monitoring tool that can check if an organization's domain is being targeted for malicious purposes (eg phishing). For its realization, I had to understand all the functioning of the DNS infrastructure and implement the integration with the ICANN database.