This latin phrase may be translated as "[let] no day [pass] without a line". It is attributed to the acient Greek painter Apelles of Kos. He was a renouned artist of his time and, when asked how he got to be that good at painting, he replied with these words. This quote is a reminder of the perseverance that is necessary to accomplish meaningful tasks.
What catches my attention is his choice to use the word linea. He did not say "draw one hundred circles everyday", nor "paint a Carvaggio daily". He said to draw a line, which is essentially the minimum effort a painter can make, yet also the very same effort that, over time, distinguishes him from the people that do not paint.
To me, this phrase is a reminder of the importance of keeping our skills sharp, be them physical or intellectual. When I can, I ask myself -and invite you to ask yourself too-: Did you draw your line today?
In my case, this qoute has also an additional meaning. "Line" can be seen as literally something I get to see almost every day: beloved lines of code.

TL;DR I have acquired a strong background in Computer Science, and in the last two years, specialized in Cybersecurity. I posess strong analytical skills and have experience in both being a team member and leader. I have worked with international clients. I have independently built several personal projects from the ground up.

Work Experience

• InfoCert

  Role: Cybersecurity Specialist

  Duration: April 2024 - Current

  As a Cybersecurity Governance Analyst, I collaborate closely with senior colleagues and the CISO to enhance the company's cybersecurity posture. My primary responsibilities include managing compliance with NIS2 and DORA regulations, updating cybersecurity policies, conducting awareness campaigns, and implementing a solution to manage cybersecurity KPIs. My contributions significantly shape the direction of our cyber initiatives and foster collaboration across teams and subsidiaries.

  Key Achievements:

  • Reviewed and updated over three cybersecurity policies to ensure alignment with NIS2, DORA, and NIST CSF 2.0 standards.
  • Conducted awareness sessions attended by 170 employees, achieving a 96% pass rate on post-webinar surveys, enhancing the organization's cybersecurity culture.
  • Implemented a Rust-based solution for tracking cybersecurity KPIs, improving visibility into the organization's security performance.
  • Developed detailed reports comparing the cybersecurity posture of our subsidiaries to the main organization, identifying areas for improvement.
  • Acted as a liaison between teams, gathering critical information and periodically reporting to the CISO to inform decision-making processes.
• InfoCert

  Role:Intern (Curricular Internship for the university)

  Duration: April 2023 - May 2023

  Conducted a comprehensive analysis of the company's security measures, focusing on the requirements specified in the Framework Nazionale per la CyberSecurity e la Data Protection v2 and the CIS Critical Security Controls v7 and v8. The primary goal was to validate the effectiveness of existing security procedures and identify areas for improvement. The results of this analysis will assist the organization in prioritizing steps to strengthen its security posture and maintain continuous compliance with the relevant standards.

• Fondazione Bruno Kessler

  Role: Junior Research Scientist

  Duration: October 2021 - May 2023

  Contributed to the development of the SSO platform by adding WebAuthn support to FBK's AAC (pr).
  Researched solutions for managing a Mobile Driving License throughout its life-cycle (ISO 23220, ISO 18013-5, EUDI Wallet Specifications) in collaboration with Istituto Poligrafico e Zecca dello Stato (IPZS).
  Participated in the European project PROTECTOR as a cybersecurity specialist, promoting a secure-by-design approach.

  Technologies Used:

  • Java
  • Git
  • Docker
  • Ansible
• Fondazione Bruno Kessler

  Role: Intern

  Duration: March 2021 - May 2021

  Conducted an in-depth study of the WebAuthn standard to produce a proof-of-concept implementation, allowing users to authenticate in both password-less and username-less fashions while retaining the security properties of MFA. The demo included an authentication server, a web client, an OAuth relying party, an OAuth resource provider, and a native Android app written in Kotlin.

  Technologies Used:

  • FIDO2/WebAuthn
  • OAuth2.1
  • TypeScript
  • NodeJS
  • Kotlin
• Athonet

  Duration: August 2017 - September 2017

  Assisted a web developer in implementing a tool for automated testing of the equipment produced by the company. My primary responsibility was to develop the front-end of the service, ensuring a user-friendly interface for testing operations.

  Technologies Used:

  • HTML
  • CSS
  • JavaScript
  • Git

Education

• Master's degree in Computer Science ICT Innovation Cyber Security

  University of Trento (Sep 2021-Oct 2023). Grade: 110 with honors / 110

  Thesis Title: Kampas: Streamlining Cybersecurity Control Management (Fulltext PDF)

  Main subjects:

  • Network Security
  • Applied Cryptography
  • Cyber Security Risk Assessment
  • Multimedia Data Security
  • Security Testing
  • Privacy and Intellectual Property Rights
  • High Performance Computing
  • Advanced Programming
  • Business Development Laboratory
  • ICT Innovation
  • Innovation and Entrepeneurship Basics

• Bachelor's degree in Computer Science

  University of Trento (Sep 2018-Oct 2021). Grade: 110 with honors / 110

  Thesis Title: FIDO2 Passwordless Authentication: From the basics to and implemetation in the context of an authorization system (Fulltext PDF)

  Main subjects:

  • Calculus
  • Algorithms and Data Structures
  • Formal Languages and Compilers
  • Computer Architecture
  • Embedded Software for the Internet of Things
  • Software Engineering
  • Logic
  • Geometry and Linear Algebra
  • Probability and Statistics
  • Programming
  • Functional Programming
  • Databases
  • Web Programming
  • Networking
  • Operating Systems
  • Human-Computer Inteaction
  • Introduction to Computer and Network Security
  • Introduction to Machine Learning

Skills

Dev

• Nix
• NixOS
• Linux
• Bash scripting
• C
• C++
• SML
• JavaScript
• TypeScript
• Svelte
• NodeJS
• Express JS
• Python
• Rust
• Java
• Dart
• Flutter
• HTML
• CSS/SCSS
• Oauth2.1
• FIDO2
• WebAuthn
• Docker
• Kubernetes
• SQL
• PostgresQL
• MongoDB
• CockroachDB
• Firebase
• Git
• CI/CD
• LaTeX
• Adobe Illustrator
• Figma
• Inkscape
• Penpot
• JSON
• CBOR
• REST APIs
• Ansible
• Mozilla SOPS
• YAML
• Restic
• Test-Driven Development
• Front-End Development
• Back-End Development
• Fullstack Development

Cyber

• Cyber Security Risk Assessment
• Regulatory Compliance
• ISO/IEC 23220
• ISO/IEC 18013-5
• EUDI Wallet Specification
• NIST Cyber Security Framework Core
• Framework Nazionale per la CyberSecurity e la Data Protection (FNCS) v2
• CIS Critical Security Controls v7
• CIS Critical Security Controls v8

Personal

• Critical thinking
• Team working
• Adaptability
• Problem solving
• Perseverance

Projects

University

1. Trading bot and Visualizer (repo)

   The final project for the "Advanced Programming" course, written in Rust. This project had a duration of three months. The aim was to simulate a stock market. The class was divided in teams, each tasked with creating a virtual stock market and a trader bot that, given a starting capital, could interact with the markets of the other teams following a strategy.
   To ensure that every bot could trade with every market, each team had to elect a team leader. The team leaders then collaborated to produce a shared specification for the technical requirements of the markets. I was amongst the team leaders.
   In the final part of the course, each team selected three other markets to trade with. Then, each member implemented either a bot to trade with such markets or a tool to visualizze the progress of a bot. I implemented a TUI visualizer.

2. Parallel Closest Pair Algorithm for HPC (repo, final report)

   An implementation of the closest pair algorithm for the course "High Performance Computing". The aim of this project was to produce a parallel implementation of an existing algorithm in order to run it on a High Performance Computing cluster -provided by the university-. My colleague and I produced a parallel version of the closest pair algorithm and performed an evaluation of the performance gains introduced by the parallelization.
   Overall, we learned how programming in a HPC environment differs from regular programming. In this project, I also took the liberty of adding a CI/CD pipeline to the project which automated the process of testing our changes in the cluster itself and generating the reports.

3. MSP Games (repo)

   Individual project for the "Embedded Software for the Internet of Things" course. It consists in a suite of two simple games -one of which is snake- that can be played on the Texas Instrument's MSP microcontroller. The player can use the joystick and the buttons to control the game, which is shown on the integrated display. The system also features audible feedback for when the player wins/looses a game, a game selection menu, play/pause functionality that puts the controller in a low-power mode, and a light and dark theme that can be toggled both manually or automatically using the built-in light sensor. The software was written in C.

4. Sudent notes for the Compilers and Formal Languages course (repo)

   As I was taking this course, I discovered that some of my colleagues were creating a curated document with all the lecture notes in LaTeX. I contributed to the project as a reviewer and by using Docker to create an environment where the compiler could run to produce the final PDF document. This proved useful both for producing a PDF every time new changes were committed and for helping others to setup their development environment.

5. EPOC (repo)

   A simple web application written with NodeJS, TypeScript and MongoDB which allows its users to browse a catalogue of recipes. We programmed it in our Software Enginnering course, familiarizing ourselves with the modern practices of agile software development.

6. Parallel character counter (repo)

   This was the team project for the "Operating Systems" course. It consists of a C program that recursively analyses all the files in a given directory, printing how many times each alphabetic character occours in them.
   The aim of this project was to familiarize ourselves with inter-process communication and multi-threaded programming. It is written in C.

Personal

1. Markhor: a Kubernetes operator that enables managing Secrets with SOPS. Using the operator, Secrets can be encrypted and treated as any other configuration file (e.g., committed to a git repository). The operator is lightweight, performant and indipendent of anything else which might run in the cluster. Also, I chose to make it open-source with a permissive license. Anyone is welcome to contribute. The code is available on GitHub.
2. Tikify: During the bachelor's degree, I created an Android app (Flutter) that allows the users to 'login' to their Spotify account (OAuth) and informs them about the new releases from the artists they follow. It is available on the Google Play Store and has surpassed the 4000 downloads mark.
3. My NixOS configuration: In the last years I discovered the Nix project and decided to adopt it to manage my computers. I have gotten quite passionate about its functional approach to building software packages and configuring systems and learned a lot about Linux in the meantime too. My configuration is publicly available on this GitLab repo.

Contacts