Difference between revisions of "Marco Morana"

From OWASP
Jump to: navigation, search
 
(38 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
OWASP Bio - <br>
 
OWASP Bio - <br>
Marco Morana serves the OWASP organization as project lead and member OWASP London chapter. In his current professional role, Marco is SVP at large Financial Institution in London, U.K. where he is responsible of managing information security governance, risk and compliance of architectural significant programs globally. Marco contributions to OWASP include the [http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWASP secure coding guide] the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] and the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide]. As project reviewer, Marco contributed to review the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project]. Marco has presented on the topic of software and application security at several [http://www.owasp.org/index.php/Cincinnati#2009_Presentations_.28Archived.29 local chapter meetings] and OWASP organized conferences in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es Italy] as well as at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat] security conferences. Marco's work on application and software security has been published on [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal] as well as [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] and is currently co-authoring a book on [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling]. Marco is also mentor for security start ups hosted at the [http://level39.co level 39] incubator in London and is member of the technical board of advisers of the security start up company [https://www.noknok.com/ Nok Nok Labs Inc]
+
Dr. Morana volunteers for the OWASP organization as project leader of the  [https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs  application security guide for CISOs] and is current member [https://www.owasp.org/index.php/London OWASP London U.K. chapter]. He was previously the chapter leader and founder of the [https://www.owasp.org/index.php/Cincinnati OWASP chapter in Cincinnati U.S.A.]
 +
 
 +
In his current professional role, Dr. Morana works as SVP at large Financial Institution (FI) in London, U.K. where he is responsible for the architecture risk analysis and threat modelling program. Dr. Morana also leads strategic initiatives to identity new countermeasures for mitigating the risks of sophisticated cyber-threats targeting web and mobile applications. He was previously (2007-2011) VP and technology information security officer with the same FI in North America. In his distinguished 15+ years of career in application security, Dr. Morana held roles in different companies as security consultant, application security architect, professional trainer and program manager. As cyber-security technologist, Dr. Morana most important contributions to cyber-security is the invention of the first secure email plug-in using SMIME protocol that was patented for NASA in 1996. Dr. Morana is echnical advisor of the cyber-security start ups [https://www.mindedsecurity.com Minded Security UK LTD] based in London, UK [https://www.noknok.com/ Nok Nok Labs Inc] and [http://www.confer.net Confer Technologies] in US. Dr Morana also volunteer as mentor for early stage cyber-security start-ups at [http://level39.co Level 39] and [https://cylonlab.com CyLon Lab] accelerators in London UK. Dr. Morana has been the advisor of the EU funded project on cyber-crime roadmap research [https://www.cyberroad-project.eu CyberROAD] and provide lectures yearly at the PhD Summer School on Computer Security & Privacy at [https://comsec.diee.unica.it/summer-school/lecturers.html University of Cagliari] Italy
 +
 
 +
Dr. Morana has been active contributor to the OWASP organization since 2005 volunteering for the following projects:
 +
[https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs  application security guide for CISOs] as main author the
 +
[http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWASP secure coding guide] the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide] the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project] and most recently the OWASP [https://www.owasp.org/index.php/Global_Initiatives/Cyber_Security_Pre-accelerator_Initiative cyber-security startup accelerator initiative]
 +
 
 +
As public speaker Dr. Morana has presented on the topic of software and application security at several [http://www.owasp.org/index.php/Cincinnati#2009_Presentations_.28Archived.29 local chapter meetings] and [https://soundcloud.com/owasp-podcast/appsecusa2013-cisoguide AppSec USA conferences] and summits in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and AppSec [https://www.owasp.org/index.php/AppSecEU2011 Europe] and summits in [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es Italy]. Besides OWASP conferences Mr. Morana gave talks at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat] security conferences.  
 +
 
 +
Dr Morana work on application and software security has been widely published on [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal] as well as [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] Mr Morana most recent published article (October 2013) on CIO Magazine can be found [http://www.cio.in/content/attention-cisos-strategy-only-security here]
 +
 
 +
Dr. Morana most recent publishing work is [http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0470500964.html Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis] Book published by Wiley in 2015.

Latest revision as of 15:55, 19 April 2016

OWASP Bio -
Dr. Morana volunteers for the OWASP organization as project leader of the application security guide for CISOs and is current member OWASP London U.K. chapter. He was previously the chapter leader and founder of the OWASP chapter in Cincinnati U.S.A.

In his current professional role, Dr. Morana works as SVP at large Financial Institution (FI) in London, U.K. where he is responsible for the architecture risk analysis and threat modelling program. Dr. Morana also leads strategic initiatives to identity new countermeasures for mitigating the risks of sophisticated cyber-threats targeting web and mobile applications. He was previously (2007-2011) VP and technology information security officer with the same FI in North America. In his distinguished 15+ years of career in application security, Dr. Morana held roles in different companies as security consultant, application security architect, professional trainer and program manager. As cyber-security technologist, Dr. Morana most important contributions to cyber-security is the invention of the first secure email plug-in using SMIME protocol that was patented for NASA in 1996. Dr. Morana is echnical advisor of the cyber-security start ups Minded Security UK LTD based in London, UK Nok Nok Labs Inc and Confer Technologies in US. Dr Morana also volunteer as mentor for early stage cyber-security start-ups at Level 39 and CyLon Lab accelerators in London UK. Dr. Morana has been the advisor of the EU funded project on cyber-crime roadmap research CyberROAD and provide lectures yearly at the PhD Summer School on Computer Security & Privacy at University of Cagliari Italy

Dr. Morana has been active contributor to the OWASP organization since 2005 volunteering for the following projects: application security guide for CISOs as main author the application threat modeling methodology of the OWASP secure coding guide the introduction to the security testing methodology the OWASP security testing guide the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project and most recently the OWASP cyber-security startup accelerator initiative

As public speaker Dr. Morana has presented on the topic of software and application security at several local chapter meetings and AppSec USA conferences and summits in USA and AppSec Europe and summits in Italy. Besides OWASP conferences Mr. Morana gave talks at CSI and Blackhat security conferences.

Dr Morana work on application and software security has been widely published on In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as DHS Software Security Assurance Mr Morana most recent published article (October 2013) on CIO Magazine can be found here

Dr. Morana most recent publishing work is Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Book published by Wiley in 2015.