Resume
3 years of experience
Experience
July 2025 - Till now
PwC Italy
OT Security Specialist
OT Vulnerability Assessment: Conducted passive network traffic analysis to identify security vulnerabilities and map Operational Technology (OT) assets, enhancing visibility and risk management.
Professional Report Development: Produced clear, tailored assessment reports for both executive stakeholders and technical teams, translating complex findings into actionable insights.
June 2024 - February 2025
Accenture S.p.A. (Contractor)
SOC Analyst T2
- Security Incident Management: Monitored and analyzed security threats using SIEM tools, coordinated and responded promptly to incidents to minimize impact.
- Support to T1 Operators: Provided assistance and guidance to Level 1 colleagues, enhancing their ability to identify and resolve security incidents.
- Professional Reports Creation: Prepared detailed reports on security incidents, including impact assessments and analysis of emerging security phenomena for internal and external stakeholders.
- Security Process Improvement: Collaborated in defining and implementing security processes to optimize incident management and reduce response times.
- Threat Hunting and Advanced Analysis: Conducted threat hunting activities to identify potential threats not detected by standard security controls.
February 2024 - June 2024
Accenture S.p.A. (Contractor)
SOC Analyst T1
- Log Monitoring: Monitor and analyze logs from a variety of sources to detect and respond to potential security threats.
- Ticket Management: Manage and prioritize tickets related to security incidents, ensuring timely and effective resolution.
- Malware Analysis: Perform in-depth analysis of malware to identify its behavior, origin, and possible IOCs.
- Incident Management: Oversee the entire incident management process, coordinating responses to security events to minimize impact and ensure swift recovery.
August 2023 - November 2023
Yesnet S.R.L.
Web developer - Freelancer
- Project management: Managed the project lifecycle, including setting and meeting deadlines, budgeting, client communication, testing, delivery, and post-production maintenance.
- Full-Stack Development: Created the entire backend and frontend infrastructure for a web application designed to sell digital business cards.
April 2022 - October 2023
DoctorPC/TechCare S.N.C.
System Administrator
- Client support: Provided technical support to clients, troubleshooting and resolving hardware and software issues in a timely manner.
- Maintenance of Company Hardware Assets: Managed and maintained the company's hardware assets, including regular updates, repairs, and replacements to ensure optimal performance.
- Maintenance of the Network Company: Oversaw the maintenance and monitoring of the company’s network infrastructure, ensuring network security, performance, and reliability.
- Seller of Software and Hardware Products: Sold software and hardware products to clients, providing recommendations based on their specific needs and ensuring compatibility with existing systems.
Education
July 2023 – May 2024
HackTheBox Academy
Certified Penetration Tester Specialist
I completed the Penetration Tester path at HackTheBox Academy, a highly practical and hands-on training program designed to build and assess penetration testing skills. The course covered a wide range of cybersecurity topics, including:
- Penetration Testing Methodologies: Learned and applied structured approaches to conducting penetration tests, including information gathering, reconnaissance, and attack strategies.
- Targeted Attacks on Windows and Linux Systems: Gained experience in identifying and exploiting vulnerabilities in both Windows and Linux environments, with a strong focus on real-world scenarios.
- Active Directory Penetration Testing: Acquired skills in testing and exploiting Active Directory environments, focusing on common vulnerabilities and attack vectors.
- Web Application Security: Conducted in-depth penetration tests on web applications, identifying security flaws and demonstrating their potential impact.
- Vulnerability Chaining and Exploitation: Practiced chaining multiple vulnerabilities to achieve maximum impact, mimicking real-world attack strategies.
- Pivoting and Lateral Movement: Developed techniques for moving laterally within compromised networks, essential for comprehensive penetration testing.
- Post-Exploitation and Privilege Escalation: Focused on post-exploitation activities, including privilege escalation on both Windows and Linux systems.
- Reporting and Risk Communication: Created commercial-grade penetration testing reports, emphasizing clear communication of findings and actionable remediation strategies.
Throughout the course, my skills were continuously evaluated through practical, hands-on assessments, ensuring a deep understanding of each topic before progressing. The training culminated in a final assessment, where I successfully conducted black-box penetration tests on a simulated real-world Active Directory network.
This rigorous training provided me with a solid foundation in penetration testing, preparing me to identify and exploit vulnerabilities effectively, as well as communicate findings professionally to stakeholders.
September 2016 - July 2021
I.T.I.S. Cerebotani
High school diploma
I completed my high school education with a focus on Computer Science. The program provided comprehensive training in various areas of IT, including:
- Programming: Gained solid foundations in programming languages such as C++ and C#, developing software applications and solving complex problems.
- Networking: Studied network design and management using Cisco's Packet Tracer, learning how to configure and troubleshoot networks.
- Database Management: Learned the basics of SQL, including database creation, management, and query writing to handle data efficiently.
