OWASP Summer of Code 2008 Projects Authors Status Target and Reviewers Marco M Morana Curriculum
Marco M. Morana
Marco Morana is project leader and the primary author of the OWASP Application Security Guide for CISOs. Since 2012 it has been a member of the OWASP London chapter and he was previously (between 2008 and 2011) the founder and leader of the OWASP Cincinnati Chapter. Marco has been an OWASP contributor since 2006 and actively involved in evangelize on web application security through presentations at local chapter meetings in Cincinnati, Rochester, New York City, Los Angeles, Orange County, Atlanta as well as by presenting at several OWASP conferences in USA as well as Europe (Ireland and Italy). Besides the CISO guide, Marco contributed to the OWASP threat modeling methodology and the OWASP security testing guide. Besides OWASP, Marco is technical advisor of the board of a security technology start-up and senior manager at a large global financial organization with lead roles in managing application security architecture and risk analysis programs globally.
In the past, Marco was a security consultant consultant providing software and application security services for several clients in the banking, telecommunication, computers and financial business sectors. Besides security consulting, Marco had a career in the software industry as security architect and software developer with responsibility to design and to develop business critical security software products for several FORTUNE 500 companies as well for the US Government (i.e. NASA).
Marco work on software and application security is widely published such as in the 2007 State Of the Art report by the Information Assurance Technology Analysis Center (IATAC) and the Security in the SDLC document published by the US Department of Homeland Security (DHS). For his security research work on S/MIME secure email for NASA in 1999 Marco received the Space Act Award and he currently holds a US patent. Application and software security articles were also published on In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journal and more recently in the CSO magazine. Today (2013) Marco is co-authoring a book on a new methodology for analysing threats and modeling attacks against web applications to be published by Wiley in 2014.