Difference between revisions of "Marco Morana"

From OWASP
Jump to: navigation, search
(46 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
OWASP Bio - <br>
 
OWASP Bio - <br>
Marco Morana serves the OWASP organization by leading the [http://www.owasp.org/index.php/Cincinnati USA Cincinnati chapter] and by contributing writing the [http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWAASP secure coding guide] and the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] and [http://www.owasp.org/index.php/How_to_value_the_real_risk_AoC value the real risk section] of the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide]. Marco has been also one of the reviewers of the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and is currently reviewing [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]. At OWASP Marco has also being actively involved in evangelize OWASP at symposiums and conferences in USA as well as overseas. Besides OWASP Marco Morana has been actively involved in evangelize on web application security through presentations at application security conferences in USA such as [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat].  
+
Mr. Morana serves the OWASP organization as project leader of the [https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs  application security guide for CISOs] and is member [https://www.owasp.org/index.php/London OWASP London U.K. chapter]. He was previously the chapter leader and founder of the [https://www.owasp.org/index.php/Cincinnati OWASP chapter in Cincinnati U.S.A.]
Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the organization web application security standards, management of [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation application security assessments during the SDLC], threat analysis and training of software developers, project managers and architects on different topics related to application security. Marco research work on application and software security is widely published on several magazines such as [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal].  Marco's work is referred in [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] Marco is currently working on co-authoring a book on [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling]. Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com
+
 
 +
In his current professional role, Mr. Morana works as SVP at large Financial Institution (FI) in London, U.K. where he is responsible for the architecture risk analysis program. He was previously (2007-2011) VP and technology information security officer with the same FI in North America. In his distinguished 15+ years of career in application security, Mr. Morana held roles in different companies as security consultant, application security architect, professional trainer and program manager. As cyber-security technologist, Mr. Morana most important contributions to cyber-security is the invention of the first secure email plug-in using SMIME protocol that was patented for NASA in 1996. Today Mr. Morana has directorship interest as technical advisor of the cyber-security start ups [https://www.noknok.com/ Nok Nok Labs Inc] in Palo Alto, CA and [http://www.confer.net Confer Technologies] in Boston, MA and mentors on cyber-security start-ups at the FINTech [http://level39.co level 39] campus in London Canary Wharf.
 +
 
 +
Mr. Morana has been active contributor to the OWASP organization since 2005 volunteering for the following projects:
 +
[https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs  application security guide for CISOs] as main author the
 +
[http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWASP secure coding guide] the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide] the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project] and most recently the OWASP [https://www.owasp.org/index.php/Global_Initiatives/Cyber_Security_Pre-accelerator_Initiative cyber-security startup accelerator initiative]
 +
 
 +
As public speaker Mr. Morana has presented on the topic of software and application security at several [http://www.owasp.org/index.php/Cincinnati#2009_Presentations_.28Archived.29 local chapter meetings] and [https://soundcloud.com/owasp-podcast/appsecusa2013-cisoguide AppSec USA conferences] and summits in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and AppSec [https://www.owasp.org/index.php/AppSecEU2011 Europe] and summits in [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es Italy]. Besides OWASP conferences Mr. Morana gave talks at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat] security conferences. His most recent (2010-2014) speaking engagements are the [http://www.ciso-summit.com MIS CISO Summits] and the [http://www.ciso-summit.com e-crime crime congress conferences].
 +
 
 +
Mr Morana work on application and software security has been widely published on [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal] as well as [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] Mr Morana most recent published article (October 2013) on CIO Magazine can be found [http://www.cio.in/content/attention-cisos-strategy-only-security here]
 +
 
 +
Mr. Morana most recent (July 2014) publication is the [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling] book published by Wiley Blackwell.

Revision as of 11:11, 2 June 2014

OWASP Bio -
Mr. Morana serves the OWASP organization as project leader of the application security guide for CISOs and is member OWASP London U.K. chapter. He was previously the chapter leader and founder of the OWASP chapter in Cincinnati U.S.A.

In his current professional role, Mr. Morana works as SVP at large Financial Institution (FI) in London, U.K. where he is responsible for the architecture risk analysis program. He was previously (2007-2011) VP and technology information security officer with the same FI in North America. In his distinguished 15+ years of career in application security, Mr. Morana held roles in different companies as security consultant, application security architect, professional trainer and program manager. As cyber-security technologist, Mr. Morana most important contributions to cyber-security is the invention of the first secure email plug-in using SMIME protocol that was patented for NASA in 1996. Today Mr. Morana has directorship interest as technical advisor of the cyber-security start ups Nok Nok Labs Inc in Palo Alto, CA and Confer Technologies in Boston, MA and mentors on cyber-security start-ups at the FINTech level 39 campus in London Canary Wharf.

Mr. Morana has been active contributor to the OWASP organization since 2005 volunteering for the following projects: application security guide for CISOs as main author the application threat modeling methodology of the OWASP secure coding guide the introduction to the security testing methodology the OWASP security testing guide the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project and most recently the OWASP cyber-security startup accelerator initiative

As public speaker Mr. Morana has presented on the topic of software and application security at several local chapter meetings and AppSec USA conferences and summits in USA and AppSec Europe and summits in Italy. Besides OWASP conferences Mr. Morana gave talks at CSI and Blackhat security conferences. His most recent (2010-2014) speaking engagements are the MIS CISO Summits and the e-crime crime congress conferences.

Mr Morana work on application and software security has been widely published on In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as DHS Software Security Assurance Mr Morana most recent published article (October 2013) on CIO Magazine can be found here

Mr. Morana most recent (July 2014) publication is the Application Threat Modeling book published by Wiley Blackwell.