Sk3pper

Security Engineer / Researcher

Hi! This is my personal web page where I will post my blog articles, notes and my personal career path.

I am passionate about computer science and prone to fully understand how things work by asking myself “why?” and “how?”. I like to expand my knowledge both theoretically and through practical activities. I find creative solutions to problems and write code to implement them. My work experience includes:

  • Engineering: I gather everything related to engineering, being curious to comprehend the workings of every intricate detail, explore novel solutions, and embrace the creative aspects;
  • IT: Coding and everything that is related to computer technology.
  • Security: In recent years, I developed an interest and competence in cybersecurity, working on information security projects, security by design, writing secure code and training for hardware and software security testing.

Top Posts

Experiences

1
AI ESRA

June 2025 - Present

Rome (Italy) | Mostly remote


Security Engineer / Researcher

June 2025 - Present

Responsibilities:
  • Design and build core product security features end to end, bridging offensive insight with software engineering.
  • Designed and developed from scratch a network topology discovery engine that reconstructs multi-layer network maps from heterogeneous data sources.
  • Research and design security posture indicators for enterprise environments (e.g. Active Directory).
  • Identify and analyze product vulnerabilities, then design and implement countermeasures to improve resilience.
  • Evaluate emerging security tools, techniques and threats, feeding findings back into product capabilities.

ZTE Cybersecurity Lab

October 2023 - May 2025

Rome (Italy)

The ZTE Cybersecurity Lab in Italy focuses on security testing and support for the regional markets. It serves as a collaborative platform between ZTE and various institutions, universities, and stakeholders for capacity building and knowledge transfer, including a partnership with the CNIT (National Interuniversity Consortium for Telecommunications) for technical research and testing supervision.

Cybersecurity Software Engineer

October 2023 - May 2025

Responsibilities:
  • Perform cyber security assessment of ZTE products.
  • Identify, analyze, and assess technical and organizational cyber security vulnerabilities. Document and report penetration test results to stakeholders.
  • Study and employ cutting-edge security technology, tools and vulnerabilities.
  • Co-authored and presented EMFIF2 (Electro-Magnetic Fault Injection Fuzzing ) at Black Hat Europe 2025 Arsenal.
2

3
Konica Minolta Global R&D

February 2021 - July 2023

Rome (Italy)

The Cyber Security R&D team performs applied security research and prototyping, as well as shaping the adoption of best practices and new technologies.

Cybersecurity Software Engineer

February 2021 - July 2023

Responsibilities:
  • Analysis of methodologies, design and implementation of prototype solutions for security risk management and cyber deception area;
  • Propose and investigate innovative approaches or technologies in the field of cyber security;
  • Be up-to-date with cyber security trends and cutting-edge technologies;

UniCredit Services

November 2019 - February 2021

Verona (Italy)

UniCredit Services provides ICT applications aimed at developing, implementing and managing the solutions for different core areas

Software Developer

November 2019 - February 2021

Responsibilities:
  • Design, implementation, deployment, monitoring and troubleshooting of banking applications.
  • Implementation of monitoring automation, identification of performance bottlenecks and troubleshooting of issues, discovery and resolution of applications bugs with Splunk.
  • Management of applications production release cycles.
4

5
TIM S.p.A

August 2018 - September 2019

Rome (Italy)

Cybersecurity Analyst at the Security Operations Center TIM. Collaboration in the Incident Handling Backbone Team.

Cybersecurity Analyst

August 2018 - September 2019

Responsibilities:
  • Security incidents handling in the TIM backbone network;
  • On call duties for critical environments handling security incidents outside of business hours.
  • Software developer for automation of SOC activities.

High school "Louis Pasteur"

September 2016 - June 2017

Rome (Italy)

Teacher in an extracurricular course of “programming techniques” addressed to students of the scientific high school biennium.

Teacher

September 2016 - June 2017

6

Skills

Courses & Certifications

Offsec Certified Professional (OSCP)
Maldev Academy
Offensive Hardware Security Training

Publications

EMFIF2 - Electro-Magnetic Fault Injection Fuzzing Framework

EMFIF2 is a modular framework for automated Electro-Magnetic Fault Injection (EMFI) fuzzing on embedded systems. The framework combines CNC-machine precision with an EMP generator to automate fault injection, enabling researchers and engineers to run sophisticated hardware attacks with minimal manual intervention. Its modular, scriptable design lets users define complex fault scenarios and observe device responses in real time. Through a series of case studies, the talk demonstrated EMFIF2’s effectiveness in uncovering flaws in popular embedded systems, covering the framework’s architecture, the integration of CNC and EMP technologies, and the challenges of reproducing physical attack conditions in a controlled environment.

Authentication as a service based on shamir secret sharing

The paper presents a solution for securing password-based authentication using Shamir’s $(k,n)$ threshold scheme, where $n$ password-derived secrets (shares) are created, and $k\leq n$ shares are necessary and sufficient for reconstructing the password. The solution is information-theoretically secure, with each share stored on a different host (Shareholder), requiring an attacker to compromise $k$ Shareholders to reconstruct the secret. To resist compromising the coordinating server (Dealer), the authors define a variant of Shamir’s scheme where the abscissas are unknown to the Dealer and Shareholders, making reconstruction impossible even if they are compromised. The authors have designed protocols for registration and authentication, analyzed scenarios with partially/totally compromised Dealer and/or Shareholders, and developed a prototype demonstrating the correct, effective, and efficient operation of the proposed method, providing a feasibility study for future cloud-based “authentication-as-a-service” implementations.

Education

Oct 2012 - May 2018
B.Sc. and M.Sc. in Computer Science, Cyber security
CGPA (VL): 4 (110 cum laude) out of 4 (110)