Difference between revisions of "Marco Morana"

From OWASP
Jump to: navigation, search
(New page: Bio - <br> Marco Morana serves as one of the leaders of OWASP (Open Web Application Security Project) organization where he is actively involved in evangelize on web application security t...)
 
(33 intermediate revisions by one user not shown)
Line 1: Line 1:
Bio - <br>
+
OWASP Bio - <br>
Marco Morana serves as one of the leaders of OWASP (Open Web Application Security Project) organization where he is actively involved in evangelize on web application security through presentations at local chapter meetings in USA as well as internationally. Marco has recently been awarded a contract from Wiley Publishing to co-author a book on Application Threat Modeling.<br>
+
Marco Morana serves the OWASP organization as project lead and member of the Global Industry Commitee. In his current professional role, Marco is SVP at large Financial Institution in London, U.K. where he is responsible of managing information security governance, risk and compliance of architectural significant programs globally. Marco contributions to OWASP include the [http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWASP secure coding guide] the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] and [http://www.owasp.org/index.php/How_to_value_the_real_risk_AoC value the real risk section] of the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide]. As project reviewer, Marco contributed to review the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]. Marco has presented on the topic of software and application security at several [http://www.owasp.org/index.php/Cincinnati#2009_Presentations_.28Archived.29 local chapter meetings] and OWASP organized conferences in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es Italy] as well as at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat] security conferences.  Marco's work on application and software security has been published on [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal] as well as [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] and is currently co-authoring a book on [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling] and the [https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs Application Security Guide for CISOs. ]. For requesting Marco to speak at OWASP chapters and pplication security conferences please refer to the [http://www.owasp.org/index.php/OWASP_on_the_Move OWASP on the move project herein] or contact Marco directly by email: [marco][dot][m][dot][morana][at][gmail][dot][com]
<br>
+
Besides being the OWASP Cincinnati chapter lead, Marco is also active contributor to OWASP projects such as the application threat modeling methodology for secure coding guideline and the security testing guide (ver. 2 and 3). Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the organization web application security standards, management of application security assessments during the SDLC, threat-fraud analysis and training of software developers, project managers and architects on different topics related to application security. <br><br>
+
In the past, Marco served as senior security consultant and independent consultant where his responsibilities included providing software security services for several clients in the financial and banking, telecommunications and commercial sector industry. Besides security consulting, Marco had a career as technologist in the security industry where he contributed to the design business critical security products currently being used by several FORTUNE 500 companies as well by the US Government. <br><br>
+
Marco work on software security is referred in the 2007 State Of the Art report by the Information Assurance Technology Analysis Center (IATAC). Marco received the NASA’s Space Act Award in 1999 for the patenting the S/MIME SEP (Secure Email Plug-in) application. <br><br>
+
Marco research work on application and software security is widely published on several magazines such as In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journal. Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com. <br><br>
+

Revision as of 00:10, 27 October 2012

OWASP Bio -
Marco Morana serves the OWASP organization as project lead and member of the Global Industry Commitee. In his current professional role, Marco is SVP at large Financial Institution in London, U.K. where he is responsible of managing information security governance, risk and compliance of architectural significant programs globally. Marco contributions to OWASP include the application threat modeling methodology of the OWASP secure coding guide the introduction to the security testing methodology and value the real risk section of the OWASP security testing guide. As project reviewer, Marco contributed to review the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project. Marco has presented on the topic of software and application security at several local chapter meetings and OWASP organized conferences in USA and Italy as well as at CSI and Blackhat security conferences. Marco's work on application and software security has been published on In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as DHS Software Security Assurance and is currently co-authoring a book on Application Threat Modeling and the Application Security Guide for CISOs. . For requesting Marco to speak at OWASP chapters and pplication security conferences please refer to the OWASP on the move project herein or contact Marco directly by email: [marco][dot][m][dot][morana][at][gmail][dot][com]