Fabrizio Di Carlo

At ContrailRisks, we bring clarity and direction to cybersecurity. Our mission is to bridge the gap between compliance and real-world security through pragmatic, business-aligned guidance. We value clarity, integrity, resilience, excellence, and partnership, helping organizations stay in control and secure in an evolving digital landscape.

First CISO, built the security strategy & program in a cloud-native, product-led-growth SaaS. Ensured customers trusted our products - enabled the sales/customer/marketing-teams. Drove security product priorities internally and externally in the industry. Owned security strategy.

Group Manager, Digital Identity

- Secured the corporate procurement platforms of Enterprise customers such Unilever, Siemens, Audi, etc; - Contributed to ISO27001 certification; - Contributed to TISAX (Trusted Information Security Assessment Exchange); - Implementation of Application Security (AppSec) pipeline; - Cloud security; - Enterprise Architecture

- Serve as a primary security contact for projects during the planning, analysis, and design phases of projects; - Provide IT security technology and process guidance for enterprise architects and the business; - Improve the security posture of business systems by planning and designing the delivery of security within the solutions; Primary focus on cloud and cloud security (AWS and Azure)

Goals achieved: - increased overall Endpoints stability and implemented EDR capabilities; - Policies reduction of 75%, increasing consistency and coverage across BUs; - Automation of Operational manual tasks. From mid August '17 to October transitioning to a new role as Information Security Architect

Support of Symantec security products for enterprise customers and a client base ranging between 5 to 500.000 machines. Job activities include assistance during security incidents, threat remediation, consultation for the implementation and installation of endpoint security products in physical and virtual environments, assistance for the development of security concepts and policies, Knowledge Base articles writing and review, bug identification and tracking, training for new hires.

Job activities include assistance during security incidents, consultation for the implementation and installation of endpoint security products, assistance for the development of security concepts and policies, KB articles writing and review. Released with a colleague an ADC Policy to prevent CryptoLocker's Outbreachs; Prepared internal training on "Removing malwares with Sysinternals Tools"; Developed internal documentation.

- Participated in development of Buybilonia.com project (e-commerce in franchising). - Developed ETL procedures with Pentaho Data Integration (Kettle), Selenium (automation) to the e-commerce system. - Designed and implemented e-commerce web platform, switched from a monolitic structure to multi-site and multi-domain structure.

Startuppi was a startup in stealth mode. The main idea was to create a marketplace for all people involved in the startups' world (founders, developers, investors, etc) and at the same time to maintain a database of startups. This project was implemented in other big project.

The MSc in Digital Investigation & Forensic Computing is a 2 year part-time masters degree course, that focuses on the following areas: - Computer Forensics - Information Security - Law for IT Investigators - Application Forensics - Investigative Techniques - Corporate Investigations

Algorithms and Data Structure, Dynamic Systems and Controls

Software Engineering, Software Design (OOP), Programming