Claudio Merloni

Current

• Software Security Consultant at Fortify Software

Past

• Security Consultant at Verizon Business Security Solutions
• Security Analyst at Secure Network S.r.l.
• SW Developer at DyLogic S.r.l.

• Independent Professional at Independant Consultant (Self-employed)

see less...

1 more...

Education

• Oracle Anti Hacker Training
• Politecnico di Milano
• FOSAD '04: 4th International School on Foundations of Security Analysis and Design

see less...

Recommended

3 people have recommended Claudio

Connections

238 connections

Industry

Computer & Network Security

Claudio Merloni’s Summary

Security consultant focusing on software security, code review, security architectures, risk analysis, compliance, system/network testing, monitoring and access control.

= Publications =

Took part to the OWASP Testing Guide 2.0 project.

Wrote an article titled "Studying Bluetooth Malware Propagation: The BlueBag Project" published in the IEEE Security & Privacy magazine (March/April 2007, Vol. 5, No. 2).

= Conferences =

- Black Hat USA 2006, IT Underground Warsaw 2006 and CONFidence 2007 conferences with a talk titled "The BlueBag: A Mobile, Covert Bluetooth Attack and Infection Device".

- CONFidence 2007 conference with a talk titled "String Analysis for the Detection of Web Application Flaws".

- VOIP security event (held in Milan, Italy, May 2007) with a talk titled "Performing security assessments on VOIP infrastructures".

- Event on computer crimes and forensics (held in Varenna, Italy, February 2007) with a talk titled "Antiforensics: how the attacker will make your analysis tools fail".

- Held a lecture on computer forensics at the University of Milan on "Open Source tools to perform forensics investigations and log analysis".

- Videogov Summit 2006 conference (held in Milan, Italy) with a talk titled "Security issues affecting IP-based video surveillance systems".

- IDG Italy Security Event 2006 with a talk on the future of Information Security threats and countermeasures.

= Teaching =

I've been teaching many basic and advanced courses on the following topics:
- Fundamentals of Information Security
- Access control: identification and authentication methods, single sign-on, authorization and access control approaches (MAC, DAC, RBAC, ecc.)
- Cryptography and cryptanalysis
- Network security and architectures
- Firewalling and VPNs
- IDSs
- Wireless security
- Bluetooth security
- Web App security
- Social Engineering
- Computer Forensics
- Rootkits
- Log analysis
- Business Continuity and Disaster Recovery

Claudio Merloni’s Experience

• Software Security Consultant

  Fortify Software

  (Privately Held; 51-200 employees; Computer Software industry)

  October 2008 — Present (10 months)

• Security Consultant

  Verizon Business Security Solutions

  (Public Company; 10,001 or more employees; VZ; Telecommunications industry)

  January 2008 — September 2008 (9 months)

• Security Analyst

  Secure Network S.r.l.

  (Privately Held; 1-10 employees; Computer & Network Security industry)

  January 2004 — December 2007 (4 years)

• SW Developer

  DyLogic S.r.l.

  (Telecommunications industry)

  March 2002 — November 2003 (1 year 9 months)

• Independent Professional

  Independant Consultant (Self-employed)

  (Self-Employed; Myself Only; Information Technology and Services industry)

  January 1999 — December 2002 (4 years)

Claudio Merloni’s Education

• Oracle Anti Hacker Training

  2006 — 2006

  Attended the Oracle security course held by Alexander Kornbrust, detailing Oracle architecture, security basics, attack methods and countermeasures.

• Politecnico di Milano

  Master , Computer Engineering , September 1997 — April 2005

• FOSAD '04: 4th International School on Foundations of Security Analysis and Design

  2004 — 2004