Marco De Benedictis

Marco De Benedictis

PhD, Security Engineer

© 2024

Dark Mode

$ whoami

PhD and senior security engineer based in Italy, with several years of experience researching and consulting on high-end cybersecurity projects within the private and public sectors, now focusing on Kubernetes, cloud native security and open source software.

This is my CV.

Work experiences

Cloud Native Senior Consultant (formerly Cloud Native Security Engineer) at ControlPlane, London UK [may 2022 - ongoing]

Threat modelling cloud-native deployments for clients, to assess risk, define high-impact threats and applicable security controls to help de-risk them. Focusing on Kubernetes and container security, and in securing cloud services, infrastructures, and pipelines. Helping companies build DevSecOps capabilities and migrate existing workflows and processes to more agile, cloud-native solutions. Training clients on containers and cloud-native security. Contributions to the CNCF on security projects and initiatives within the Security TAG. Speaker at KubeCon + CloudNativeCon Europe 2024 and two Kubernetes Community Days. Instructor for the “Kubernetes Security: Attacking and Defending Kubernetes” course for O’Reilly Online.

Security Engineer at 7Layers, Turin IT [feb 2020 - may 2022]

Research & Development of cyber-security solutions that both leverage proprietary technologies and custom-built tools for the detection of security incidents and their remediation in heterogeneous target infrastructures. Focus on cloud infrastructures and cloud-native technologies, interested in Kubernetes and container security. Technical proficiency on advanced endpoint detection & response, log management & aggregation, and security automation tools.

Avionic Systems Engineer at Leonardo Aircraft Division, Turin IT [dec 2019 - jan 2020]

Contributed on the development and integration of avionic subsystems within the fighter simulators of Leonardo Ground Based Training Systems.

Security Researcher at Polytechnic University of Turin, Turin IT [feb 2016 - nov 2019]

Designed and developed a trust architecture tailored for a lightweight cloud environment and integrated in a Network Functions Virtualization platform. Designed and developed a run-time remote attestation technology for containers. Built a multi-container design for a virtual network function with mandatory access control policies to secure inter-container communication and shared data volumes.. Contributed to the design and architecture of the NFV platform defined within the SHIELD Horizon 2020 project.

Member of FICEP Technical Staff at Polytechnic University of Turin, Turin IT [feb 2016 - nov 2019]

Designed and built a container-based infrastructure to deploy the eIDAS national gateway for electronic identity. Developed a library to map the eIDAS authentication protocol with the italian notified eID scheme, SPID. Maintained the eIDAS national gateway for cross-border authentication in Europe in the scope of the FICEP CEF project, which is in charge of implementing the EU eIDAS regulation at national level in Italy.

Backend Developer at MUSICO, Independent IT [jun 2019 - oct 2019]

Designed and developed the backend of an innovative music platform based on Artificial Intelligence, featuring user management, client APIs, MIDI management and real-time database storage. Assisted client-side encoding of MIDI data into audio formats and anonymous client authentication via JSON Web Tokens. Implemented the CI/CD pipeline of the platform and its cloud deployment on various Platform-as-a-Service solutions leveraging container technologies.

Visiting Researcher at the Security Lab of Hewlett Packard Enterprise Labs, Bristol UK [oct 2018 - dec 2018]

Designed a novel extension to the Trusted Platform Module 2.0 architecture to support virtualized environments by binding the physical device with one or more virtual TPM instances. Compared to existing literature, this allows for hardware-level security in a virtualized environment, so that cryptographic material can be protected against in-memory attacks performed both at the virtual and physical levels. Includes hardware-protected key management and state preservation across restarts of the virtualized environment.

Intern at TOP-IX Internet Exchange, Turin IT [apr 2013 - sep 2013]

Learnt a full stack WSGI framework and implemented demonstrative web applications leveraging the AGILE software development methodology, Test Driven Development and rapid prototyping tools.

Teaching

Contract Professor in several professional courses:

  • First-level Master in “Hierarchical Open Manufacturing in Industry 4.0” at Polytechnic University of Turin, Turin IT [2019]
  • Industrial courses on “Authentication Architectures” and “Intrusion Detection and Prevention” in Industrial Control Systems at PRISMA Impianti, Basaluzzo IT [2018]
  • Master Executive courses on “Access control” and “Application sandboxing” at COREP consortium, Turin IT [2018]

Laboratory Teaching Assistant at Polytechnic University of Turin in several academic courses:

  • Information Systems Security [2019]
  • Algorithms and Programming [2017 - 2019]
  • System and Devices Programming [2018 - 2019]
  • Design of web services and computer networks [2018 - 2019]
  • Computer Science [2016 - 2018]

International Research Projects

I have been involved in several research and innovation activities co-funded by the European Commission:

  • First Italian Crossboarder eIDAS Proxy (FICEP) [2016 - 2019]
  • Securing against intruders and other threats through a NFV-enabled environment (SHIELD) [2016 - 2019]
  • Electronic Simple European Networked Services (e-SENS) [2013 - 2016]
  • Secure Identity Across Borders Linked 2.0 (STORK 2.0) [2013 - 2015]

My main contributions include design and development of software architectures, deployment and management of testbeds alongside the writing of technical deliverables and presentation of results.

Education

PhD in Computer and Control Engineering at Polytechnic University of Turin, Turin IT [nov 2016 - jul 2020]

Worked on a research topic on “Security and trust in a Network Functions Virtualisation Infrastructure” within the TORSEC Computer and Network Security Group of Politecnico di Torino. My main focus was on researching and prototyping architectures to enable security mechanisms on a softwarised network infrastructure, i.e. based on cloud and NFV principles. In this regard, my work focused on application of Trusted Computing mechanisms and technologies (e.g. the Trusted Platform Module) to this multi-domain environment.

M.Sc in Computer Engineering - Emphasis on Networking magna cum laude at Polytechnic University of Turin, Turin IT [oct 2013 - dec 2015]

M.Sc Thesis on “Integration of digital signature services in the STORK 2.0 electronic identity platform”, focusing on federated electronic identity and digital signatures applied to electronic documents.

B.Sc. in Computer Engineering at Polytechnic University of Turin, Turin IT [oct 2010 - sep 2013]

Certifications

  • AWS - Certified Security - Specialty
  • Google Cloud - Professional Cloud Security Engineer
  • Cloud Native Computing Foundation - Certified Kubernetes Security Specialist
  • Cloud Native Computing Foundation - Certified Kubernetes Administrator
  • Palo Alto Networks Systems Engineer - Prisma Cloud Associate
  • Okta Certified Professional

Publications

The full list of publications I authored is available in my Google Scholar profile.

Activity & Awards

Received a PhD student award 2018 by the Department of Computer and Control Engineering in Polytechnic University of Turin. Received a best demo award at the IEEE NFV-SDN 2017 conference in Berlin for a demonstration featuring the initial prototype of the SHIELD project platform.

Hobbies

Authored a DeviantArt channel featuring original digital paintings with 9.5K+ page views. Music enthusiast and guitar player for many years.

Contacts

You can drop me an email at marcoxdebenedictis at gmail dot com, I will try to reply in due time. Thanks.