This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Marco Morana"

From OWASP
Jump to: navigation, search
 
(94 intermediate revisions by the same user not shown)
Line 1: Line 1:
Bio - <br>
+
OWASP Bio - (Updated October 2017)<br>
:Marco Morana serves as one of the leaders of OWASP organization where he is actively involved in evangelize on web application security through presentations at local chapter meetings in USA as well as internationally. Besides being the OWASP Cincinnati chapter lead, Marco also actively contributed to OWASP projects such as the [http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf secure coding guide] and the introduction to the security testing methodology of the [http://www.owasp.org/index.php/Testing_Guide_Introduction security testing guide]. Besides contributing to OWASP, Marco works as Technology Information Security Officer for a large financial organization in North America with responsibilities in the definition of the organization web application security standards, management of [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation application security assessments during the SDLC], threat analysis and training of software developers, project managers and architects on different topics related to application security. Marco research work on application and software security is widely published on several magazines such as [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal].  Marco's work is referred in [http://iac.dtic.mil/iatac/download/security.pdf DHS Software Security Assurance] Marco is currently working on co-authoring a book on [http://www.slideshare.net/marco_morana/application-threat-modeling-presentation Application Threat Modeling]. Marco’s ideas and strategies for writing secure software are posted on his blog: http://securesoftware.blogspot.com
+
Dr. Morana volunteers for the OWASP organization as project leader of the  [https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs application security guide for CISOs] and is currently a member of OWASP Tampa, Florida Chapter in USA. Previously he was member of [https://www.owasp.org/index.php/London OWASP London U.K. chapter] and the founder of the [https://www.owasp.org/index.php/Cincinnati OWASP chapter in Cincinnati U.S.A.]
 +
 
 +
In his current professional role, Dr. Morana works as SVP at large Financial Institution where he is responsible for the architecture risk analysis and threat modelling program execution and application security strategy including leading initiatives for mitigating the risks of sophisticated cyber-threats targeting web and mobile applications. He was previously (2007-2011) VP and technology information security officer with the same FI in North America.
 +
 
 +
In his distinguished 15+ years of career in application security, Dr. Morana held roles in different companies as security consultant, application security architect, professional trainer and program manager. As cyber-security technologist, Dr. Morana most important contributions to cyber-security is the invention of the first secure email plug-in using SMIME protocol that was patented for NASA in 1996. Dr. Morana is technical advisor of start-ups [https://www.mindedsecurity.com Minded Security UK LTD] based in London, UK and [https://www.noknok.com/ Nok Nok Labs Inc] and [http://www.confer.net Confer Technologies] in USA. Dr Morana was a mentor of early stage cyber-security start-ups at [http://level39.co Level 39] and [https://cylonlab.com CyLon Lab] accelerators in London UK. Dr. Morana has been the advisor of the EU funded project on cyber-crime research [https://www.cyberroad-project.eu CyberROAD] and was invited to provide lectures at the PhD Summer School on Computer Security & Privacy at [https://comsec.diee.unica.it/summer-school/lecturers.html University of Cagliari] Italy
 +
 
 +
Dr. Morana has been active contributor to the OWASP organization since 2005 contributing to the following OWASP projects:
 +
[https://www.owasp.org/index.php/Application_Security_Guide_For_CISOs application security guide for CISOs] as main author the
 +
[http://www.owasp.org/index.php/Application_Threat_Modeling application threat modeling methodology] of the [http://www.lulu.com/items/volume_64/5678000/5678680/13/print/5678680.pdf OWASP secure coding guide] the [http://www.owasp.org/index.php/Testing_Guide_Introduction introduction to the security testing methodology] the [http://www.owasp.org/index.php/Testing_Guide OWASP security testing guide] the [http://www.owasp.org/index.php/Category:OWASP_Source_Code_Review_OWASP_Projects_Project OWASP Source Code Review Project] and [http://www.owasp.org/index.php/Category:OWASP_Security_Analysis_of_Core_J2EE_Design_Patterns_Project OWASP Security Analysis of Core J2EE Design Patterns Project] and most recently the OWASP [https://www.owasp.org/index.php/Global_Initiatives/Cyber_Security_Pre-accelerator_Initiative cyber-security startup accelerator initiative]
 +
 
 +
Dr Morana current effort for OWASP is work on the Application Security Guide for CISO version 2 with planned release in 2018.
 +
 
 +
As public speaker Dr. Morana has presented topics of software and application security at several [http://www.owasp.org/index.php/Cincinnati#2009_Presentations_.28Archived.29 local chapter meetings] and  [https://soundcloud.com/owasp-podcast/appsecusa2013-cisoguide AppSec USA conferences] and summits in [http://www.slideshare.net/marco_morana/rochester-security-summit-presentation USA] and AppSec [https://www.owasp.org/index.php/AppSecEU2011 Europe] and summits in [http://www.owasp.org/index.php?title=Italy_OWASP_Day_2&setlang=es Italy]. Besides presenting at OWASP conferences Mr. Morana gave talks at [http://www.slideshare.net/marco_morana/secure-code-reviews-presentation CSI] and [http://www.slideshare.net/marco_morana/software-security-business-case-presentation Blackhat] security conferences.  
 +
 
 +
Dr Morana work on application and software security has been widely published on [http://issuu.com/insecure/docs/insecure-17 In-secure magazine],[http://www.darkreading.com/ Secure Enterprise], [http://www.issa.org/Members/Journals-Archive/2006.html ISSA Journal] and the [http://portal.acm.org/citation.cfm?id=349060 C/C++ Users journal] as well as [https://resources.sei.cmu.edu/asset_files/WhitePaper/2006_019_001_52113.pdf DHS Software Security Assurance], [https://www.csoonline.com/article/2134064/privacy/attention--cisos--strategy-is-the-only-security.html CIO Magazine], [https://www.bankinfosecurity.com/authors/marco-morana-i-963 Bank Info Security] and gave interviews for [http://fst.net.au/features/interview-marco-morana FST Media] and [https://www.youtube.com/watch?v=Ovn9a5kmvkw MarketForce Business Media LLC]
 +
 
 +
Dr. Morana co-authored one of the [https://en.wikipedia.org/wiki/Threat_model threat modelling methodologies], Process For Attack Simulation and Threat Analysis (PASTA) that is covered in the [http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0470500964.html Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis] Book published by Wiley in 2015. In 2016 Dr. Morana was engaged by NSA accredited National University to help with the curriculum of the course [https://www.nu.edu/OurPrograms/SchoolOfEngineeringAndTechnology/ComputerScienceAndInformationSystems/Courses/CYB602.html CYB602 Threat Modelling & Intel] 
 +
 
 +
In 2016, Dr Morana was also engaged by ENISA to co-author the white paper, [https://www.enisa.europa.eu/publications/mobile-payments-security Security of Digital Wallet and Mobile Payments]

Latest revision as of 00:06, 3 November 2017

OWASP Bio - (Updated October 2017)
Dr. Morana volunteers for the OWASP organization as project leader of the application security guide for CISOs and is currently a member of OWASP Tampa, Florida Chapter in USA. Previously he was member of OWASP London U.K. chapter and the founder of the OWASP chapter in Cincinnati U.S.A.

In his current professional role, Dr. Morana works as SVP at large Financial Institution where he is responsible for the architecture risk analysis and threat modelling program execution and application security strategy including leading initiatives for mitigating the risks of sophisticated cyber-threats targeting web and mobile applications. He was previously (2007-2011) VP and technology information security officer with the same FI in North America.

In his distinguished 15+ years of career in application security, Dr. Morana held roles in different companies as security consultant, application security architect, professional trainer and program manager. As cyber-security technologist, Dr. Morana most important contributions to cyber-security is the invention of the first secure email plug-in using SMIME protocol that was patented for NASA in 1996. Dr. Morana is technical advisor of start-ups Minded Security UK LTD based in London, UK and Nok Nok Labs Inc and Confer Technologies in USA. Dr Morana was a mentor of early stage cyber-security start-ups at Level 39 and CyLon Lab accelerators in London UK. Dr. Morana has been the advisor of the EU funded project on cyber-crime research CyberROAD and was invited to provide lectures at the PhD Summer School on Computer Security & Privacy at University of Cagliari Italy

Dr. Morana has been active contributor to the OWASP organization since 2005 contributing to the following OWASP projects: application security guide for CISOs as main author the application threat modeling methodology of the OWASP secure coding guide the introduction to the security testing methodology the OWASP security testing guide the OWASP Source Code Review Project and OWASP Security Analysis of Core J2EE Design Patterns Project and most recently the OWASP cyber-security startup accelerator initiative

Dr Morana current effort for OWASP is work on the Application Security Guide for CISO version 2 with planned release in 2018.

As public speaker Dr. Morana has presented topics of software and application security at several local chapter meetings and AppSec USA conferences and summits in USA and AppSec Europe and summits in Italy. Besides presenting at OWASP conferences Mr. Morana gave talks at CSI and Blackhat security conferences.

Dr Morana work on application and software security has been widely published on In-secure magazine,Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as DHS Software Security Assurance, CIO Magazine, Bank Info Security and gave interviews for FST Media and MarketForce Business Media LLC

Dr. Morana co-authored one of the threat modelling methodologies, Process For Attack Simulation and Threat Analysis (PASTA) that is covered in the Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Book published by Wiley in 2015. In 2016 Dr. Morana was engaged by NSA accredited National University to help with the curriculum of the course CYB602 Threat Modelling & Intel

In 2016, Dr Morana was also engaged by ENISA to co-author the white paper, Security of Digital Wallet and Mobile Payments