Andrea B.

PERSONAL INFORMATION - Born 19.09.1977 Andrea Giaime Bodei in Cagliari. Italy - EU Italian Citizenship SUMMARY - Extensive knowledge of forensic analysis and intelligence principles and methods. Ethical Hacking. Penetration Testing. Expert in vulnerability Assessment and data recovering in Enterprise environment. - Previous experience in fraud management. Incident disaster recovery, micro spy searching and security product implementation. - Linux and Microsoft Administrator. EDUCATION - B.A. Communication Sciences: La Sapienza University. Rome. Italy - High School Diploma: Siotto Pintor College, Cagliari. Italy LANGUAGES - Italian (mother tongue) - English (excellent spoken & written) - Portuguese (good spoken & written) - German (basic spoken & written) PROFESSIONAL EXPERIENCE - Security Division Srl (IVA/VAT 03097450921): CEO and Penetration Tester. Cagliari, Italy (2007 – ongoing): Co-Founder of Security Division Srl, a security operation center providing vulnerability assessment, penetration testing, risk assessment, architectural advising and patch management to a variety of corporate and governmental clients in Italy and the USA. Clients include: Aruba Spa (Arezzo, Italy), Autostrade Spa (Turin, Italy), TESTAWEB (including Alfa Romeo, Lancia, Zanichelli, Birra Moretti, Turin, Italy), Asmallworld (USA), PailsAbroad (USA), Novellanet (Rome, Italy), [login to view URL] (Turin, Italy), Banco Azzoaglio (Turin, Italy), Provincia di Salerno (Salerno, Italy). ([login to view URL]) - Andrea Bodei firm (IVA/VAT 02940940923): CEO, Cagliari, Milan and Rome, Italy (Sept 2002 – ongoing) Freelance consultant for companies including Telecom Italia (different business units), providing the following services: Assessment and Intelligence Services (Business Intelligence, Forensic, Micro spy) Security Manager on Demand (Managerial level consulting) Tiger Team (Penetration Test, VA, Audit) Security Admin (on site management and SOC) Policy Management (implementation and verification support) With my firm, from 2002 to 2007 I’ve been consultant for different company, until I’ve become CEO at Security Division Srl. In some periods I’ve been able to work for two companies at the same time, working during the day for Telecom Italia, and in the night for other companies. - 2006 Sept - 2007 Sept - Team Leader Penetration Tester at Telecom Italia, Governance and Information Security (SEC.G.I.S. Rome, Italy). (In November I’ve started also to build the new company Security Division Srl). In these years (2003-2006) I’ve done Penetration Testing for affiliated, partner and client companies of Telecom Italia in Italy, Brazil, Cuba and Bolivia like: TIM Brasil, Pirelli, Prada, Banche Generali, Banche Popolari Unite, Banca Popolare di Milano and more. - 2005 Sept - 2006 Sept - Team Leader Penetration Tester at The Technology Partners (TTP Rome, Italy) (I had the job in Telecom during the day, and TTP during the night) Night Penetration Test activity for the government like internet pages of the ministries. [login to view URL] - 2004 Sept - 2006 Sept - Team Leader Penetration Tester at Telecom Italia, Technology and Information Security (SEC.T.I.S. Rome, Italy). (After, our group in Telecom just changed name in [login to view URL].) Penetration Test for all internal division In Italy and Brasil, and for the clients of Telecom Italia, especially banks. - 2003 Sept - 2004 Sept - Team Leader Security Consultant and Penetration Tester at Telecom Italia, Fraud Management (SEC.F.M. Rome, Italy). I had to investigate in the frauds against Telecom Italia. I’ve been also the only forensic analyst of the company. In 2004 all the members of Fraud Management, including directors and me, moved to the neo crated SEC.T.I.S. - 2003 Sept - 2006 Sept - Team Leader Penetration Tester at PIT Consulting Rome and Milan, Italy. (the company body rented me to Telecom, officially i was at Telecom Italia Office only, but during weekend I worked for PIT Consulting and their clients). [login to view URL] - 2003 Sept - 2005 Sept - Team Leader Penetration Tester at IKON Corp Rome and Milan, Italy. (Ikon was in partnership with PIT Consulting, I’ve worked in body rental for Telecom Italia and during the weekend I’ve been in the Micro spy team for Ikon Corp until I’ve left this company to can stay only in PIT Consulting and Telecom Italia) [login to view URL] - 2002 Sept - 2003 Sept - Team Leader Security Consultant and Penetration Tester at Domina Security Rome and Milan, Italy. With this company we started the development of [login to view URL] a security Internet site that in 2003 was the most frequented security page of the world. (Domina introduced me to its partner PIT and Ikon) [login to view URL] - 1999 Sept - 2002 Sept - Organizing Communities for [login to view URL], Virgilio, I-Side, Compaq and Omnitel, Rome, Italy. (The main clients were Telecom Italia owned companies, I’ve organized the help desk team and the animator staff) CONSULTING - Consultant for Italian national law enforcement agencies (Rome, Italy) I’ve worked with Carabinieri (Italian military gendarmerie with Police ability) for some frauds as expert technician in the investigating and as deponent in the trial. I cooperate with GAT (Gruppo Anticrimine Tecnologico) of Guardia di Finanza (Italian military Police for economic frauds). I give consulting to the Postal Police (Italian Police for internet and mail abuses or crimes) represented by the person of the Vice Procurator of Rome. EDITORIAL EXPERIENCE - Editorial Staff of [login to view URL] (Milan, Italy, online work). Here I study and post Advisories, News and Exploits. I provide with the staff for the daily cataloguing and management of computer crimes. I teach and help in the seminars in Italy and abroad (I’ve been teacher in Rome, Milan and Tallinn-Estonia) [login to view URL] - Editorial Staff Telematic Journal of Clinical Criminology (Rome, Italy, online work). With this internet page I concur in writing news and manuals and help organizing courses and seminars about computer related crimes. [login to view URL] - Various News, Advisories and exploits on [login to view URL], [login to view URL], [login to view URL]. Exploits of File Inclusion and Buffer Overflow. LECTURER SEMINARS AND CONFERENCES - "La Sapienza" University of Rome Conferences: - February 20, 2007 - “Sicurezza Mobile”. Guest Speaker Andrea Bodei – “Secure Communication and Crypto Mobile”. In this conference I’ve explained in one hour the main techniques to intercept cellular communication and I’ve exposed some methodology to contrast illicit snooping. [login to view URL] - April 29, 2004 " IT & Law" Guest Speaker: Andrea Bodei “Simplicity of making an attack". In this conference I’ve exposed some recent famous hacked sites analyzing the used hacking techniques. [login to view URL] - March 6, 2003 –“SecurITy@uniROMA1” Guest Speaker: Andrea Bodei "Defacement, analysis of the most common digital crime". Demo: Attack skills presentation and examples. In this long conference I’ve exposed the “defacement” crime and its impact in the Internet society and in the business. In the Demo section I’ve exposed some buffer overflow attack against Sun Solaris login, Apache OpenSSL and SQL injection. [login to view URL] - Zone-H Seminars "Hands on Hacking” Teacher and assistant in Italy and Estonia for courses of Ethical Hacking. [login to view URL] - Teaching at "la Sapienza" University, assistant of the associated professor at the course of “Investigation” faculty of “Criminal Anthropology”. [login to view URL] TOOLS AND LICENSED SOFTWARE - Network VA: eEye Retina. Nessus. Safety Labs SSS. GFI Languard, - Network Penetration Test: Core Impact, Immunity Canvas. Metasploit - Web Application Assessment: Weblnspect, Watchfire, Acunetix WVS - DB Application Assessment: AppSecurity DB. S. Watchfire, Safety Labs DBS - Computer Forensic/Data Recovery: EnCase, S!euthKit, Autopsy, TCT OTHER SKILLS - Bash scripting basic knowledge - Perl programming basic knowledge - C programming basic understanding - Micro spy sweeping