This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Marco M Morana Curriculum

Revision as of 03:21, 3 November 2013 by Marco-cincy (talk | contribs)

Jump to: navigation, search

Marco M. Morana

Marco Morana is project leader and the primary author of the OWASP Application Security Guide for CISOs. Marco has been a member of the OWASP London chapter (since 2012) and he was previously (between 2007 and 2011) leader of the OWASP Cincinnati Chapter. Marco has been an OWASP contributor since 2006 and actively involved in evangelize on web application security through presentations at local chapter meetings in different cities in the USA: Cincinnati, Rochester, New York City, Los Angeles, Orange County, Atlanta. Marco also gave several talks at OWASP conferences in USA as well as Europe (Ireland and Italy) and security conferences such as at BlackHat, CSI and more recently to the CISO Forums and CISOs E-Crime Series. Besides authoring the CISO guide, Marco contributed to the OWASP threat modeling methodology and the OWASP security testing guide. In his current day to day job, Marco is senior manager at a large global financial organization with responsibility on managing key information security risk analysis projects and architectural risk analysis programs globally. Marco is also technical board advisor of a security start-up (since 2013) in USA and of EU funded programs for cyber-crime research (since 2012).

In the past, Marco was a consultant providing software and application security services for several clients in the banking, telecommunication, computers and financial business sectors. Besides consulting, Marco had a career in the software industry as security architect and software developer with responsibility to design and develop mission critical security software for several FORTUNE 500 companies as well for the US Government (i.e. NASA).

Marco work on software and application security is widely published with references in the 2007 State Of the Art report by the Information Assurance Technology Analysis Center (IATAC) and the Security in the SDLC document published by the US Department of Homeland Security (DHS). For his security research work on secure email and S/MIME development for NASA in 1999 Marco received the Space Act Award and he currently holds a US patent for the S/MIME Mail Client Plug-in. Marco authored articles on software security were also published on In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journal and more recently (2013) in the CSO magazine. Marco is also co-authoring a book on a new methodology for analysing threats and modeling attacks against web applications. This methodology will be covered in a book with the tile "Application Threat Modeling" that will be released in 2014.

Note: updated on 11/2/2013