Location via proxy:   
[Report a bug]   [Manage cookies]                

Michele Toccagni

Cyber Security Operation Lead @ ING Bank Italy

Security Manager with 7+ years of experience in cybersecurity. Proven ability to develop and implement security strategies, lead cross-functional teams, and optimize security operations to protect business assets and data. Adept at working with stakeholders to ensure compliance with industry standards and regulations.

1993 BIRTH
ITALY NATIONALITY
ITALIAN (NATIVE), ENGLISH (INTERMEDIATE) LANGUAGE

Work Experiences

October 2023 - Present

Cyber Security Operation Lead

ING Bank Italy


  • Penetration Testing: Led penetration testing initiatives, simulating real-world attacks to identify and remediate vulnerabilities.
  • Risk Assessment & Vulnerability Management: Conducted risk assessments and vulnerability management, ensuring timely patching of security gaps.
  • Threat Intelligence: Oversaw threat intelligence operations, proactively identifying and mitigating emerging cyber threats.
  • Security Policies & Incident Response: Developed and enforced security policies, procedures, and incident response plans to strengthen organizational security posture.
  • Application Security: Implemented SAST (Static Application Security Testing) and SCA (Software Composition Analysis) processes, integrating security best practices into the software development lifecycle (SDLC).
  • Data Loss Prevention (DLP): Designed and implemented DLP strategies to protect sensitive data, ensuring compliance with industry regulations and minimizing data breaches.
  • Budget & Vendor Management: Managed security budgets and vendor relationships, optimizing investment in security technologies and services.
March 2018 - September 2023

Security Associate Manager - Penetration Tester

Accenture Italy


  • Involved in the security analysis of infrastructures, with focus on Web, Network, Mobile and Thick Client Penetration Test.
  • Developed a tool to generate automatically the reports of Penetration Tests (like Serpico). This tool is written in Python-Flask, create both Word and Excel reports and it's used by the whole team.
  • Team management, both in managing activities and in relations with clients.
  • Coordinate and direct all phases of product testing while managing and leading project teams.
  • OSINT and Threat Intelligence activities.
December 2017 - December 2017

Security Audit

Argo Software

November 2016 - January 2017

Collaboration with Alpha Institute of Geopolitics and Intelligence

Malware Analisys for the Ransomware Report 2016

Penetration Test Skills

WEB

  • Deep knowledge of OWASP Top 10.
  • Knowledge of Advanced Attacks, like Bypass CSRF, Blind XXE and so on.
  • Daily usage of tools like Burp Suite, OWASP ZAP, SQLmap, nikto, etc.
  • Ability to perform a deep analysis on decompiled web app source code.
  • Ability to exploit vulnerabilities by chaining them into complex attacks.

Mobile

  • Deep knowledge of OWASP Top 10 Mobile.
  • Static and Dynamic Analysis on Android and iOS applications.
  • Usage of tools like Jadx, Objection, Frida, etc.
  • Ability to read Java in order to craft custom exploit.

Network

  • Using information gathering techniques to identify and enumerate targets running various operating systems and services.
  • Conducting remote, local privilege escalation, and client-side attacks.
  • Leveraging tunneling techniques to pivot between networks.
  • Knowledge of bash scripting and python in order to create custom exploit.

Thick Client

  • Ability to enumerate services on Windows Platform.
  • Knowledge of Decompilation tool like Dnspy, DotPeek, etc.
  • Ability to perform a deep analysis on decompiled windows app source code.
  • Ability to exploit vulnerabilities by chaining them into complex attacks.
  • Proficiency in scripting, Unix operating systems and windows

Soft Skills

  • Communication & Stakeholder Engagement: Effectively communicated security risks and strategies to both technical and non-technical stakeholders.
  • Collaboration & Cross-Functional Coordination: Worked with IT, development, compliance, and executive teams to align security with business goals.
  • Negotiation & Vendor Management: Managed security budgets and vendor relationships effectively.
  • Strategic Thinking: Strong analytical skills to anticipate threats and proactively enhance security measures.

Education

2018 - 2021

Laurea Magistrale (Master), Cyber Security

University of Milan

Milan, Italy

2013 - 2018

Laurea Triennale (Bachelor), Comunicazione Digitale

University of Milan

Milan, Italy

2007 - 2013

Liceo Scientifico Tecnologico

I.S.I.S G. Natta

Bergamo, Italy

Projects

Hacktips

https://hacktips.it/

Cache side channel attacks on ARM

Bachelor Thesis

Analisys of the websites of the cities of Italy

https://hacktips.it/how-safe-are-sites....

Cookies e tracciamento di terze parti

Linux Day 2017

Model Driven Approach to Generate Cyber Ranges

Master Thesis

Mentions

Blog post for Alpha Institute

Prevenzione e contromisure per CTB-Locker

Primo passo della caccia al bug con hacking etico

A blog post about the research that I've done on the websites of the cities of Italy

PacketStorm Security

CVE-2020-13872, CVE-2023-43250, CVE-2023-43251, CVE-2023-43252

Awards

OSCP Certified

Obtained in June 2019

Telecom Italia - Hall of Fame

I've found an SQL Injection on a site managed by Telecom Italia

GIAC Mobile Device Security Analyst (GMOB)

Obtained in August 2021

Fastweb - Hall of Fame

I've found vulnerabilities on some sites managed by Fastweb

CVE-2020-13872

I identified a vulnerability in the Royal TS software that allows to bypass authentication

CERT-EU - Hall of Fame

I've found a vulnerability on a site managed by Europe.eu

OSED Certified

Obtained in June 2023

Contact

Email
contact [at] toccagni {dot} info