Difference between revisions of "Marco Morana"

From OWASP
Jump to: navigation, search
 
(18 intermediate revisions by one user not shown)
Line 1: Line 1:
 
OWASP Bio - <br>
 
OWASP Bio - <br>
Marco Morana serves the OWASP organization by leading the [http://www.owasp.org/index.php/Cincinnati USA Cincinnati chapter] and by contributing writing the [http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWAASP secure coding guide] and the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] and [http://www.owasp.org/index.php/How_to_value_the_real_risk_AoC value the real risk section] of the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide]. Marco has been also one of the reviewers of the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and is currently reviewing [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]. Marco has presented on the topic of software and application security at several OWASP organized conferences in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es overseas] as well as at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat].
+
Marco Morana serves the OWASP organization as project lead and member OWASP London chapter. In his current professional role, Marco is SVP at large Financial Institution in London, U.K. where he is responsible of managing information security governance, risk and compliance of architectural significant programs globally. Marco contributions to OWASP include the [http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWASP secure coding guide] the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] and the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide]. As project reviewer, Marco contributed to review the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]. Marco has presented on the topic of software and application security at several [http://www.owasp.org/index.php/Cincinnati#2009_Presentations_.28Archived.29 local chapter meetings] and OWASP organized conferences in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es Italy] as well as at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat] security conferences. Marco's work on application and software security has been published on [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal] as well as [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] and is currently co-authoring a book on [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling]. Marco is also mentor for security start ups hosted at the [http://level39.co level 39] incubator in London and is member of the technical board of advisers of the security start up company [https://www.noknok.com/ Nok Nok Labs Inc]
Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the software security coding standards, management of security assessments during the SDLC, threat modeling and design reviews of web and mobile applications and training of software developers, project managers and architects on different topics related to application security. Marco research work on application and software security is widely published on several magazines such as [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal].  Marco's work is referred in [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] Marco is currently working on co-authoring a book on [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling] to be published in Q2 2010. Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com and can be contacted by email at [marco][dot][m][dot][morana][at][gmail][dot][com]
+

Latest revision as of 12:36, 8 January 2014

OWASP Bio -
Marco Morana serves the OWASP organization as project lead and member OWASP London chapter. In his current professional role, Marco is SVP at large Financial Institution in London, U.K. where he is responsible of managing information security governance, risk and compliance of architectural significant programs globally. Marco contributions to OWASP include the application threat modeling methodology of the OWASP secure coding guide the introduction to the security testing methodology and the OWASP security testing guide. As project reviewer, Marco contributed to review the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project. Marco has presented on the topic of software and application security at several local chapter meetings and OWASP organized conferences in USA and Italy as well as at CSI and Blackhat security conferences. Marco's work on application and software security has been published on In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as DHS Software Security Assurance and is currently co-authoring a book on Application Threat Modeling. Marco is also mentor for security start ups hosted at the level 39 incubator in London and is member of the technical board of advisers of the security start up company Nok Nok Labs Inc