From 135ac9b7c2d001669fdc77d80b12202c97486da9 Mon Sep 17 00:00:00 2001 From: Umberto Morelli Date: Tue, 30 Jan 2024 18:21:43 +0100 Subject: [PATCH] Update umberto-morelli.md --- _people/umberto-morelli.md | 39 +++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/_people/umberto-morelli.md b/_people/umberto-morelli.md index f4e87d89..001a8417 100644 --- a/_people/umberto-morelli.md +++ b/_people/umberto-morelli.md @@ -1,3 +1,40 @@ --- person: UmbertoMorelli ---- \ No newline at end of file +links: + + - name: CV + value: https://drive.google.com/file/d/15nfxRTdc2uC1Ho1CnK_CtdmwzUJTk-2J/view + + - name: LinkedIn + value: morelliumberto + + - name: ORCID + value: 0000-0003-2899-2227 + + - name: ResearchGate + value: Umberto-Morelli +--- +Technologist at the Security & Trust Research Unit of the FBK Cybersecurity Center | Representative for the ISO 9001:2015 and ISO 27001:2022 certification for the Cybersecurity Center. + + +Eight years experience in line with three objectives: + +* Support the security-by-design and security-by-default paradigms in established technologies by developing tools to aid cybersecurity architects and developers. Notable examples: + * Development and extension of [SecurePG](https://sites.google.com/view/securepg/home), a Java tool for the local generation and evaluation of access control policies in cloud environments ([Amazon AWS](https://aws.amazon.com) and [OpenStack](https://www.openstack.org) platforms); and for migrating identities and permissions (expressed in natural language) to/from the cloud. + * Collaborative development [MQTTSA](https://github.com/stfbk/mqttsa), a Python tool to automatically detect security misconfigurations in MQTT environments and provide a pdf report of the security best practices, the potential vulnerabilities, and a list of actionable mitigations. + * Contribute to developing an interface to automatically host a secure MQTT service (and evaluate its performance according to different scenarios). + +* Develop prototypes with emerging technologies to support their secure adoption, or leverage their potential to enhance the protection of users and their data. Significant cases: + * Collaboratively design, develop and test a Kotlin Android mobile application and a set of Python backend microservices to host a secure remote voting election (created in a multidisciplinary working group). + * Use Hyperledger Fabric, a private distributed ledger, to access health data securely. + * Experiment with using the Italian identity card (CIE 3.0) in the following use cases: Home Automation, Automotive and enterprise services (such as Pull Printing). + +* Raise awareness on cybersecurity issues and best practices, mainly in Cloud and IoT environments. Among the activities: + * Participation at local events, such as ISACA, ProM, and Webvalley, and provision of University seminars, workshops, and lessons for specialised institutes (e.g., the ITT Buonarroti in Trento). + * Tutor for Security&Trust internship students and coach for young researchers. + * Contribute to developing a [laboratory](https://github.com/stfbk/ITOTLab) to experiment with students on IT/OT infrastructures and related cybersecurity issues. + +I'm passionate about state-of-the-art approaches (e.g., for identity management and cloud/edge access control), cutting-edge security solutions (e.g., following the zero-trust approach and leveraging the cyber-threat intelligence), and technologies that impact society: e-voting, digital wallets and the secure offering of public services (such as [TreC](https://trec.trentinosalute.net) - the healthcare platform for the citizens of Trento). + + +I'm currently contributing to [MERIT](https://digitalmerit.eu/), a 4-year EU project launched in Oct. 2022, which includes Universities, SMEs, DIH, and FBK as an Excellence Center, with the primary goal of creating a University master programme on the most relevant AI, CS and IoT topics; to upskill MERIT members with targeted initiatives, as well as support the dissemination activities of the identified target groups.