INTRO
Born in 1980, i started playing with computer hacking in 1995, involved professionally in IT since 1998, in information security since 2000, in telecommunication security / business administration since 2006 when i founded a product start-up, in anonymity and whistleblowing since 2011.
Currently i'm working for several non profit and for profit organizations (Hermes Center, PrivateWave, GLS) and Software Projects (GlobaLeaks, Tor2web, OpenPGP.JS) doing various management stuff, security and technical advise / support either as a contractor, owner or volunteer.
BACKGROUND
My working experience provided me a particular kind of professional background by alternating very different activities: from management to information security, from marketing support to project management, from sales support to security technology scouting, from conference participation to security research, from people hiring to security advisoring.
I mostly worked with large enterprises and governments for security consulting but i lived in companies very differently sized, from startups (Matrice srl, Live Network Security srl, PrivateWave SpA) to medium company (I.NET SpA, now BT) up to Large corporation (Telecom Italia SpA).
Recently i engaged in Social Startup Hermes Center for Transparency and Digital Human Rights .I've been always an very active player by participating to events in national and international security and hacking, both as a lecturer and as a listener (See #below).
I liked to be involved in spreading the information security culture publishing security articles on specialized magazines (WeekIT, ICT Security, Wireless, BFi) but also making awareness trough mass media with radios (Radio Montecarlo), televisions (TG2, Studio Aperto, Neapoli, TG3) and national newspapers (La Stampa, Repubblica, Corriere) and books (security chapter of the book "The free software in Italy").
I mostly worked with large enterprises and governments for security consulting but i lived in companies very differently sized, from startups (Matrice srl, Live Network Security srl, PrivateWave SpA) to medium company (I.NET SpA, now BT) up to Large corporation (Telecom Italia SpA).
Recently i engaged in Social Startup Hermes Center for Transparency and Digital Human Rights .I've been always an very active player by participating to events in national and international security and hacking, both as a lecturer and as a listener (See #below).
I liked to be involved in spreading the information security culture publishing security articles on specialized magazines (WeekIT, ICT Security, Wireless, BFi) but also making awareness trough mass media with radios (Radio Montecarlo), televisions (TG2, Studio Aperto, Neapoli, TG3) and national newspapers (La Stampa, Repubblica, Corriere) and books (security chapter of the book "The free software in Italy").
I like challenging situations where my analytical and pragmatic approach in problem solving, brainstorming and managing applies very well.
Connecting the dots between different skills among people is what i like most.
I like to communicate.
SOCIAL MEDIA
Late in 2009 i started a security blog on http://infosecurity.ch (i need to update it!), a twitter account http://twitter.com/fpietrosanti and a slideshare presentation account to share experience and security topic i like. My Linkedin is http://linkedin.com/in/secret .PROFESSIONAL EXPERIENCE SUMMARY
I like schematic view, below a summary of what i've done, where, when and in which sector and what i've done:- 1995 Computer hacking - self-learning a lot of things you do not learn on the job
- 1998 ICT - System Administrator - Ministry of Public finance - Systems and infrastructure (unix)
- 2000 IT Security - Network Security Engineer - I.NET SpA (now BT) - Firewalls, IDS, VPN, Penetration testing, hardening, penetration testing
- 2002 IT Security management - Network Security Manager - I.NET SpA (now BT) - Security Operation Center buildup, managed security service portfolio creation, security technology scouting, incident handling, sales and security training, large security projects, leaded penetration testing team)
- 2004 Information Security - Senior Information Security consultant - Corporate Telecom Italia SpA - security policy review, security advisoring, early warning, open source intelligence, incident handling and counter intelligence, security research
- 2006 Communication Security - Entrepreneur, now CTO - PrivateWave Italia SpA - Product vision, leading projects,security and encryption assurance, military classified email messaging and mobile phone calls communications projects (we run also NGO support program)
- 2011 Social Startup on Whistleblowing / Anonymous Publishing - Co-Founder - Hermes Center - Product and Project Management, Fundraising, Secretariat, Advocacy, Project Development for GlobaLeaks and Tor2web .
- 2012 Corporate Restructuring - Local Family Business - General Logistic Services - Corporate Restructuring, Organization, Business Process Optimization, Marketing and Sales Improvement.
I own an extensive experience in Information Security (incident handling, counter espionage measures, etc) , IT Security (penetration testing, security infrastructure, etc) topics including organizational and management related (service/product concepts and startup leading, project management, etc).
I've been often involved in M&A financial operations regarding Security Companies acting as a consultant for due diligences, as a business developer, facilitators, wannabe-lawyer reviewing contracts/conditions.
I've been often involved in M&A financial operations regarding Security Companies acting as a consultant for due diligences, as a business developer, facilitators, wannabe-lawyer reviewing contracts/conditions.
I like to use 4 days per week powerpoint, email, excel and mobile phones as main working tools, but to always keep a hands-on on my unix terminals keeping to safeguard nerd soul. ;)
CONFERENCE / PUBBLICATION
Below list of conference i attended as a lecturer (don't a copy of all slides!):- 19 Oct 2001, SMAU/Sicurmatica, Milano - Sicurezza, il punto di vista del NASP
- 20 Oct 2001, SMAU/Tavola Rotonda sul fenomeno Hacking, Milano
- 13 Oct 2001, AntiKrimen Expo, Area Sicurezza Informatica - Storia e psicologia Hacker
- 10 Dec 2001, IBM Forum, Milano "CONFERENZA LINUX" - OpenSource e Sicurezza
- 24 Jan 2002, Infosecurity Italia 2002, Italian Black Hats Speech
- 17 Mar 2002, Rivoluzione Connettiva e Sicurezza, Centro Alti Studi Lotta al terrorismo: Il ruolo dei carrier nella network securit
- 05 May 2003, University LIUC (Varese, Italy) : Wireless (in)Security: Sicurezza delle reti wireless
- 05 May 2003, University LIUC (Varese, Italy) Percezione della sicurezza informatica: miti e leggende
- 15 Oct 2003, Università di Firenze, Sicurezza, full-disclosure e software: Sicurezza informatica: la percezione e la realtà
- 28 Oct 2003, Wireless Forum, Milano: Wireless Network Security Training
- 05 Nov 2003, Comitato di gestione della infrastruttura nazionale di rete del CNR e la TaskForce sulla sicurezza,Technical Security Training: Wireless (in)Security: problemi di (in)sicurezza dell’802.11b
- 07 May 2004, Webbit 04, Padova: Wireless (in)Security: problemi di (in)sicurezza Tecnologie dell’802.11b
- 28 May 2005,E-Privacy 2005, Firenze: PGP luci e ombre. Storia e evoluzione dello strumento per la privacy più usato al mondo
- 8 Feb 2006,: LRA Posta Elettronica Certifica, Firma digitale e Archiviazione ottica Documentale, Milano: sicurezza e riservatezza delle tecnologie di firma digitale
- 09 Feb 2006, Infosecurity 2006, Milano: Hardening della configurazione di PHP: limitare il danno
- 20 Oct 2006, Hack.lu 2006, Luxembourg: Exploiting hidden services to setup anonymous communication infrastructure
- 06 Feb 2007, Infosecurity 2007, Milano: Voice Security & Privacy flash talk
- 29 Mar 2009, Security Summit 2009, Milano: Voice Security & Privacy: confidentiality protection, upcoming technologies and standards
- 17 Mar 2010, Security Summit 2010, Mobile Security: Intense overview of mobile security threat
- 21 May 2010, WHYMCA, Mobile Security: Intense overview of mobile security threat
- 24 Aug 2010, University of Trento, Cryptolab, Voice communication security
- 6 Sep 2010, ESC 2010, Venice: Workshop on GSM Security (demonstration and hacking GSM networks)
- Feb 2010, Social News Special WikiLeaks: ITALIAN article on WikiLeaks and Government 2.0 program (page 36)
- TODO: I should update here the long-list of participations and talk
SECURITY RESEARCH
Especially i've done several security research, finding bugs on security software such as Cisco PIX or ISC BIND, or starting up hacking related projects:- 09 Jun 2000, 3R soft Mailstudio 2000 multiple vulnerabilities
- 14 Jun 2000, A sendmail.cf backdoor
- 03 Sep 2001, Cisco PIX multiple vulnerabilities (Cisco Pix Notes)
- 26 Sep 2001, Cisco PIX SMTP Mailguard bypass
- 01 Nov 2001, ISC BIND 8.2.2-P5 Denial of service vulnerability
- 16 Nov 2006, Parallels Desktop for Mac Insecure File Permission
- 01 Feb 2010, Debunking Informationsecurityguard.com fake SecureStar independent security blog identity (theregister article)
- 12 Jan 2011, Organized the PrivateWave's open source release of ZORG ZRTP voice encryption protocol implementation integrated with PJSIP opensource stack
- 24 Jan 2011, Running my first Tor Exit Node with noisy traffic reduction
- 26 Jan 2011, GlobaLeaks project
- March 2011, Tor2web Project
PERSONAL INTEREST
I am a kind of person that change frequently interests with deep passion for something until i got a good understanding of it, then i need to learn something else.
I always liked and will always like retro computing stuff.
- Anonymity networks (i keep running tor2web & tor exit node)
- Whistleblowing research (GlobaLeaks and Advocacy)
- Cyber warfare and cyber commands
- VoIP & GSM security research
- Macro economics & finance (managing a mixed stock / bond portfolio)
ASSOCIATIONS, PROJECTS, GROUPS
I tend to follow and/or participate to the following associations and informal groups with different level of engagement:- Pws (Progetto Winston Smith)
- Italian Security Professional (Linkedin)
- Hackerscorner at International Journalism Festival
- Italian Hacker Embassy
- Whistleblowing International Network co-founder with GlobaLeaks Project
- various underground and informal groups
In 2001 i co-founded Italian BlackHats Associations now unfortunately not anymore operational.
Since 2007 i co-organize the Italian Hacker Embassy at various European Hacker Camp (CCC Camp, HAR, OHM2013, etc) and provide some organizational support for other Italian Hacker Camp events such as MOCA (Metro Olografix Camp) and ESC (End Summer Camp).
In 2012 i co-founded Hermes Center.
TAG CLOUD OF EXPERIENCE AND INTERESTS
Writing your own professional profile is more easy if you only target smart people.So, below my tag cloud of experience and interests:
Information Security - Communicate efficiently - Product Management - IT Security laws and digital rights - Be Pragmatic - Privacy - Encryption Technologies - Computers and digital right's related laws - IT Security - Transforming problems in opportunities - Infrastructures - Hacking - Wireless Technology - Counter intelligence - Understand stakeholders needs - Privacy activism - Cyber warfare - Technology evangelism - Leading teams - Intelligence - Whistleblowing - Activism - Transparency
CONTACT
You can contact me to my email address that's written name @ surname . it or to my jabber account naif@jabber.ccc.de (OTR enabled) or on IRC at irc.oftc.net on #nottor - #globaleaks - #tor2web
NOTICE ON COMMUNICATION SECURITY
It’s strongly suggested to use communication protection technologies if you need tell me something confidential.Write me with PGP or call me with PrivateGSM (have a trial , it works!) to +393401801049 .
Please consider that i mainly stay in GMT+1 timezone and i strongly prefer to be contacted between 9 am and 8pm
