Gabriele Biondo

Nova Milanese, MB *****

Italy

acckc9@r.postjobfree.com

+39-342-******* (mobile)

Employment

Self Employed

Freelance IT Risk Manager/Security Consultant

*/**** - *******

• through Dimension Data Italy:

o IT Security Program (ITSP) in Lamborghini (property of Volkswagen group): penetration testing. Level: Senior

security analyst. Managing the implementation of other security projects belonging to the ITSP.

o IT Security Program (ITSP) in Italdesign/Giugiaro (property of Volkswagen group): server hardening. Level:

Senior security analyst. Managing the implementation of other security projects belonging to the ITSP.

• through Kitdigital Italy: IT Security management c/o European Food Safety Authority (EFSA – branch of European

Commission): Started the IT Security Incident Management process following NIST SP800-61. Managing crisis due to

external attacks, coordinating the efforts of the Network and System engineers and managing the communications

towards the EFSA directors, the other departments, and the European CERT. Forensics Analysis of Windows XP clients.

Level: Information Risk Manager.

• through Spike Reply Italy: Law compliancy for H3G Italy (Hutchinson Wampoa group) – controlling the compliancy of

newly released platforms and services to the Italian and European laws. Special focus on the ‘Decreto Gentiloni’ and the

Italian Privacy law. Setting up the Incident Management procedure, following the guidelines of NIST SP 800-61. Level:

Information Risk Manager.

Quint Wellington Redwood Italy

Senior Consultant

1/2013 - 9/2013

In charge of developing the ICT Security and Information Risk Management Branches for the Company. Business development;

project management with people and budget responsibilities; Business process reengineering; Risk assessments, Risk treatment

plans; Development of security plans, policies and procedures. Customer management. Managed a complex Risk Treatment

project (150md) for a major Oil-Gas multinational company; with the responsibility of a team of 4 direct reports and related budget.

Level: Information Risk Manager. Reporting to Quint Wellington Redwood Italy board of directors and to customer’s ICT Managers.

ING Bank B.V.

Operational Risk Manager

8/2010 - 6/2011

Penetration tests results’ analysis. Written the guidelines for external penetration test reports. Resident member of the steering

committee in charge of auditing and certifying external connections, in charge of managing the sanitization of non-compliant or

non-secure platforms (small projects not exceeding 20 MDs). In charge of operational risk management-related communications

with southern European affiliates. Reporting to head of ING Risk Management Department.

European Commission

Disaster Recovery Expert

4/2010 - 7/2010

Started from scratch the Disaster Recovery Process for the part of the network managed by Dimension Data. Designed the DRP

for the most important infrastructural component (Checkpoint Firewalls, the NetApp NAS, the BlueCoat Forward and Reverse

Proxy, the DNS Cluster, Cisco Load Balancers, the Log consolidation platform, and the connectivity through the various sites).

Decided the relevant statistics and metrics to present to EC officers. Managed the test phase (5-MD's projects). Reporting to head

of Network Services.

Heroth B.V.

Senior Consultant

10/2009 - 3/2010

Performed a broad black box penetration testing activity for one of the most important Dutch banks. Analysis of results and

evidences, reported to Customer's mid management. Managed a black box penetration test for one of the most relevant logistic

companies of the Rotterdam's harbour. Analysis of results and evidences, reported to Customer's CISO. Designed the NEN7510

iComply solution, as an integration of NetIQ Secure Configuration Manager and Dynasec Easy2comply. Reporting level: Heroth's

Managing Director. Customer's mid/high management.

Trust in People B. V.

Senior Consultant

4/2009 - 8/2009

Performed a broad black box penetration testing activity for one of the most important Dutch he althcare organizations; focusing on

more than 80 servers. Managed a black box penetration test for one of the most relevant European food-organization. Analysis of

results and evidences. Created the High Level Design for a structure dealing with intellectual property and serving several

competitors at the same time, leveraging Autonomy’s IDOL server. Reporting to Trust in People's Managing Director and

customers’ mid/high management.

DHL International GmbH

EMEA Technical Architect

8/2008 - 3/2009

Main duties: Responsible for designing new solutions and assessing the IT Security aspects of all Technical Design Documents

belonging to other Technical Architects. Created a business case pertaining on the migration of the old SAAB’s and Volvo’s DHL

network. Risk assessment, What-if scenarios, Financial forecasts. Definition of the worldwide policy of acceptable use for LDAPs,

and other governance-related issues. Managed the migration of several platforms from the US to the EU (50MDs project).

Reporting level: Reported directly to EMEA’s architectures headquarters

Liberty Global, Inc.

Capacity/Infrastructure Manager

5/2006 - 7/2008

Managed the storage and network capacity planning and the server performance of the whole installed base, by interacting and

communicating with Business owners and senior management. In charge of several projects, such as the redesign of distribution

network of all affiliates geographically distributed across Europe (12 different companies). Platforms analysis, consolidation plans,

creating/maintaining processes such as the Data classification and the Information life-cycle management. Business process

reengineering, forecasting workloads, what-if scenarios, qualitative and quantitative analysis. Facilitated the SOX Compliance

management, defined company’s standards for Software and Hardware related components. As a point of interest, I was the first

employee to achieve the ‘Nike Experience employee of the month’ of the company (Jan. 2007). Reporting level: Vice President and

Director level. C.A.B. member.

Self Employed

ICT Security Consultant

1/1997 - 5/2006

• through Etnoteam: Main storage architect for the project SAN/NAS c/o H3G Italy: managing the growth of a Storage Area

Network larger than 600 Terabytes. Business continuity planning and High Availability Architectural Designs; consolidation

of business critical platforms (counter fraud and legal CDR tracking).Data migrations (Metro- and Geographical- SAN

environments). Lead several database reorganization projects. Involved into the Disaster Recovery Plan as the main

storage architect, in charge of assessing and mitigating risks related to remote replicas, reported to Director level.

• University of Bologna, various faculties: system administrator

• Cofounder of Much and More SRL, RSM.

Education

Open University UK

Master's Degree, Master of Science (Msc)

9/2013 - Present

Skills

Proficiency Experience Last Used Interest

IT project management Expert 5 years + Current High

Information Risk Management Expert 5 years + Current High

Capacity planning Expert 5 years + 3-5 years ago Medium

Penetration Testing Advanced 5 years + Last year High

Business development Advanced 3-5 years Current High

Operational auditing Advanced 5 years + Last year Medium

Certifications

Date

COBIT 5 Foundations 7/2013

Prince 2 Foundations 7/2013

M_o_R® - Management of Risk Foundation 7/2013

Agile Project Management Foundation 7/2013

Lean IT Foundation 6/2013

ISO/IEC: 27001 Foundation 6/2013

ISO 27001 Lead Auditor 5/2013

CISM (Certified Information Security Manager) 12/2010

Certified Information Systems Security Professional (CISSP) 5/2007

OPST (OSSTMM Professional Security Tester 2/2004

Publications

Title Published on Date Published

Enter MetaSploit 4.7 HackInsight Magazine 8/2013

Digging into Mozilla Artefacts eForensics Magazine 7/2013

Capacity Planning – a practitioner guide van Haaren ITIL series 2009

Technical Editor

Speaking Events

Event Role Title Date

Webbit Milano Lecturer Introduction to Computer Forensics 10/2007

MSc in Information Security, Lecturer Advanced Penetration Testing techniques 9/2007

Universidad La Salle, Barcelona (ES)

Languages

Proficiency Experience Last Used Interest

English Expert 5 years + Current High

(read, write, speak)

French Intermediate 3-5 years 1-3 years ago Medium

(read, speak)

Italian Expert 5 years + Current High

(read, write, speak)

Dutch Intermediate 1-3 years 1-3 years ago High

(read, speak)

Contact this candidate