Monday, August 31, 1970

Something about me

INTRO

Born in 1980, i started playing with computer hacking in 1995, involved professionally in IT since 1998, in information security since 2000, in telecommunication security / business administration since 2006 when i founded a product start-up, in anonymity and whistleblowing since 2011.

Currently i'm working for several non profit and for profit organizations (Hermes CenterPrivateWaveGLS) and Software Projects (GlobaLeaksTor2webOpenPGP.JS) doing various  management stuff, security and technical advise / support either as a contractor, owner or volunteer. 


BACKGROUND

My working experience provided me a particular kind of professional background by alternating very different activities: from management to information security, from marketing support to project management, from sales support to security technology scouting, from conference participation to security research, from people hiring to security advisoring.

I mostly worked with large enterprises and governments for security consulting but i lived in companies very differently sized, from startups (Matrice srl, Live Network Security srlPrivateWave SpA) to medium company (I.NET SpA, now BT) up to Large corporation (Telecom Italia SpA). 

Recently i engaged in Social Startup Hermes Center for Transparency and Digital Human Rights .I've been always an very active player by participating to events in national and international security and hacking, both as a lecturer and as a listener (See #below).

I liked to be involved in spreading the information security culture publishing security articles on specialized magazines (WeekIT, ICT Security, Wireless, BFi) but also making awareness trough mass media with radios (Radio Montecarlo), televisions (TG2, Studio Aperto, Neapoli, TG3) and national newspapers (La Stampa, Repubblica, Corriere) and books (security chapter of the book "The free software in Italy"). 

I like challenging situations where my analytical and pragmatic approach in problem solving, brainstorming and managing applies very well. 
Connecting the dots between different skills among people is what i like most. 
I like to communicate.
My goal is to play a major role in securing the modern information society and have a lot of fun (doing it!).

SOCIAL MEDIA

Late in 2009 i started a security blog on http://infosecurity.ch (i need to update it!), a twitter account  http://twitter.com/fpietrosanti and a slideshare presentation account to share experience and security topic i like. My Linkedin is http://linkedin.com/in/secret . 


PROFESSIONAL EXPERIENCE SUMMARY

I like schematic view, below a summary of what i've done, where, when and in which sector and what i've done:
  • 1995 Computer hacking - self-learning a lot of things you do not learn on the job
  • 2000 IT Security - Network Security Engineer I.NET SpA (now BT) - Firewalls, IDS, VPN, Penetration testing, hardening, penetration testing
  • 2002 IT Security management - Network Security Manager I.NET SpA (now BT) - Security Operation Center buildup, managed security service portfolio creation, security technology scouting, incident handling, sales and security training, large security projects, leaded penetration testing team)
  • 2004 Information Security - Senior Information Security consultant Corporate Telecom Italia SpA - security policy review, security advisoring, early warning, open source intelligence, incident handling and counter intelligence, security research
  • 2006 Communication Security - Entrepreneur, now CTO - PrivateWave Italia SpA - Product vision, leading projects,security and encryption assurance, military classified email messaging and mobile phone calls communications projects (we run also NGO support program)
  • 2011 Social Startup on Whistleblowing / Anonymous Publishing - Co-Founder - Hermes Center - Product and Project Management, Fundraising, Secretariat, Advocacy, Project Development for GlobaLeaks and Tor2web .
  • 2012 Corporate Restructuring - Local Family Business - General Logistic Services - Corporate Restructuring, Organization, Business Process Optimization, Marketing and Sales Improvement. 
I have a deep knowledge on telecommunication security technologies and protocols (VoIP, GSM, etc) design and implementation.
I own an  extensive experience in Information Security (incident handling, counter espionage measures, etc) , IT Security  (penetration testing, security infrastructure, etc) topics including organizational and management related (service/product concepts and startup leading, project management, etc).
I've been often involved in M&A financial operations regarding Security Companies acting as a consultant for due diligences, as a business developer, facilitators, wannabe-lawyer reviewing contracts/conditions.
I like to use 4 days per week powerpoint, email, excel and mobile phones as main working tools, but to always keep a hands-on on my unix terminals keeping to safeguard nerd soul. ;)


CONFERENCE / PUBBLICATION

Below list of conference i attended as a lecturer (don't a copy of all slides!):


  • 19 Oct 2001, SMAU/Sicurmatica, Milano - Sicurezza, il punto di vista del NASP
  • 20 Oct 2001, SMAU/Tavola Rotonda sul fenomeno Hacking, Milano
  • 13 Oct 2001, AntiKrimen Expo, Area Sicurezza Informatica - Storia e psicologia Hacker
  • 10 Dec 2001, IBM Forum, Milano "CONFERENZA LINUX" - OpenSource e Sicurezza
  • 24 Jan 2002, Infosecurity Italia 2002, Italian Black Hats Speech
  • 17 Mar 2002, Rivoluzione Connettiva e Sicurezza, Centro Alti Studi Lotta al terrorismo: Il ruolo dei carrier nella network securit
  • 05 May 2003, University LIUC (Varese, Italy) : Wireless (in)Security: Sicurezza delle reti wireless
  • 05 May 2003, University LIUC (Varese, Italy) Percezione della sicurezza informatica: miti e leggende
  • 15 Oct 2003, Università di Firenze, Sicurezza, full-disclosure e software: Sicurezza informatica: la percezione e la realtà
  • 07 May 2004, Webbit 04, Padova: Wireless (in)Security: problemi di (in)sicurezza Tecnologie dell’802.11b
  • 09 Feb 2006, Infosecurity 2006, Milano: Hardening della configurazione di PHP: limitare il danno
  • 6 Sep 2010, ESC 2010, Venice: Workshop on GSM Security (demonstration and hacking GSM networks)
  • Feb 2010, Social News Special WikiLeaks: ITALIAN article on WikiLeaks and Government 2.0 program (page 36)
  • TODO: I should update here the long-list of participations and talk

SECURITY RESEARCH

Especially i've done several security research, finding bugs on security software such as Cisco PIX or ISC BIND, or starting up hacking related projects:



PERSONAL INTEREST

I am a kind of person that change frequently interests with deep passion for something until i got a good understanding of it, then i need to learn something else. 
I always liked and will always like retro computing stuff.


Lately (2013) i've been interested in:


  • Anonymity networks (i keep running tor2web & tor exit node)
  • Whistleblowing research (GlobaLeaks and Advocacy)
  • Cyber warfare and cyber commands
  • VoIP & GSM security research
  • Macro economics & finance (managing a mixed stock / bond portfolio)

ASSOCIATIONS, PROJECTS, GROUPS

I tend to follow and/or participate to the following associations and informal groups with different level of engagement:


  • Pws (Progetto Winston Smith)
  • Italian Hacker Embassy
  • various underground and informal groups
I co-organized for several years the conferences and participations of Sikurezza.org to italian security events. 
In 2001 i co-founded Italian BlackHats Associations now unfortunately not anymore operational. 
Since 2007 i co-organize the Italian Hacker Embassy at various European Hacker Camp (CCC Camp, HAR, OHM2013, etc) and provide some organizational support for other Italian Hacker Camp events such as MOCA (Metro Olografix Camp) and ESC (End Summer Camp).
In 2012 i co-founded Hermes Center

TAG CLOUD OF EXPERIENCE AND INTERESTS

Writing your own professional profile is more easy if you only target smart people. 

So, below my tag cloud of experience and interests:

Information Security - Communicate efficiently - Product Management - IT Security laws and digital rights - Be Pragmatic - Privacy - Encryption Technologies - Computers and digital right's related laws - IT Security - Transforming problems in opportunities - Infrastructures - Hacking - Wireless Technology - Counter intelligence - Understand stakeholders needs - Privacy activism - Cyber warfare - Technology evangelism - Leading teams - Intelligence - Whistleblowing - Activism - Transparency



CONTACT
You can contact me to my email address that's written name @ surname . it or to my jabber account naif@jabber.ccc.de (OTR enabled) or on IRC at irc.oftc.net on #nottor - #globaleaks - #tor2web



NOTICE ON COMMUNICATION SECURITY
It’s strongly suggested to use communication protection technologies if you need tell me something confidential.
Write me with PGP or call me with PrivateGSM (have a trial , it works!) to +393401801049 .
Please consider that i mainly stay in GMT+1 timezone and i strongly prefer to be contacted between 9 am and 8pm