Security & Risk Manager
Resume:
Gabriele Biondo
Nova Milanese, MB *****
Italy
*******@**.***
+39-342-******* (mobile)
Employment
Self Employed
Freelance IT Risk Manager/Security Consultant
• through Dimension Data Italy:
o IT Security Program (ITSP) in Lamborghini (property of Volkswagen group): penetration testing. Level: Senior
security analyst. Managing the implementation of other security projects belonging to the ITSP.
o IT Security Program (ITSP) in Italdesign/Giugiaro (property of Volkswagen group): server hardening. Level:
Senior security analyst. Managing the implementation of other security projects belonging to the ITSP.
• through Kitdigital Italy: IT Security management c/o European Food Safety Authority (EFSA – branch of European
Commission): Started the IT Security Incident Management process following NIST SP800-61. Managing crisis due to
external attacks, coordinating the efforts of the Network and System engineers and managing the communications
towards the EFSA directors, the other departments, and the European CERT. Forensics Analysis of Windows XP clients.
Level: Information Risk Manager.
• through Spike Reply Italy: Law compliancy for H3G Italy (Hutchinson Wampoa group) – controlling the compliancy of
newly released platforms and services to the Italian and European laws. Special focus on the ‘Decreto Gentiloni’ and the
Italian Privacy law. Setting up the Incident Management procedure, following the guidelines of NIST SP 800-61. Level:
Information Risk Manager.
Quint Wellington Redwood Italy
Senior Consultant
1/2013 - 9/2013
In charge of developing the ICT Security and Information Risk Management Branches for the Company. Business development;
project management with people and budget responsibilities; Business process reengineering; Risk assessments, Risk treatment
plans; Development of security plans, policies and procedures. Customer management. Managed a complex Risk Treatment
project (150md) for a major Oil-Gas multinational company; with the responsibility of a team of 4 direct reports and related budget.
Level: Information Risk Manager. Reporting to Quint Wellington Redwood Italy board of directors and to customer’s ICT Managers.
ING Bank B.V.
Operational Risk Manager
8/2010 - 6/2011
Penetration tests results’ analysis. Written the guidelines for external penetration test reports. Resident member of the steering
committee in charge of auditing and certifying external connections, in charge of managing the sanitization of non-compliant or
non-secure platforms (small projects not exceeding 20 MDs). In charge of operational risk management-related communications
with southern European affiliates. Reporting to head of ING Risk Management Department.
European Commission
Disaster Recovery Expert
4/2010 - 7/2010
Started from scratch the Disaster Recovery Process for the part of the network managed by Dimension Data. Designed the DRP
for the most important infrastructural component (Checkpoint Firewalls, the NetApp NAS, the BlueCoat Forward and Reverse
Proxy, the DNS Cluster, Cisco Load Balancers, the Log consolidation platform, and the connectivity through the various sites).
Decided the relevant statistics and metrics to present to EC officers. Managed the test phase (5-MD's projects). Reporting to head
of Network Services.
Heroth B.V.
Senior Consultant
10/2009 - 3/2010
Performed a broad black box penetration testing activity for one of the most important Dutch banks. Analysis of results and
evidences, reported to Customer's mid management. Managed a black box penetration test for one of the most relevant logistic
companies of the Rotterdam's harbour. Analysis of results and evidences, reported to Customer's CISO. Designed the NEN7510
iComply solution, as an integration of NetIQ Secure Configuration Manager and Dynasec Easy2comply. Reporting level: Heroth's
Managing Director. Customer's mid/high management.
Trust in People B. V.
Senior Consultant
4/2009 - 8/2009
Performed a broad black box penetration testing activity for one of the most important Dutch he althcare organizations; focusing on
more than 80 servers. Managed a black box penetration test for one of the most relevant European food-organization. Analysis of
results and evidences. Created the High Level Design for a structure dealing with intellectual property and serving several
competitors at the same time, leveraging Autonomy’s IDOL server. Reporting to Trust in People's Managing Director and
customers’ mid/high management.
DHL International GmbH
EMEA Technical Architect
8/2008 - 3/2009
Main duties: Responsible for designing new solutions and assessing the IT Security aspects of all Technical Design Documents
belonging to other Technical Architects. Created a business case pertaining on the migration of the old SAAB’s and Volvo’s DHL
network. Risk assessment, What-if scenarios, Financial forecasts. Definition of the worldwide policy of acceptable use for LDAPs,
and other governance-related issues. Managed the migration of several platforms from the US to the EU (50MDs project).
Reporting level: Reported directly to EMEA’s architectures headquarters
Liberty Global, Inc.
Capacity/Infrastructure Manager
5/2006 - 7/2008
Managed the storage and network capacity planning and the server performance of the whole installed base, by interacting and
communicating with Business owners and senior management. In charge of several projects, such as the redesign of distribution
network of all affiliates geographically distributed across Europe (12 different companies). Platforms analysis, consolidation plans,
creating/maintaining processes such as the Data classification and the Information life-cycle management. Business process
reengineering, forecasting workloads, what-if scenarios, qualitative and quantitative analysis. Facilitated the SOX Compliance
management, defined company’s standards for Software and Hardware related components. As a point of interest, I was the first
employee to achieve the ‘Nike Experience employee of the month’ of the company (Jan. 2007). Reporting level: Vice President and
Director level. C.A.B. member.
Self Employed
ICT Security Consultant
1/1997 - 5/2006
• through Etnoteam: Main storage architect for the project SAN/NAS c/o H3G Italy: managing the growth of a Storage Area
Network larger than 600 Terabytes. Business continuity planning and High Availability Architectural Designs; consolidation
of business critical platforms (counter fraud and legal CDR tracking).Data migrations (Metro- and Geographical- SAN
environments). Lead several database reorganization projects. Involved into the Disaster Recovery Plan as the main
storage architect, in charge of assessing and mitigating risks related to remote replicas, reported to Director level.
• University of Bologna, various faculties: system administrator
• Cofounder of Much and More SRL, RSM.
Education
Open University UK
Master's Degree, Master of Science (Msc)
9/2013 - Present
Skills
Proficiency Experience Last Used Interest
IT project management Expert 5 years + Current High
Information Risk Management Expert 5 years + Current High
Capacity planning Expert 5 years + 3-5 years ago Medium
Penetration Testing Advanced 5 years + Last year High
Business development Advanced 3-5 years Current High
Operational auditing Advanced 5 years + Last year Medium
Certifications
Date
COBIT 5 Foundations 7/2013
Prince 2 Foundations 7/2013
M_o_R® - Management of Risk Foundation 7/2013
Agile Project Management Foundation 7/2013
Lean IT Foundation 6/2013
ISO/IEC: 27001 Foundation 6/2013
ISO 27001 Lead Auditor 5/2013
CISM (Certified Information Security Manager) 12/2010
Certified Information Systems Security Professional (CISSP) 5/2007
OPST (OSSTMM Professional Security Tester 2/2004
Publications
Title Published on Date Published
Enter MetaSploit 4.7 HackInsight Magazine 8/2013
Digging into Mozilla Artefacts eForensics Magazine 7/2013
Capacity Planning – a practitioner guide van Haaren ITIL series 2009
Technical Editor
Speaking Events
Event Role Title Date
Webbit Milano Lecturer Introduction to Computer Forensics 10/2007
MSc in Information Security, Lecturer Advanced Penetration Testing techniques 9/2007
Universidad La Salle, Barcelona (ES)
Languages
Proficiency Experience Last Used Interest
English Expert 5 years + Current High
(read, write, speak)
French Intermediate 3-5 years 1-3 years ago Medium
(read, speak)
Italian Expert 5 years + Current High
(read, write, speak)
Dutch Intermediate 1-3 years 1-3 years ago High
(read, speak)
Contact this candidate