Curriculum Vitae 1 General Information Name: Andrea Fabrizi Date of Birth: 10/04/1983 City of Birth: Anagni, Italy Place of residence: Luxembourg Phone: Website: www.andreafabrizi.it Email: andrea.fabrizi () gmail com Date IT career started: March 2005 Years of Experience (IT): 8 years Contractual Status: Current Main : Employee Security Consultant Other s: Developer Highest relevant educational qualification: Certificate and/or diploma School Institute - University From Until Secondary education Science and Maths High School Liceo Scientifico Dante Alighieri Anagni 1997-2002 2 Language Skills Italian English Understanding Listening C2 C1 Reading C2 C1 Speaking Interaction C2 C1 Production C2 C1 Writing Writing C2 C1 Referring to common reference levels (B1 1; B2 5) Page 1 of 9
3 Summary Summary: I m an Ethical Hacker and I work as Penetration Tester, breaking through the security systems of our customers to reveal vulnerabilities and threat exposures. I know the OWASP and OSSTMM methodology. I experienced Penetration Tests against a wide range of technologies and systems: Solaris, Linux, Windows, Tru64, HP-UX, Oracle, MySQL, PostgreSQL, Apache, Tomcat, JBoss, WebLogic, Oracle IAS, SAP, Java, PHP, ASP, ColdFusion, Smartcards, Token, SSO, and others. My specialities are penetration testing of web applications, mobile applications and critical systems such as mainframes (AS400, OpenVMS, etc...), live databases and virtualization infrastructures. I'm a Linux enthusiast and an experienced developer, I know C, Java, Python, PHP, C#, JavaScript, HTML, BASH, Assembly (x86 and Microchip PIC) and I experienced developing across multiple platforms (Windows, Linux, Mac, PIC, Android ). This knowledge is very useful for security activities like code review and reverse engineering. When I write software or a piece of code that can be useful to someone I like to publish it on my website. In my free time I like to improve my technical skills, reading security papers, analyzing software or firmware, and if I found interesting vulnerabilities I like to publish advisories or exploits. Only for hobby I have some knowledge of electronics, including Microcontroller programming, PCB design and circuit building. I like to work mostly with embedded Linux systems (MIPS, MIPSEL and x86 based). My specialties: Web Application Security, Reverse Engineering, Penetration Testing, Software development, Code review. Page 2 of 9
4 Full Employment overview: Company Customer department Type of Contract Duration (years) Main CV Exp Page Hypergolica / Freelance 3 years System Administrator 1 Unidata Telco Employee 2 years Security Consultant 2 STM Italia Public administration institutions Employee 2 years Security Consultant 3 Business-e Telco/Banks/ Financials Employee 3 years Security Consultant 4 INTRASOFT International European Commission Employee 1 year Security Consultant 5 Page 3 of 9
5 Professional Certifications Certification Year obtained RSA Archer Administration 2012 RSA Secure World 2012 Page 4 of 9
Professional experience page n 1 Hypergolica Webworks Studio Assignment : Start date End date: Duration (years) 03/2005 05/2008 3 Customer : Hypergolica Webworks Studio Main Ancillary s Web developer System Administrator Development and administration of web-based CMS. Software designer and developer of web applications and standalone applications; Database designer; Administration and hardening of web, mail and database servers. Linux, FreeBSD, C, PHP, Java, Bash. Page 5 of 9
Professional experience page n 2 Unidata S.p.A Assignment : Start date End date: Duration (years) 06/2006 06/2008 2 Customer : Telecom Italia Main Security consultant Security consultant for a major Italian telecommunication company. Penetration testing of critical systems and infrastructures; Technical security audit; Manual penetration testing, based on OWASP and OSSTMM methodology. Page 6 of 9
Professional experience page n 3 STM Italia Assignment : Start date End date: Duration (years) 07/2008 01/2010 2 Customer : Italian public administration Main Security Consultant Security consultant for a big Italian public administration institution. Computer and network security. Penetration testing; Vulnerability assessment; Security related software development; Security assessment of application firewalls. Manual penetration testing, based on OWASP and OSSTMM methodology. Automatic vulnerability assessment using products like Nessus and IBM Appscan. Page 7 of 9
Professional experience page n 4 Business-e S.p.A Assignment: Start date End date: Duration (years) 02/2010 03/2013 > 3 Customer: Telecom Italia, TIM Brazil, Italian Banks and financial institutions. Main Security Consultant Security consultant for a major Italian and international communication company, banks and financial institutions. Penetration testing of web applications, mobile applications, stand-alone applications, critical systems and infrastructures; Compliance and risk analysis; Vulnerability assessment; Security Assessment of virtualization infrastructures; Administration of SIEM, log management and GRC products; Technical and governance security consulting; Security software development. Manual penetration testing, based on OWASP and OSSTMM methodology. Vulnerability Assessment using tools like Nessus and McAfee Foundstone. Page 8 of 9
Professional experience page n 5 INTRASOFT International SA Assignment: Start date End date: Duration (years) 03/2013 Ongoing 1 year Customer: European Commission, Luxembourg. Main Security Consultant Security consultant for European Commission in Luxembourg. Penetration testing of web applications, stand-alone applications, critical systems and infrastructures; Vulnerability assessment; Manual penetration testing, based on OWASP and OSSTMM methodology. Page 9 of 9