Research Curriculum Vitæ

Since 2007 I have had both industrial and academic work experience, as an employee, professor, and consultant. As such, I have experience dealing with various realms, from large corporate environments, research laboratories, to small companies.

My work activities range from engineering and pure development to scientific research, including both technical and dissemination tasks. In the past, I’ve done vulnerability assessment and web penetration-testing activities as a consultant, and I was hired multiple times as a technical expert witness for courts in Italy. Being member of various review boards and scientific program committees, I have extensive experience in assessing the quality of technical documents and other scientific artifacts.

Research Summary

Although I enjoy doing research in really any area of computer science, my experience includes various topics under the “cyber security” and “cyber crime” umbrella terms, such as threat analysis and intelligence, malware analysis, mobile security, fraud analysis and detection, web- and social-network security, and data visualization for security.

A distinctive aspect of my work is that I always strive to follow data-driven or learning-based approaches. The most recent example is a large-scale, data-analysis tool that I developed to find web-defacement campaigns. In agreement with the employer, I’ve partially open-sourced the tool after demoing it at Black Hat US Arsenal (2017). I’ve worked on similar projects on other topics: botnet data analysis and intelligence, mobile ransomware analysis, banking fraud intelligence, malware behavior mining, web-scale threat measurements, anomaly detection.

Research Dissemination and Speaking Experience

I published tenths of research papers at refereed international conferences or journals, as well as technical white papers and technical blog posts. I’ve presented my work at various international venues including both academic and industrial conferences (e.g., Black Hat), as well as closed-door events.

Thanks to my extensive teaching experience, I have acquired professional proficiency at speaking to and engaging with various types of audiences in both English and Italian language. Thanks to these activities, I’ve grown accustomed to travel internationally and interact with a variety of cultures.

My work has been recognized by several research groups (UC Santa Barbara, Foundation for Research and Technology Hellas, Northeaster University, Stony Brook University, KU Leven, and Royal Holloway University of London), with which I collaborated in various occasions.

Teamwork and Management Experience

In addition to teamwork in small groups of researchers, I have been teaching computer programming, computer and network security, digital forensics, and information systems. Since 2014 I was a professor for the Computer Security course and co-teach Advanced Topics in Computer Security.

I coordinated the organization of computer-security challenges and international competitions (CTFs). I’ve advised several PhD students. During my research projects, I am keen to involve people actively and work closely with them. During my academic career, this resulted in more than 35 theses and hundreds of people that I supervised since 2009.

Technical Skills

R&D activities highly demand flexibility, and thus I’m always keen to learn a new technology. Thanks to this, I have gained hands-on experience with a wide variety of technical development and research tools, at all levels of the modern ICT stack: from a disassembler or other command-line tools, to full-fledged web-development frameworks, storage systems, as well as dev-ops or system-administration tools.

Positions, Education and Awards

Record of Employment

  • 2023–present

  • 2022

  • 2016–2022

    • Title: Senior Researcher with Trend Micro, Inc. Research. Italy.
    • Main activities: R&D, research dissemination.
  • 2016–2017

    • Title: Adjunct Professor with Politecnico di Milano, Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). Italy.
    • Main activities: teaching (Computer Security).
  • 2015–2016

    • Title: Visiting Professor at UC Santa Barbara, Computer Security Group. California, USA.
    • Main activities: Scientific research.
  • 2014–2016

    • Title: Fixed-term Assistant Professor with Politecnico di Milano, Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). Italy.
    • Main activities: Scientific research, teaching (Computer Security), research management.
  • 2013–present

    • Title: Technical expert witness for courts in Italy.
    • Main activities: Computer forensics, evidence analysis.
  • 2010–2014

    • Title: Post-doctorate research fellow with Politecnico di Milano, Dipartimento di Elettronica, Informazione e Bioingegneria (DEIB). Italy.
    • Main activities: Scientific research, teaching (Computer Security, Computer Forensics, Programming).
  • 2005–2016

    • Title: Security Consultant, SecureNetwork s.r.l. Italy.
    • Main activities: R&D, teaching (Information Security, Malware Analysis), web penetration testing, and vulnerability assessment. Italy.
  • 2002–2006

    • Title: Consultant, BMS s.r.l.
    • Main activities: IT maintenance and development. Italy.
  • 2000–2016

    • Title: Freelance IT consultant. Italy.

Education

Toolbox & Technical Skills

  • Data analysis and Machine Learning: Pandas, NumPy, SciPy, Scikit-Learn, R.
  • Scalable storage and data analysis: MongoDB, Elastic Search, Kibana, Splunk, Hadoop.
  • Programming languages and frameworks: Python, Bash, C, Arduino, x86.
  • Reverse engineering and binary analysis: Apktool, GDB, IDA Pro, Smali.
  • Web frameworks: Flux, React, FastAPI, Flask, Django, Bootstrap.
  • Systems: OS X, Linux, FreeBSD, Windows, Android, Docker.
  • Physical layers: Universal Radio Hacker, GNU Radio, RFCat, Arduino, KiCad.

Awards

Presence in the Infosec Community

Through various activities such as international collaborations, public speaking and conference organization, I feel I belong to the “small” world that we all call “the infosec community”. The researchers with which I collaborate can be easily extrapolated by looking at my publication list. Therefore, I’m hereby listing the rest.

International Conferences Reviewer

Every year since 2008 I’ve been part of the review boards or served as an external reviewer for several conferences:

  • 2024
    • DIMVA PC Chair
  • 2023
  • 2022
    • Eurosec
    • eCrime
    • DIMVA
    • ACSAC
  • 2021
    • Black Hat Europe
    • EuroSec
    • DIMVA
    • eCrime
  • 2020
    • Black Hat Europe
    • eCrime
  • 2019
    • EuroSec
    • DIMVA
    • eCrime
  • 2018
    • AsiaCCS
    • ACSAC
  • 2017
    • ACSAC
    • DIMVA
    • AsiaCCS
    • AppSec EU
    • eCrime
    • IMPS
  • 2016
    • ACSAC
    • DIMVA
  • 2015
    • DIMVA (General Chair)
    • TRUST
    • MALWARE
    • WISTP
    • EUC
    • AppSec EU
    • PPREW
    • ESSoS
  • 2014
    • PPREW
    • MCSoC
    • TRUST
    • DPMPC
    • WISTP
    • IJCNN
  • 2013
    • CyCon
    • ICISS
  • 2011
    • EC2ND
    • BADGERS
  • 2010
    • COMPENG
  • 2009
    • EC2ND
  • 2008
    • DIMVA

I was part of the Tower of Hanoi (ToH) team, with which I’ve gained experience in playing, organizing, and running CTF competitions. I’m among the organizers of the Capture the Signal (CTS), the first RF-only CTF (by Trend Micro Research)!

Referee Service

Although I’m not a strong supporter of journals in this area, in the past I have served for the following journals as a reviewer:

  • International Journal of Computer Security (IJCS)
  • International Journal of Information Security (IJIS)
  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • ACM Transactions on Information and System Security (TISSEC)
  • Journal in Computer Virology (JCV)
  • Computers & Security (CoSe)

Research

My research activity revolves around a multitude of topics in the area of cyber security and e-crime, with a spin on data-analysis-oriented approaches.

Research Topics

I focus on analysis and mitigation of current and future threats using data analysis. I’ve been using ML since the beginning of my academic career. Nowadays, there is a lot of hype around machine learning (ML) and artificial intelligence (AI), and sometimes these two branches of science are brutally confused, to the point that people write “ML/AI” or say “ML or AI,” like they were synonyms. I prefer to take a step back, and simply say that I use data-analysis techniques, which has a much broader meaning. In particular, I do research on threat analysis and intelligence, malware analysis (including mobile malware), banking fraud analysis and detection, web and social-network security, vishing (voice phishing), and measurement. In addition, I did contributions in the field of security visualization.

In the past I made contributions in the field of anomaly detection: I developed and tested anomaly-based tools to mitigate Internet threats by (1) avoiding their spread via vulnerable web applications, (2) detecting unexpected activities in the operating system’s kernel (sing of malware infections or compromised processes), and (3) dealing with high number of alerts using alert correlation.

I occasionally extend my research beyond such topics: I let new ideas grow into research projects and involve multiple research institutions as needed by the specific vertical.

Funded Research Projects

Prior to joining Trend Micro, Inc., my academic research has been supported by the following projects, in which I was either the PI or was directly involved as a researcher.

  • FACE (MIUR FIRB, 2014–206) - face-project.it

    • Principal Investigators: F. Maggi and M. Dalla Preda
    • Topics: Malware analysis and defense methodologies.
  • WOMBAT (EU STREP FP-7, 2010–2013) - wombat-project.eu

    • Principal Investigator: Prof. G. Serazzi
    • Topics: Malware analysis, network traffic analysis.
    • Role: researcher.
  • SysSec (EU NOE FP-7, 2010–2013) - syssec-project.eu

    • Principal Investigator: Prof. S. Zanero
    • Topics: System security, mobile malware, scientific collaboration and education.
    • Role: researcher and co-coordinator of dissemination activities.
  • i-Code (CIPS, 2010–2011) - icode-project.eu

    • Principal Investigator: Prof. S. Zanero
    • Topics: Malware analysis, network traffic analysis, forensics.
    • Role: researcher and co-supervisor of other staff researchers.
  • TENACE (MIUR PRIN, 2013–2016) - http://www.dis.uniroma1.it/~tenace

    • Principal Investigator: Prof. S. Zanero
    • Topics: National critical infrastructure protection.
    • Role: researcher and co-supervisor of students working on financial fraud detection.

Teaching and Advising Experience

In 2013–2017, I have been a lecturer for the Computer Security course of the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.

I have been doing teaching since Master of Science (MSc), during which I’ve tutored undergraduate students in computer programming courses (Informatica 1) between 2005 and 2007. In the following list, this activity is referred to as “Lab. Tutor”: this involves guiding students in problem-solving tasks during their programming assignment in laboratory classes. Such classes are taught by so-called “Lab. Teaching Assistants (TAs)”. I was “Lab. TA” between 2007 and 2010 for the same computer programming courses, which meant preparing, solving and testing computer-programming problems of increasing difficulty (mainly in ANSI C), assigning them to students, coordinating the activity of one or two Lab. Tutors, and evaluating the solutions produced by students.

In 2008–2016 I have been TA for other courses. In particular, I thought classes in computer and network security, graduate-level courses, and prepared and graded exams for such courses. I also prepared and demonstrated practical tutorial lessons (e.g., live penetration testing exercises) to introduce young students to ethical hacking and CTFs. Also, I have been TA for non-security courses on topics such as computer system performance evaluation and information systems. For these courses I was required to teach how to solve practical exercises, prepare and grade exams, and also to prepare homework and small web application for students to request assignments, submit their solutions and automate grading.

Academic Courses

Here’s the timeline of my teaching experience:

  • 2014-2015

    • Instructor for Computer Security. Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.
    • Instructor for Computer Security. Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.
    • TA for Informatica Forense (Computer Forensic). Graduate-level course thought at the 5th School of Engineer- ing (Ingegneria dell’Informazione) of Politecnico di Milano.
    • Advanced Topics in Computer Security. Master- and PhD-level course taught by Prof. S. Zanero as part of the Doctoral Program in Information Technology (Dottorato di Ricerca in Ingegneria dell’Informazione) at Politecnico di Milano.
  • 2013-2014

    • Instructor for Computer Security. Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.
    • TA for Informatica Forense (Computer Forensic). Graduate-level course thought at the 5th School of Engineer- ing (Ingegneria dell’Informazione) of Politecnico di Milano.
    • TA for Privacy and Security. Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano (Como).
    • Advanced Topics in Computer Security. Master- and PhD-level course taught by Prof. S. Zanero as part of the Doctoral Program in Information Technology (Dottorato di Ricerca in Ingegneria dell’Informazione) at Politecnico di Milano.
  • 2012-2013

    • TA for Computer Security. Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.
    • TA for Informatica Forense (Computer Forensic). Graduate-level course thought at the 5th School of Engineer- ing (Ingegneria dell’Informazione) of Politecnico di Milano.
    • Advanced Topics in Computer Security. Master- and PhD-level course taught by Prof. S. Zanero as part of the Doctoral Program in Information Technology (Dottorato di Ricerca in Ingegneria dell’Informazione) at Politecnico di Milano.
  • 2011-2012

    • Advanced Topics in Computer Security. Master- and PhD-level course taught by Prof. S. Zanero as part of the Doctoral Program in Information Technology (Dottorato di Ricerca in Ingegneria dell’Informazione) at Politecnico di Milano.
  • 2010-2011

    • TA for Dimensionamento degli Impianti Informatici (Computer Systems Performance Evaluation: Techniques and Applications)
    • TA for Sistemi Informativi (Information Systems). Undergraduate-level course thought at the 2nd School of Engineering (Ingegneria dei Sistemi) of Politecnico di
  • 2009-2010

    • TA for Sicurezza delle Applicazioni (Computer Security). Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.
    • Lab. TA2 for Informatica B (Programming). Undergraduate-level course thought at the 4th School of Engi- neering (Ingegneria Industriale) of Politecnico di Milano.
    • TA for Sistemi Informativi (Information Systems). Undergraduate-level course thought at the 2nd School of Engineering (Ingegneria dei Sistemi) of Politecnico di
  • 2008-2009

    • TA for Impianti di Elaborazione (Information Systems). Undergraduate-level course thought at the 2nd School of Engineering (Ingegneria dei Sistemi) of Politecnico di
  • 2007-2008

    • Lab. TA for Informatica 1 (Programming).
    • TA for Impianti Informatici (Enterprise Digital Infrastructures).
    • TA for Sicurezza degli Impianti Informatici (Network Security). Graduate-level course thought at the 5th School of Engineering (Ingegneria dell’Informazione) of Politecnico di Milano.
  • 2006-2007

    • Lab. Tutor for Informatica 1 (Programming).
  • 2005-2006

    • Lab. Tutor for Informatica 1 (Programming).

Students Advised

I supervised 2 PhD students ( Andrea Continella and Chengyu Zheng) Additionally, I co-supervised 3 PhD students ( Michele Carminati, Mario Polino, and Davide Quarta).

In addition, I’ve always involved undergraduate and graduate students in my research activity, and strive to work closely and directly with them, as opposed to just assign work. Moreover, I supervised graduate and undergraduate students during their master and bachelor theses.

References and Endorsements

I’ve collaborated with several researchers and Professors around the world. If you are looking to receive an opinion on me, or a recommendation letter, you can contact:

Professor Stefano Zanero stefano.zanero@polimi.it
Dipartimento di Elettronica, Informazione e Bioingegneria
Politecnico di Milano
Via Ponzio 34/5
I-20133, Milano (MI), Italia

Professor Christopher Krügel chris@cs.ucsb.edu
1117 Engineering I
Department of Computer Science
University of California, Santa Barbara
Santa Barbara, CA 93106, United States

Professor Giovanni Vigna vigna@cs.ucsb.edu
2159 Engineering I
Department of Computer Science
University of California, Santa Barbara
Santa Barbara, CA 93106, United States

Professor Herbert Bos herbertb@cs.vu.nl
Computer Systems Section
VU Amsterdam
De Boelelaan 1081
1081 HV Amsterdam

Although I don’t really believe in publicly disclosed recommendations, I have requested, given and received some recommendations via LinkedIn. Feel free to check those out, FWIW.

That’s all folks! Thanks for reading!