I’m a cybersecurity professional with around 5 years of experience across both technical and governance roles. My background spans all three key areas of GRC: governance, risk management, and compliance. I started in technical cybersecurity, focusing on vulnerability assessment and penetration testing, and over time transitioned into GRC, which is now the core of my professional activity.This dual expertise allows me to bridge the gap between strategic objectives and practical security implementations, supporting organizations in building effective, structured, and risk-aware security programs across both public and private sectors.
Postgraduate Master in Data Protection & Privacy Law (DPO)
University Suor Orsola Benincasa
11/2024 – 09/2025
Master’s Degree in Cybersecurity
University of Salerno
09/2018 - 09/2020
Bachelor's Degree in Computer- Science
University of Salerno
09/2014 - 07/2018
Security Governance
Risk Management
Risk Assessment
Compliance Auditing
Vulnerability Assessment
Penetration Testing
Data Protection
Privacy Compliance
GRC Consultat | Cybersecurity Advisor
Bulletproof (GLI Company)
09/2023 - PresentSupporting organizations in achieving compliance and strengthening security through audits, assessments, and advisory services. Key responsibilities include conducting security audits, vulnerability assessments, and limited-scope penetration testing.
I work across various frameworks and regulatory contexts, providing strategic guidance and technical insights to enhance risk posture and regulatory alignment.
Privacy & Data Protection Consultant
Comune di Scisciano
03/2025 - 06/2025Supported the municipality in achieving GDPR compliance for its video surveillance system.
Drafted the complete privacy documentation package, including DPIA, privacy notices, internal regulations, and data processor appointments, ensuring alignment with national and EU guidelines.
Senior Cybersecurity Associate
Intellera Consulting
05/2022 to 09/2023Delivered cybersecurity support for public sector clients, with a focus on vulnerability assessments, penetration testing, audits, and technical documentation.
Contributed to both operational and strategic activities, including drafting standardized reporting templates, supporting compliance efforts, and authoring technical content for international project proposals.
Cybersecurity Consultant
DGS spa
10/2020 - 05/2022Provided technical cybersecurity services to financial sector clients, including comprehensive vulnerability assessments and penetration testing activities.
Focused on identifying and remediating security issues across web, mobile, and network infrastructures using industry-standard tools.
Cybersecurity Writer & Contributor
Red Hot CyberRegular contributor to Red Hot Cyber, writing in-depth articles on cybersecurity, GRC, and digital risk topics to support knowledge sharing and community awareness.
Board Member
CyberStrategy InitiativeActive board member of the CyberStrategy Initiative Association, contributing to strategic direction and public engagement on cybersecurity culture and policy.
Governance
• Development of cybersecurity policies and procedures
• Definition of security roles and responsibilities across departments, aligned with regulatory
oi frameworks
• Drafting of internal regulations and data governance structures, tailored to sector-specific
oiirequirements
• Design of organizational models for information security governance, based on industry best
oipractices
• Coordination with internal and external stakeholders during the implementation of governance
oiiframeworks
• Experienced in the practical application of key standards and frameworks, including ISO/IEC 27001,
oi NIS2, DORA, GDPR, and PCI DSS.
Risk Management & Assessment
• Risk identification and classification through structured methodologies and industry standards
• Risk analysis using qualitative and quantitative models to assess likelihood and impact
• Evaluation of existing controls and residual risks to define appropriate mitigation strategies
• Development of risk treatment plans aligned with organizational risk appetite and compliance
oiobligations
• Implementation of continuous risk monitoring processes integrated with corporate GRC programs
• Creation of risk registers and reports for internal and external stakeholders
• Experienced in applying frameworks such as ISO/IEC 27005 and NIST RMF
Compliance
• Coordination with legal and technical teams to ensure end-to-end compliance coverage
• Development of data protection frameworks aligned with privacy laws and best practices
• Compliance gap analysis to assess alignment with legal, regulatory, and contractual requirements
• Privacy compliance implementation in line with GDPR, including DPIA drafting, privacy notices,
oiigovernance documents, and internal/external processor appointments.
Vulnerability Assessment & Penetration Test
• Vulnerability scans and analysis using industry-standard tools including Qualys, Nessus, and
o Rapid7
• Identification and prioritization of vulnerabilities based on CVSS scores, asset criticality, and
oiexposure
• Testing of web, mobile, and network infrastructures to identify real-world exploitability of findings
• Support in remediation and retesting phases to validate fixes and hardening actions
PCI Approved Scanning Vendor (ASV)
PCI SSC
ISO/IEC 27001 Lead Auditor
PECB
Certified Red Team Expert
Altered Security
Certified Bug Bounty Hunter
Hack The Box
eWPTX
INE Security
eCPPT
INE Security
CySA+
CompTIA
English
Professional working proficiency
Spanish
Basic proficiency
Italian
Native
Whether you're a recruiter, collaborator, or just curious about my work, feel free to reach out. I'm always open to professional connections and new challenges.📧[email protected]