Fabio Pietrosanti

30 years old, i started playing with computer hacking in 1995, involved professionally in IT since 1998, in information security since 2000 by lately focusing on communication security since 2006, when i founded a product start-up.

Currently i run as a CTO for the security company i founded, KHAMSA now PrivateWave, that grew from 3 person in 2006 to 20 person in 2010 .

My working experience provided me a particular kind of professional background by alternating very different activities: from management to information security, from marketing support to project management, from sales support to security technology scouting, from conference participation to security research, from people hiring to security advisoring.

I mostly worked with large enterprises and governments for security consulting but i lived in companies very differently sized, from startups (Matrice srl, Live Network Security srl, PrivateWave SpA) to medium company (I.NET SpA, now BT) up to Large corporation (Telecom Italia SpA).

I’ve been always an very active player by participating to events in national and international security and hacking, both as a lecturer and as a listener (See #below).

I liked to be involved in spreading the information security culture publishing security articles on specialized magazines (WeekIT, ICT Security, Wireless, BFi) but also making awareness trough mass media with radios (Radio Montecarlo), televisions (TG2, Studio Aperto, Neapoli, TG3) and national newspapers (La Stampa, Repubblica, Corriere) and books (security chapter of the book “The free software in Italy“). .

I like challenging situations where my analytical and pragmatic approach in problem solving, brainstorming and managing applies very well.  Connecting the dots between different skills among people is what i like most.

I like to communicate.

Late in 2009 i started a security blog on http://infosecurity.ch, a twitter account  http://twitter.com/fpietrosanti and a slideshare presentation account to share experience and security topic i like. My Linkedin is http://linkedin.com/in/secret and Flickr is http://www.flickr.com/photos/fpietrosanti/ .

My goal is to play a major role in securing the modern information society and have a lot of fun (doing it!).

This presentation is very institutional, as often it’s required to do. Personally i prefer to be much less serious than in this short biography.

PROFESSIONAL EXPERIENCE SUMMARY

I like schematic view, below a summary of what i’ve done, where, when and in which sector and what i’ve done:

• 1995 Computer hacking – self-learning a lot of things you do not learn on the job
• 1998 ICT  – System Administrator - Ministry of Public finance – Systems and infrastructure (unix)
• 2000 IT Security - Network Security Engineer - I.NET SpA (now BT) - Firewalls, IDS, VPN, Penetration testing, hardening, penetration testing
• 2002 IT Security management – Network Security Manager - I.NET SpA (now BT) – Security Operation Center buildup, managed security service portfolio creation, security technology scouting, incident handling, sales and security training, large security projects, leaded penetration testing team)
• 2004 Information Security - Senior Information Security consultant - Corporate Telecom Italia SpA – security policy review, security advisoring, early warning, open source intelligence, incident handling and counter intelligence, security research
• 2006 Communication Security - Entrepreneur, now CTO – PrivateWave Italia SpA – Product vision, leading projects,security and encryption assurance, military classified email messaging and mobile phone calls communications projects (we run also NGO support program)
  

I have a deep knowledge on telecommunication security technologies and protocols (VoIP, GSM, etc) design and implementation.

I own an  extensive experience in Information Security (incident handling, counter espionage measures, etc) , IT Security  (penetration testing, security infrastructure, etc) topics including organizative and management related (service/product concepts and startup leading, project management, etc).

I like to use 4 days per week powerpoint, email, excel and mobile phones as main working tools, but to always keep a hands-on on my unix terminals keeping to safeguard nerd soul.

For a detailed view refer to my linkedin profile linkedin.com/in/secret .

CONFERENCE / PUBBLICATION

Below list of conference i attended as a lecturer (don’t a copy of all slides!):

• 19 Oct 2001, SMAU/Sicurmatica, Milano – Sicurezza, il punto di vista del NASP
  
• 20 Oct 2001, SMAU/Tavola Rotonda sul fenomeno Hacking, Milano
• 13 Oct 2001, AntiKrimen Expo, Area Sicurezza Informatica – Storia e psicologia Hacker
• 10 Dec 2001, IBM Forum, Milano “CONFERENZA LINUX” – OpenSource e Sicurezza
• 24 Jan 2002, Infosecurity Italia 2002, Italian Black Hats Speech
• 17 Mar 2002, Rivoluzione Connettiva e Sicurezza, Centro Alti Studi Lotta al terrorismo: Il ruolo dei carrier nella network securit
• 05 May 2003, University LIUC (Varese, Italy) : Wireless (in)Security: Sicurezza delle reti wireless
• 05 May 2003, University LIUC (Varese, Italy) Percezione della sicurezza informatica: miti e leggende
• 15 Oct 2003, Università di Firenze, Sicurezza, full-disclosure e software: Sicurezza informatica: la percezione e la realtà
• 28 Oct 2003, Wireless Forum, Milano: Wireless Network Security Training
• 05 Nov 2003, Comitato di gestione della infrastruttura nazionale di rete del CNR e la TaskForce sulla sicurezza,Technical Security Training: Wireless (in)Security: problemi di (in)sicurezza dell’802.11b
• 07 May 2004, Webbit 04, Padova: Wireless (in)Security: problemi di (in)sicurezza Tecnologie dell’802.11b
• 28 May 2005,E-Privacy 2005, Firenze: PGP luci e ombre. Storia e evoluzione dello strumento per la privacy più usato al mondo
• 8 Feb 2006,: LRA Posta Elettronica Certifica, Firma digitale e Archiviazione ottica Documentale, Milano: sicurezza e riservatezza delle tecnologie di firma digitale
• 09 Feb 2006, Infosecurity 2006, Milano: Hardening della configurazione di PHP: limitare il danno
• 20 Oct 2006, Hack.lu 2006, Luxembourg: Exploiting hidden services to setup anonymous communication infrastructure
• 06 Feb 2007, Infosecurity 2007, Milano: Voice Security & Privacy flash talk
• 29 Mar 2009, Security Summit 2009, Milano: Voice Security & Privacy: confidentiality protection, upcoming technologies and standards
• 17 Mar 2010, Security Summit 2010, Mobile Security: Intense overview of mobile security threat
• 21 May 2010, WHYMCA, Mobile Security: Intense overview of mobile security threat
• 24 Aug 2010, University of Trento, Cryptolab, Voice communication security
• 6 Sep 2010, ESC 2010, Venice: Workshop on GSM Security (demonstration and hacking GSM networks)
  
• Feb 2010, Social News Special WikiLeaks: ITALIAN article on WikiLeaks and Government 2.0 program (page 36)
  

SECURITY RESEARCH

Especially i’ve done several security research, finding bugs on security software such as Cisco PIX or ISC BIND, or starting up hacking related projects:

• 09 Jun 2000, 3R soft Mailstudio 2000 multiple vulnerabilities
• 14 Jun 2000, A sendmail.cf backdoor
  
• 03 Sep 2001, Cisco PIX multiple vulnerabilities (Cisco Pix Notes)
• 26 Sep 2001, Cisco PIX SMTP Mailguard bypass
• 03 Oct 2001, Cisco PIX allow external user to discover internal ip address
• 01 Nov 2001, ISC BIND 8.2.2-P5 Denial of service vulnerability
• 16 Nov 2006, Parallels Desktop for Mac Insecure File Permission
• 01 Feb 2010, Debunking Informationsecurityguard.com fake SecureStar independent security blog identity (theregister article)
  
• 12 Jan 2011, Organized the PrivateWave‘s open source release of ZORG ZRTP voice encryption protocol implementation integrated with PJSIP opensource stack
• 24 Jan 2011, Running my first Tor Exit Node with noisy traffic reduction
  
• 26 Jan 2011, GlobaLeaks project
  

PERSONAL INTEREST

I am a kind of person that change frequently interests with deep passion for something until i got a good understanding of it, then i need to learn something else. I always liked and will always like retro computing stuff.

Lately (2011) i’ve been interested in:

• Cyber warfare and cyber commands
• VoIP & GSM security research
• Macro economics & finance (managing a mixed stock / bond portfolio)
• Anonimity networks (i keep running a tor exit node)
  
• Whistleblowing research
  

ASSOCIATIONS AND GROUPS

I tend to follow and/or participate to the following associations and informal groups:

• Sikurezza.org
• Pws (Progetto Winston Smith)
• Italian Security Professional (Linkedin)
• Clusit (Italian Association for Information Security)
  
• Centro Studi Informatica Giuridica & Circolo dei Giuristi Telematici
• Hackerscorner
• GlobaLeaks
• Tor & Tor2Web
  
• various underground and informal groups

I co-organized for several years the conferences and participations of Sikurezza.org to italian security events. In 2001 i co-founded Italian Blakchats Associations http://www.blackhats.it now unfortunately not anymore operational.

TAG CLOUD OF EXPERIENCE AND INTERESTS

Writing your own professional profile is more easy if you only target smart people. So, below my tag cloud of experience and interests:

Information Security – Communicate efficiently – Product Management – IT Security laws and digital rights – Be Pragmatic – Privacy – Encryption Technologies – Computers and digital right’s related laws – IT Security – Transforming problems in opportunities – Infrastructures – Hacking – Wireless Technology – Counter intelligence – Understand stakeholders needs – Privacy activism – Cyber warfare – Technology evangelism – Leading teams – Intelligence

CONTACT

You can contact me to my email address that’s written name @ surname . it .

NOTICE ON COMMUNICATION SECURITY

It’s strongly suggested to use communication protection technologies if you need tell me something confidential.

Write me with PGP or call me with PrivateGSM (have a trial , it works!) to +393401801049 .

Please consider that i mainly stay in GMT+1 timezone and i strongly prefer to be contacted between 9 am and 8pm