Oct 2024 – Feb 2025 · 4 mos · Remote

Jan 2023 – May 2023 · 4 mos · Remote

Nov 2021 – Oct 2024 · 2 yrs 11 mos

• music studies

Jul 2014 – Aug 2021 · 7 yrs 1 mo · Dallas/Fort Worth, Stati Uniti

• Software architect (C/C++, Go, Rust and Python on Android, Linux and iOS).
• Security researcher as part of the "zLabs" team.
• Head of Malware Research.
• Chief Research Architect for the Google Play Protect collaboration and ML based phishing detection ( https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html )
• Joined this company as a security researcher and worked with the R&D teams in several areas such as platform exploitation (https://www.zimperium.com/blog/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/), malware detection and OS exploitation detection.
• Researched, designed and developed the C++ and Go malware detection engines (both the signature based and machine learning based), their backend (PHP and Go), the tooling for the training pipeline of the models (Go and Python, TensorFlow and ONNX) and other ML related utilities. The company registered a patent ( https://patents.justia.com/patent/10929532 ) for this platform, which ultimately became part of the Google Play Protect ecosystem, serving tens of thousands of requests per second to this day.
• While developing the platform I also managed the team of people taking care of IR, devops and joined several other research teams in order to learn from others and contribute to other areas. I’m good at multitasking.

Dec 2012 – Sep 2014 · 1 yr 9 mos · Rome Area, Italy

• Malware reverse engineer, senior software engineer and software architect of a Windows antivirus solution, including the design and implementation of a real time scanning engine with signatures, heuristics and a minifilter driver (C, C++, ASM).

Mar 2011 – Dec 2012 · 1 yr 9 mos · Roma

• Senior backend developer and security analyst.
• My job here was to write PHP and sometimes C code for web platforms with extremely high peaks of traffic. Moreover, I developed a custom key-value cache system to improve the performance of the platform (http://github.com/evilsocket/gibson).

May 2010 – Jan 2011 · 8 mos

• Web developer and mobile developer for iOS platforms.
• Among other mobile apps, I developed a navigation system (based on the A* algorithm) for one of the biggest fairs in Italy that would help people move from one area of the fair to another without GPS or data connectivity. The main challenge was to write a tool to convert AutoCAD project files to data that the navigation algorithm could use on a mobile device.

Feb 2010 – May 2010 · 3 mos

• Developer of a business management software.

Jan 2010 – Jan 2011 · 1 yr

• Tools developer, system integration.

Oct 2008 – Mar 2009 · 5 mos

• Misc web development and Android/iOS development.

Jan 2008 – Jan 2009 · 1 yr

• Head developer of the log management system for Telecom Italia on Sun Solaris platforms.
• We needed to make the Perl log parsing system of the main italian ISP scale up properly, my job was to make a pthread enabled build of Perl and reimplement the platform in such a way it would use multithreading.

Jan 2007 – Jan 2008 · 1 yr

• Developer of a small automatized submarine AI software which recognizes and classifies protected species.
• Using C++, OpenCV (specifically, their implementation of the Haar cascade classifier with custom XML files for training) and DirectInput libraries I developed an agent to control a small, battery powered submarine via a Sony Playstation controller. The robot could also do automatic sampling of specific fish breeds by taking pictures and passing them to the Haard cascade for classification.

Jan 2006 – Jan 2007 · 1 yr

• Head developer for a highly optimized video streaming library used in low bandwidth surveillance systems.
• This company hired me to optimize their Java and JMF based security surveillance system in terms of performance and bandwidth usage. I developed an algorithm that detected which sections of the frames changed and therefore had to be transmitted as a highly compressed MJPG stream. This gave them several orders of magnitude better performance.

Jan 2005 – Jan 2006 · 1 yr

• Reverse Engineer. Developer and researcher for the biometrics department. Head developer of a high efficiency fingerprint and retinal scan system both for RedHat and Microsoft Windows platforms.
• My role was to reverse engineer parts of the Windows operating system (specifically: msgina.dll) in order to understand how to integrate with its login process (then undocumented). After that, I reimplemented that system DLL in C++ and ASM, interfacing with fingerprint and retinal readers in order to use biometric data for access. The system also had its own plugin for transparent ActiveDirectory integration and a complete GNU/Linux port.

Jan 2004 – Jan 2005 · 1 yr

• Freelance software developer.

Jan 2001 – Jan 2004 · 3 yrs

• Head of research and development department. Researcher in the field of loseless high compression rate algorithms.
• The idea here was to research and possibly develop new data compression algorithms, I did a lot of research on BigInt computations, developed a c++ library myself before the OpenSSL team did. We had some decent results but eventually other state-of-the-art algorithms outperformed ours, so we stopped researching.

Jan 2001 – Jan 2002 · 1 yr

• Freelance web developer.