Stefano Lorenzi

Stefano Lorenzi

IT Security Specialist

Curriculum

From November 2008 on – Selex-ES (Finmeccanica Group)
Finmeccanica is Italy’s main industrial group, leader in the high technology sector, and ranks among the top ten defence groups worldwide. It operates in the Aerospace, Defence and Security sectors. The group I work with is focused on Incident Handler and my main tasks are Incident Handling, managing Vulnerability Assessment, Penetration Test, Forensic, log analysis, Malware detection (APT discovery) in companies of the Group, in Italy and abroad. In particular:

  • Coordinate a Vulnerability Assessment Team
  • Produce Vulnerability Assessment project and report
  • Focal point with technical customer personnel.
  • I follow the accident investigation network, determine the cause of the safety problems
    Analyze potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
  • Perform network incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
  • Make recommendations on the appropriate corrective action for incidents
  • Produce security incident reports and briefings to be distributed to the team lead and manager.
  • Appropriately inform and advise management on incidents and incident prevention

The main knowledge Tools:

Vulnerability Assessment
Nessus, nmap, metasploit,fierce, ZAP, DirBuster, tcpdump, wirshark, sqlmap, hydra
Forensic
Volatility, autopsy, Foremost, Scalpel,RegRipper
Malware Analysis
Cuckoo, peframe, yara,
General
Sysinternals, Scapy
Language
Delphi, Java and python

For vulnerability Assessment and Penetration test I use OSSTMM methodology for infrastructor task and OWASP methodology for Web application.
I have written many tools in python, java and Delphi language (see Projects page)

You can download my CV in pdf format, click on icon