{ "schema_version": "1.3", "person": { "name": "Claudio Cinquino", "headline": "Head of Security Assessment & Vulnerability Management | Fractional CISO (CISO-as-a-Service)", "location": "Rome, Italy", "links": { "linkedin": "https://it.linkedin.com/in/claudiocinquino/it", "website": "https://www.cinquino.eu/" } }, "summary": "Cybersecurity leader and hands-on engineer specialized in Security Assessment and Vulnerability Management. Since 2026 also operates as Fractional/Virtual CISO (CISO-as-a-Service) for selected organizations, supporting governance, risk management, compliance and security strategy. Published vulnerability researcher with multiple CVEs and Microsoft Hall of Fame acknowledgements. Uses AI-assisted development (vibe coding), agentic workflows, RAG and LLM fine-tuning/adaptation to accelerate delivery and knowledge workflows with a security-first approach to data handling.", "roles_current": [ "Head of Security Assessment & Vulnerability Management", "Fractional CISO (CISO-as-a-Service)" ], "ciso_as_a_service": { "since": "2026", "scope": [ "Security governance", "Risk management", "Cybersecurity strategy definition", "Security roadmap planning", "Compliance support", "Executive advisory", "Security program oversight" ], "engagement_model": "Part-time / advisory across multiple organizations", "note": "Number of companies not disclosed" }, "experience": [ { "company": "Aesys Cyber", "role": "Head of Security Assessment & Vulnerability Management", "start": "2023-09", "end": null }, { "company": "Cyberpartners S.P.A.", "role": "Team Leader", "start": "2022-02", "end": "2023-08" }, { "company": "Deloitte Risk Advisory (Rome)", "role": "Manager IT / Team Leader", "start": "2019-12", "end": "2022-02" }, { "company": "Quantum Leap S.r.l. (Rome)", "role": "IT Security Consultant / Penetration Tester", "start": "2014-07", "end": "2019-12" } ], "frameworks_methodologies": [ "OSSTMM", "OWASP", "MITRE ATT&CK", "CVSS", "PTES", "Bugcrowd", "Risk-based security management" ], "security_tools": [ "nmap", "nessus", "burp suite", "metasploit", "sqlmap", "acunetix", "nexpose", "nikto", "MobSF", "Wireshark", "tcpdump", "nipper studio", "hashcat", "john the ripper", "hydra", "ILSpy", "SoapUI" ], "publications_and_recognition": { "cves": [ "CVE-2015-8024", "CVE-2016-8006", "CVE-2018-15904", "CVE-2018-18276", "CVE-2019-5888", "CVE-2019-5889", "CVE-2019-5890", "CVE-2019-5891", "CVE-2019-14329", "CVE-2019-14330", "CVE-2019-14331", "CVE-2019-25011", "CVE-2020-35930", "CVE-2021-3001" ], "microsoft_hall_of_fame": [ { "month": "2019-04", "topic": "Cross Site Scripting SharePoint Online" }, { "month": "2019-11", "topic": "Input neutralization in SharePoint Online" }, { "month": "2020-02", "topic": "Spoofing SharePoint Online" } ] }, "ai_llm_practice": { "themes": [ "AI-assisted development (vibe coding)", "Agentic workflows", "Retrieval-Augmented Generation (RAG)", "LLM fine-tuning/adaptation for task-specific workflows" ], "applications": [ "Automation accelerators for internal processes (where permitted)", "Knowledge workflows for playbooks, reporting and remediation guidance", "Standardization of templates and quality checks" ], "security_posture": [ "Security-first handling of data", "Redaction/minimization of sensitive content", "Prompt governance and controlled contexts" ], "disclaimer": "No proprietary or sensitive client data is assumed to be used." }, "future_growth_perspective": { "direction": "Executive cybersecurity leadership", "target_roles": [ "Full-time CISO", "Group CISO", "Head of Cybersecurity", "Security Director" ], "focus_areas": [ "Enterprise security governance", "Cyber risk management at board level", "Security transformation programs", "Critical infrastructure protection", "Integration of offensive and defensive capabilities", "Business-aligned cybersecurity strategy" ], "long_term_vision": "Transition from operational leadership to strategic executive roles overseeing enterprise-wide cybersecurity programs." }, "constraints": { "travel": "Italy only" } }