Mar 2021 – Present · 5 yrs 2 mos · London, England, United Kingdom

• Working on the future of Application Security Vulnerability Management powered by machine learning, and enriched by threat feed.
• Accelerate the detection and resolution of vulnerability up to 30-40% faster.
• Calculate RoI of security in software and quantify the risk reduction of software security

Feb 2021 – Present · 5 yrs 3 mos · London, England, United Kingdom

Feb 2021 – Feb 2022 · 1 yr · Ireland

• Creation of pattern framework
• Treat modelling and creation of patterns
• Lead the creation of patterns
• Lead the creation of Terraform/Cloudform with embedded security defaults

Jun 2020 – Feb 2021 · 8 mos · London

• Have been helping AWS Professional Service setting up the Security Advisor for the Public Sector and helping clients on cybersecurity and cloud security strategies. The main areas of advisory
• > CISO Guidance
• > Compliance issues
• > AWS Security settings and services
• > AWS technologies and how to use securely

May 2020 – Present · 6 yrs

• Podcast Host for Cyber Security & Cloud Podcast

Mar 2019 – Sep 2020 · 1 yr 6 mos

• Cyber #mentoring Monday Podcast and Community Host
• Mentoring Monday is a community and a podcast to share knowledge and information about the security.
• Cyber Mentoring Monday is also supporting and pushing woman in cyber to achieve their full potential in a safe and friendly environment.

Jan 2020 – Jan 2021 · 1 yr · Las Vegas Metropolitan Area

• Judge of the Cybersecurity women of the year

Nov 2019 – Nov 2020 · 1 yr · London, United Kingdom

• Judge for the 2019 PMI awards

Mar 2019 – Jan 2021 · 1 yr 10 mos · London

• Judge for Cybersecurity award

Feb 2019 – May 2020 · 1 yr 3 mos · London, United Kingdom

• In Charge of Security architecture, Security Engineering, Application Security, Security Technology Strategy

Jan 2019 – May 2023 · 4 yrs 4 mos · London, United Kingdom

• Chapter chair

Sep 2017 – Jan 2019 · 1 yr 4 mos · London, United Kingdom

• Successfully organized annual conference with 100% increase in attendance
• Increased collaboration with events 10x
• Introduction of the award concept to increase collaboration and visibility
• Increased collaboration with corporates partner for event sponsorship and support

Sep 2018 – Feb 2019 · 5 mos · Watford, United Kingdom

• Security Architecture and posture alignment on AWS Accounts for multiple projects.
• Security architect on a number of project for digital gambling games and national lottery ensuring security controls are pragmatically applied as well defining anti-fraud measures end ensuring they are enforced
• Developing Patterns and standards for AWS: Key Management, Secret Management, Serverless, Lambda automated incident reaction
• Security assessment of Cisco Contact Centre solution and management of 3rd party relationship with suppliers
• Architecting document security solution in the cloud to support document sharing in M&E and Bid.
• Defining in collaboration with CISO the Cloud security roadmap for AWS: Logging strategy, Access Control, Roles and Identities, Control Landscape…
• Security Advisory services on projects for UK Lottery and other gambling games (under NDA)

Jan 2018 – Jun 2019 · 1 yr 5 mos · London, United Kingdom

• Definition of security strategy and interaction with stakeholders to insert security work-streams and architecture in a wider framework
• Definition of multiple workstreams for 3rd parties implementing the security strategy.
• Definition of principles and requirements to align the enterprise architecture to the security strategy
• Supporting the supply chain management function in drafting the new contract for the implementing partner as well as defining the security requirements in line with ISO 27001
• Security Lead of a greenfield Cloud solution (Azure based) for BSC (Balancing and Settlement) in the UK Utility Sector (BCS Code) in line with EU TERRE Regulation, smart metering and other industry requirements.
• Lead security for a Blockchain application to the BSC code for balancing and settlement of energy consumption (smart metering)
• Defining the strategy and the solution for Identity as a service to deliver Single Sing On, Multifactor and Abstract Identity integrating multiple Identity stores across several providers and applications. The identity provider and technology requirement is in line with DPA and facilitates the GDPR implementation.
• Reviewing security designs from suppliers and 3rd parties
• Data-driven security strategy ensuring security principles are at the core of the application design
• Definition of standard patterns for API security for legacy greenfield cloud application with the brownfield on-prem deployment.
• Definition of a secure cloud framework, guidelines and principles for Azure Infrastructure (IaaS, PaaS, SaaS and Containers - CaaS)

Jun 2017 – Dec 2017 · 6 mos · London, United Kingdom

• Working alongside the new Group CISO to define the security strategy
• Lead Cloud Security Consultant for separation and acquisition of CAPITA Asset Services from LINK group
• Definition of an enterprise wide Perimeter security strategy with focus on Azure cloud with the definition of blueprints for the integration of several controls (FW, IDS/IPS, WAF, management).
• Support the DEVOPS in the deployment of the Fortinet cloud technologies in Azure (Fortigate, FortiWeb, Fortimanager and Fortianalyzer) for enforcement of the security perimeter.
• Enforcing the perimeter security strategy using a number of security controls (Cloud and Premises security controls such as Access Control, WAF, IPS, ACL etc.…) on the cloud and around strategic points in the WAN.
• Review of the file share deployment model and implementation of a RBAC blueprint based on AD to control, log and monitor the access to the files across the file sharing platforms.
• Ensuring that the security is considered in every aspect of separation like o365 tenant separation, Azure Tennant Separation Network MPLS separation, Application isolation…
• Ensuring Process and Procedures are updated and enforced as part of the M&A.
• Review of the policy and procedure and gap analysis between the as-is (capita policies) and to-be (Link Policies)
• Enforcing the CISO strategy for the various projects during merger and acquisition.
• Risk assessing the technical proposals (internal and 3rd parties) during the M&A, raising comments, caveats risk and proposing mitigation.
• Aligning the risk assessment of the project with the overall business risk assessment in collaboration with the head of risk.

Jun 2016 – Jun 2017 · 1 yr · London, United Kingdom

• Working alongside the Group CISO to define the security strategy
• Translation cloud and branch security strategy into architecture and allignment of the transformation with the strategy
• Definition of the following architecture artefacts: enterprise security architecture, reference security architecture, cloud security architecture, identity and access management architecture.
• Definition of policy Framework aligned with the cloud migration and generation of the following policy artefacts: infrastructure security policy, access management, physical security, remote access.
• Identification of strategy to transform the enterprise from single customer to cloud based multi customer organization.
• Definition of the architecture pre/during/post cloud transition, with focus on alignment to the security strategy;
• Initiation of the architecture authority practice, acting as lead architect with definition of process and procedures.
• Acting security and solution architecture authority for cloud migration into Azure developing guidelines on: access management, RBAC and Azure Platform control, backup strategy for business continuity using Azure and other 3rd parties.
• Strategy for backup in Azure with alignment to the business continuity plan and integration of comprehensive backup solution for different platforms (Netbackup, Azure Backup, AWS, AVEPoint…)
• Integration of Azure MFA to align the company with the policy requirements.
• Assessment of the identity landscape with focus on consolidation of domain and migration into Azure Active Directory and office 365.
• Redesign of existing Active directory, integration with Azure and office 365 identities & redesign of GPO
• Definition of SIEM Strategy to integrate of multiple cloud based log repositories (Azure Logs, Azure OMS) with multiple dashboards, Actionable events and playbooks
• Security review of the Git Hub integration with Azure. Code review of the JSON and PowerShell script used for Azure VM provisioning

Mar 2016 – May 2016 · 2 mos · London, United Kingdom

• Baseline the current security posture of HCA network via audit. Build reference security architecture (conceptual, logical and physical, data model). Proposal of architectural improvement in line with tactical and strategic security goals.
• Definition with senior management of the tactical and strategic goals in line with the defined and prioritized risks.
• Audit on assets and services and pattern provide input on improvement according to industry best practice and risk mitigation strategy.
• Identification of Architecture pattern/blueprint/artefacts, assessment of their current status and security posture and provide recommendations.
• Creation of a security control matrix. Assessment of the current control status and security posture as well as evaluation of the maturity level. Identification of improvements for each controls and creation of overarching report based on industry best practice and specific organization security requirements.
• Identification and selection of Security Architectural reference model (O-ESA, OSA, Data Model, TOGAF...)
• Work with the wider architecture team to provide input in the overall strategic and tactical architecture for HCA International.
• Tailoring of standard and best practice to HCA specific needs (NIST baseline, ISO 27000, ITIL & COBIT)
• Definition of template to aid the architecture framework (requirement capture, HLD, LLD, configuration blueprints)
• Support for new initiative integrating the Security Architecture in project lifecycle and integrating security requirement whenever needed.
• Identification of project risk and potential mitigation with technical controls, policies amendment or procedures.
• Project and risk identification/assessment: Web filtering, DLP, and E-mail filtering in the Cloud; integration of the Web Proxy in cloud with E-mail Encryption technology, Citrix Solutions, Clinical Application

Sep 2014 – Feb 2016 · 1 yr 5 mos · London, United Kingdom

• I’m part of the Security Architecture team in BT Service, and we’re responsible for the Security Architecture Nationwide. The Security Architecture Team is charge of the security for Nationwide's datacentre and responsible for any of its architectural changes. The team is responsible to approve customer requested changes in the architecture and assess the security impact of publishing new services.
• Additional Information about the role:
• Integration of new service in the customer’s network (workshops, consultancy to define new service’s requirements, HLD/LLD, Implementation Plans)
• Integration and strategic approach for 3rd party integration with the customer network/infrastructure
• Strategic security and infrastructure reconfiguration to meet PCI-DSS requirements.
• Protection of existing and new service by using the customer’s technical security controls.
• Security consultancy to evaluate risk exposure of changes to a service or implementation of new services
• IT Consultancy to help the customer define the requirement for new server (Network, security, interaction between component, possible risk areas, infrastructure weakness).
• Disaster recovery and backup strategy for mixed environment (physical and virtualized) with multiple DR sites (using NetBackup platform).
• Technical reviewer of customer’s documentation (consultancy, requirements drafting, HLD/LLD, Service documentation)
• Support to penetration testing team to scope the area to test against evaluated risks.
• Security technologies: Juniper SRX, F5 LTM, F5 ASM, Cisco ASA, IPS for ASA, PIX, McAfee Sidewinder/Intel Firewalls
• Other Technologies: Cisco Nexus 7K, 5K, 2K and 1000v, Cisco ASR 10000, SPLUNK, Skybox, F5, ASM, NetBackup,

Aug 2014 – Jan 2021 · 6 yrs 5 mos · London, United Kingdom

• NSC42 offers advanced Solutions to secure your SDLC and Software Lifecycle, test/pentest your websites continuously and help with your Vulnerability management programme.
• Official Reseller of Security Phoenix Application Security S.M.A.R.T Software Vulnerability Management
• Amongst other NSC42 offers the followings
• CISO Advisory Services
• Enterprise Security Strategy Consultancy
• Cloud Security Strategy, Consultancy, Assessment
• Enterprise Security consultancy
• Security Architecture
• Strategic Partnership
• Business Growth

Jan 2014 – Sep 2014 · 8 mos · Newbury

• Security Architecture consultancy for Vodafone Group via Sytel Reply Ltd

Jun 2013 – Dec 2013 · 6 mos · Rome Area, Italy

• Design and implement Radius Strategy for AAA. Integration of the production Equipment in Radius with Various policies. Design workflows and procedures for password enforcement when radius is unavailable. Integrate Radius with Active directory (Microsoft NPS).
• Analyse current log flow and design, implement a strategy to improve and consolidate the log storage.
• Analyse and evaluate the need for a log correlation devices
• Integration of wireless controllers with Active Directory.
• Analyse the current firewall strategy and evaluate improvements, replacements on current firewalls
• Evaluation/pilot/documentation and deployment coordination of WAN optimization/acceleration for FAO network. Video Training delivery.
• Capacity Planning, provider contract evaluation, SLA evaluation and agreement with external partners.
• WAN optimization: Support evaluation of products. Pilot the deployment of WAN optimizer. Design workflow and documentation. Write and deliver training on Exinda technology (mix of webinar, classes and video training).
• Consolidation of Network documentation and migration to SharePoint, leading the design of the website and database to support the network team operations.

Jul 2009 – Jun 2013 · 3 yrs 11 mos · Rome Area, Italy

• Re-design the Data Centre network (for two main hubs)
• Re-design the Field office network (guaranteeing automatic failover on VPN)
• Develop and lead several trainings on Networking, Firewalling, VPN, MPLS, Customized for WFP network
• Coordinating the integration between several MPLS providers and Satellite providers to build up the WFP WAN network
• Design the Firewall configuration standard deployed in more than 350 nodes
• Coordinate the deployment of firewalls, WAN acceleration device, MPLS connection in more than 350 nodes
• Re-design WFP network to support several different routing protocol and integration of several providers.
• Design and implementation of Intrusion Prevention System for WFP.
• Migration of Data Center from Cisco ASA to SonicWALL.
• Evaluation/pilot/documentation and deployment coordination of next generation firewall for WFP network.
• Evaluation/pilot/documentation and deployment coordination of WAN optimization/acceleration for WFP network.
• Evaluation/pilot/documentation of End Point Protection System (EPPS) for WFP client/servers.
• Evaluation/pilot/documentation of Proxy solution for WFP network. Support Voice infrastructure, Gatekeeper, IP2IP Gateways, Voice Gateways and SIP phones in a mixed environment (multi provider, multi link: VPN on DSL, MPLS, Satellite). Provide support for Cisco Call Manager Express, and Cisco Call Manager.

Jan 2007 – Jul 2009 · 2 yrs 6 mos · Rome Area, Italy

• Leading Classes for Cisco Career: CCNA, CCNP, CCNA Security, CCNA Voice
• Leading Classes for Microsoft Career: MCDST, MCSA, MCSE
• Leading Classes for generic IT courses: Network, Security, VPN
• Designed and document customized lab for Network, Security, Cisco and Microsoft Classes
• Managing a small team of 3 persons for training and network/security consultancy
• Consulting for Telecom Italia Security NOC