About

Cybersecurity keeps giving me the best excuses to find exciting problems to solve. Or, as my wife once said, to “push buttons on my computer”.

Boring Stuff First

Very likely, you came here because you need to quickly copy and paste my short bio, or grab a head shot to post on a conference website. So, here you go!

Short Bio

With more than a decade of research experience in the cybersecurity field, Federico Maggi has worked on offensive and defensive projects in web applications, network protocols, embedded systems, radio-frequency control systems, industrial robots, cars, and mobile devices.

Some of his research work has been featured on mainstream and media outlets such as Bloomberg, Wired, Reuters, Forbes, Hackread, ZDNet, and MIT Technology Review.

Currently employed as a Security Engineer at AWS with focus on server firmware and hardware, Federico has been a Research Expert in the Huawei AI4Sec Research team, and a Senior Researcher with Trend Micro. Previously, Federico was an Assistant Professor at Politecnico di Milano, one of the leading engineering technical universities in Italy. Aside his teaching activities, Federico co-directed the security group and has managed hundreds of graduate students.

Federico has given several lectures and talks as an invited speaker at international venues and research schools, and also serves in the review or organizing committees of well-known academic and industry conferences.

More info about Federico and his work is available online at https://maggi.cc

One-liner Bio

Federico Maggi, PhD, is a Senior Security Engineer with AWS, and has been working in cybersecurity for more than a decade with the public and private sector.

Head shot

You can also grab the high-resolution version.

An Academic Moved to the Industry World

Before joining Trend Micro, until Summer 2016 I was an Assistant Professor at Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB), Politecnico di Milano in Italy, where I co-directed the system-security group at the NECST Laboratory, and led several projects with my colleague and advisor Stefano Zanero.

During my PhD, I made some contributions in the field of anomaly detection and I was using machine learning way before it became mainstream. I developed and tested various anomaly-based tools, for example to detect attacks against web applications or unexpected activities in the kernel (sing of malware infections or compromised processes).

Public Speaking

Let’s be honest: when the hard research work is over, isn’t it just great to get on stage and share the results with the world?

I have given several lectures and talks, mainly peer-reviewed talks, but also as an invited speaker at international venues and research schools.

I’m far from being a professional speaker, but people say I’m quite good at it. Have a look at some of my public speeches to get a sense of my speaking style.

I used to hate and be afraid of speaking in public, and I still remember the tension and anxiety I experienced before every single talk. I don’t know exactly when and why, but something happened at some point, and everything turned upside down. Now I try to find every possible excuse to get on stage, because I find it an extremely satisfying and entertaining activity–for myself, at least, and hopefully for the audience as well!

Hacking and Playing Around With Stuff

I’m not a bug hunter, but I do occasionally find and report vulnerabilities as part of my job.

As my work is not focused on a particular product or vertical, I’ve never really grown a technology-specific skillset when it comes to hacking and bug hunting. Rather, I adapt and I’m eager to learn what’s needed for the next challenge. I’ve looked at web applications, desktop and mobile apps, middleware protocols, embedded protocols, and even radio frequency. So, a little bit of everything. As I mentioned at the beginning of this page, cybersecurity is the only field that managed to keep me busy with new problems.

When time permits, I occasionally play CTFs or prepare challenges. Honestly, I haven’t been playing for a looong long time: I think 2004 or something, when we (early memebers of the Tower of Hanoi) played one of the very first editions of the UCSB iCTF. Thanks to @ lucacarettoni for sharing this great memory about that game. Yes, that’s the printout of the scoreboard. Amazing times!

With the same team, in 2015 I have led the organization of the PoliCTF contest. Was quite a lot of fun! I’m currently organizing the Capture the Signal (CTS), a contest focused exclusively on RF-hacking.

When time permits, I like to pretend I’m an amateur electronic enthusiast, doing stuff like DYI automation, RF nodes, and stuff like that.

Reviewing Others’ Work

I’m regularly invited to serve in the review board, organizing or technical program committee of conferences. To name a few, I have been the PC (co)chair of DIMVA 2023 and DIMVA 2024, general chair of DIMVA 2015, PC chair of EUC 2014 and PC member of several conferences and workshops including ACSAC, AsiaCCS, DIMVA, SecureComm.