Marco Morana

Marco Morana

Information Technology Security Officer, Vice President

Cincinnati Area

Current
  • Technology Information Security Officer at Citigroup
Past
  • Senior Consultant at McAfee/Foundstone
  • Contractor/Consultant at CompuCredit/TekSystems
  • Sr. Software Engineer/Technical Lead at Sybase/xCellenet
  • Consultant/Contractor at VISA/Odissey IS
  • Independent Consultant at Eurotech S.p.A/Bridgefex Partners
  • Program manager at EWA IIT/Datamat SpA
  • Consultant/Contractor at ABB/Maxim Group Consulting
  • Sr. Software Engineer/Team Leader at Internet Security Systems
  • Consultant at ESG/PCForm Inc
  • Sr. Software Engineer at Sterling Software/NASA Ames Research Center
  • Software Engineer at Lockheed/Advanced Data Processing Group

see less...

8 more...

Education
  • Northwestern Polytechnic University
  • University of California, Berkeley
  • Università degli Studi di Padova
Recommended
Marco has 4 recommendations 4 people have recommended Marco
Connections
86 connections
Industry
Computer Software
Websites

Marco Morana’s Summary

Mr. Marco Morana currently serves as Technology Information Security Officer for CitiGroup. At Citigroup, Marco is responsible for managing several application security projects and leads in the definition of application security standards and guidelines for software security. Other responsibilities include the information risk reviews during the project lifecycle as well as training and awareness for Citigroup employees and contractors.

Prior to Citigroup, Marco served as Senior Consultant within Foundstone, the professional services division of McAfee where his responsibilities included providing software security services for several clients in the banking, telecommunication, computer manufacturing and financial business sectors.

Besides security consulting, Marco has 18 years of experience in the software industry in diverse professional roles such as contractor, senior software engineer and project manager with responsibility to design and to develop business critical security software products for several FORTUNE 500 companies (see work experience) as well for the US Government (i.e. NASA).

Marco also has project management and team lead experience. As project manager he managed information assurance projects using the standard SSE-CMM (ISO/IEC 21827).

Marco expertise in software architecture design include the use of Object Oriented Design methodologies, design patterns to architect multi-tier data server applications, data repository systems, web applications, web services as well as middle-ware.

Marco is active in publishing on the topic of software security and design (ISSA, OWASP).His current work on software security is referred in the 2007 State Of the Art report by the Information Assurance Technology Analysis Center (IATAC). For his computer security work for NASA in 1999 Marco received the Space Act Award.

Marco Morana’s Specialties:

Object Oriented Design, web application design and development (.NET and J2EE), contract programming, application security assessement, application security, project management, technical publishing, business development, information assurance, training.

Marco Morana’s Experience

  • Technology Information Security Officer

    Citigroup

    (Public Company; 10,001 or more employees; C; Financial Services industry)

    March 2007Present (1 year 5 months)

    At Citigroup Marco leads in the definition of application security standards and guidelines for software security and is responsible for managing several application security projects. Other responsibilities include the information risk reviews during the project lifecycle as well as training and awareness for Citigroup employees and contractors.

  • Senior Consultant

    McAfee/Foundstone

    (Public Company; 10,001 or more employees; MFE; Computer & Network Security industry)

    September 2005February 2007 (1 year 6 months)

    Responsible for providing software application security services such as code reviews, secure software development processes (S-SDLC) as well as web application penetration testing for banks, financial institutions and on-line retailers. For such clients, provided security assessments of on-line banking and e-commerce applications in US and worldwide. Other responsibilities include the teaching of the Foundstone’ s Building Secure Software class, whitepaper research on threat modeling/risk analysis, participation as speaker to major security conferences (CSI and BlackHat) as well as publishing of articles and documentation for ISSA, The Department of Homeland Security and OWASP.

  • Contractor/Consultant

    CompuCredit/TekSystems

    (Public Company; 1001-5000 employees; CCRT; Computer & Network Security industry)

    July 2005September 2005 (3 months)

    Involved in design and development of .NET Web services and applications for processing financial transaction of credit cards. Day to day activities include: troubleshooting of existing web applications, modifications to meet functional and performance improvements, implementation of new web services for new credit card transactions. Technologies/protocols used are .NET and SOAP/XML. Web applications and services are written in C# and interface with MS SQL Server using ASP/NET, ADO.NET and MQ Server using MSMQ.

  • Sr. Software Engineer/Technical Lead

    Sybase/xCellenet

    (Public Company; 10,001 or more employees; SY; Information Technology and Services industry)

    April 2004April 2005 (1 year 1 month)

    Designed and developed critical security features for Security Manager product. The purpose of Security Manager is to provision of policies for the secure operation of desktops, personal digital assistants (PDA) and WIN CE based cell phones. As developer team lead revised product requirements, performed code reviews and gave directions to fix production bugs to the product development team based in India. After code release to the R&D team in USA, implemented security patches for satisfying product release requirements by coding in C++ with MS Embedded 4.0 on WinCE clients and in C++ and C# with MS.NET on Windows 2000 Servers. Redesigned and re-factored the product code. Designed and implemented C++ classes for key management and new DLLs for replacing encryption -decryption APIs with industrial standard Certicom APIs
    APIs. Improved product performance while encrypting-decrypting large files and sets of database data.

  • Consultant/Contractor

    VISA/Odissey IS

    (Public Company; 10,001 or more employees; VISA; Information Technology and Services industry)

    May 2003November 2003 (7 months)

    Designed and developed the Active Directory functionality for the VISA Prepaid Card application. Purpose of the Active Directory functionality is to manage prepaid user accounts by providing services such as: creation of new card users, authentication and authorization, query of card users, password and account policy management and other security account functional security requirements set by VISA. The application consists on ad-hoc designed API based on LDAP and interfacing in the front hand with an XML/SOAP web based application and with an Interface Voice Recognition (IVR) System. On the back end the application interfaces with two Active Directory Servers and a SQL server. Involved in analysis of VISA security requirements for the design of the product and implementation using MS .NET 2003. The application is written in C++ (managed and unmanaged) and C# using .NET Windows APIs.

  • Independent Consultant

    Eurotech S.p.A/Bridgefex Partners

    (Public Company; 501-1000 employees; Computer Hardware industry)

    January 2003April 2003 (4 months)

    Consulted project managers during the conceptual design and development of security network appliances based on Ascensit proprietary embedded software and hardware technology. Consulted Eurotech executives by conducting business and technical due-diligence for several Merger and Acquisition (M&A) targets in USA. Conducted the M&A intermediation that lead to the successful acquisition of the company Parvus Inc that helped Eurotech to establish operations in USA achieving significant business and revenue growth.

  • Program manager

    EWA IIT/Datamat SpA

    (Public Company; 51-200 employees; Security and Investigations industry)

    November 2001September 2002 (11 months)

    Served as computer security consultant and project manager on behalf of the Thyraeus consortium (EWA-Datamat SpA join venture). Consulted the board of directors and managed the implementation of information security services based on System Security Engineering/ Capability Maturity Model standards (SSE-CMM) and ISO 17799. Involved in a broad spectrum of activities at both tactical level such as project management and strategic level such as the establishment of new service lines. Day to day consulting activities include participating to contract bids, writing proposals and follow up with prospective clients/leads. As project manager, responsible of managing project teams during engagements, report progress to board of directors, resource allocation, scheduling as well as monitoring progress and meeting of the project goals/requirements as established in the Statement Of Work (SOW).

  • Consultant/Contractor

    ABB/Maxim Group Consulting

    (Public Company; 51-200 employees; ABB; Computer Software industry)

    April 2001November 2001 (8 months)

    Designed and developed the messaging application that provides storage and delivery of large sets of production data for process plant manufacturing. The messaging application is part of a multi-tier application server application that runs 24x7 and delivers production data in real-time from clients to multiple back-end servers hosting ORACLE databases. The messaging application was designed using UML and XP Extreme Programming methodology and developed in C++ by implementing Microsoft Message Queues (MSMQ) components. Part of the development also involves the integration with a COM server, support for multithreading and implementation of a failure tolerant architecture systems and the logic for synchronization of primary servers with backup servers. The API is integrated with other ABB server applications to enable them with message queuing functionality.

  • Sr. Software Engineer/Team Leader

    Internet Security Systems

    (Public Company; 10,001 or more employees; IBM; Computer & Network Security industry)

    August 1998April 2001 (2 years 9 months)

    Implemented a critical software component for ISS Internet Scanner product. Internet Scanner ISS flagship product provides comprehensive network vulnerability assessment for measuring online security risks. Designed, developed, documented and tested the BETA release version of the Network Knowledge Base (NKB) library API. Involved in DS and database schema design as well as in the writing of DB store procedures for testing the API. Implemented authentication using certificate services and SSL, application tested against other DS technologies such as ADSI-COM on MS Active Directory, Netscape DS and Novell DS.Developed and tested the “CrossCheck” software tool for ISS products configuration security management.

  • Consultant

    ESG/PCForm Inc

    (Public Company; 1001-5000 employees; Computer Software industry)

    February 1998August 1998 (7 months)

    Designed and developed the Transaction Coordinator Manager (TCM) for the Professional Computer Forms Company a small supplier of computer forms to the real estate business. TCM features simplified data file management through a custom designed database. Real estate contract data are stored in files that use transactions for being easily accessed and retrieved. TCM is part of the main company product “PCFormation” and is coded in C++ for Win32 platforms using Borland OWL/IDE.

  • Sr. Software Engineer

    Sterling Software/NASA Ames Research Center

    (Government Agency; 10,001 or more employees; CA; Computer Software industry)

    April 1997February 1998 (11 months)

    Served as primary developer for the Secure E-mail Application on behalf of NASA Ames Research Center Information Security Project. The application provides industrial strength encryption and authentication for all agency-wide e-mail systems. Developed the critical component (i.e. plug-in) integrated in Eudora Mail client as well MS Outlook and built around Entrust PKI and LDAP protocol. Responsible of the whole development cycle: design, coding, debugging, maintenance, product installation and troubleshooting

  • Software Engineer

    Lockheed/Advanced Data Processing Group

    (Public Company; Computer Software industry)

    June 1996April 1997 (11 months)

    Contributed to the development and the upgrade of “PenPro” ADP claim processing application to be used for car insurance operations in Canada and USA. As member of the joint ADP/Lockheed software development team successfully accomplished several coding tasks in C, C++ and Windows 3.1 to upgrade product Graphical User Interface (GUI) and to integrate the product with PARADOX local database. Other tasks include debugging and maintenance of communication module and car part drawing display.

Marco Morana’s Education

  • Northwestern Polytechnic University

    MSCE, Computer Engineering, 19941996

    Graduate Thesis: Network Management Systems with SNMP. Developed the BETA JAVA Network Management System API (JNMS) under two advisors supervision and with the collaboration of private consultants. GPA 4.0/4.0.

    Activities and Societies:
    Teaching assistant: Java programming language course.

  • University of California, Berkeley

    None, Computer Science, 19941995

    Graduate Coursework: Data Structures and Algorithms (basic and advanced) GPA 4.0/4.0

  • Università degli Studi di Padova

    BSME (Laurea Ingegneria, Dr. Ing), Mechanical Engineering, 19811987

    Algorithms and computer models for orbital simulation of tethered satellite systems. GPA 3.8/4.0.

Additional Information

Marco Morana’s Websites:

Marco Morana’s Interests:

Marco lives in Cincinnati, Ohio with his wife, Suzanne. Marco personal interests include motorsports and car restoration, opera, modern arts, wine making, fishing, biking and cross country running and golfing.

Marco Morana’s Groups:

IEEE, ISSA

  •    International Association of Software Architects member
  •    On Startups - The Community For Entrepreneurs member
  •    Open Web Application Security Project (OWASP) member
  •    Black Hat member
  •    Banking and Finance Technologies member
  •    Global Security Professional member
  •    Greater Cincinnati ISSA member
  •    Homeland Security Professional member
  •    Security Leaders Group member

Marco Morana’s Honors:

Foundstone employee of the month award for client engagement, 2006
ISS peer-awards (2) for the development of critical information security applications, 2001
NASA Space Act Award for the development of secure e-mail, 1999
NASA Patent, Secure E-Mail S/MIME, 1999
Italy NRC (National Research Council) research grant for graduate thesis, 1987.

Marco Morana’s Contact Settings

Interested In:

  • expertise requests
  • business deals
  • reference requests
  • getting back in touch

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View Marco’s full profile:

  • See who you and Marco Morana know in common
  • Get introduced to Marco Morana
  • Contact Marco Morana directly

View Full Profile