Claudio Cinquino

Head of Security Assessment & Vulnerability Management • Roma, Italia
Dal 2026 anche Fractional CISO / CISO-as-a-Service (vCISO). Approccio evidence-driven: findings → risk → roadmap → remediation.

LinkedIn • Website / Advisories • AI Profile JSON • AI Prompt

Security Assessment Vulnerability Management Fractional CISO (vCISO) OT Security Red Team Purple Team CVE Research AI / LLM workflows

Profilo

Security leader e hands-on engineer specializzato in Security Assessment e Vulnerability Management, con esperienza nella guida di team offensive e nella gestione end-to-end (requirements → execution → reporting → remediation support).

Dal 2026 opero anche come CISO-as-a-Service (vCISO) (governance, risk management, compliance support, roadmap). Integro inoltre workflow moderni di AI-assisted development (agentic workflows, RAG, fine-tuning) per accelerare delivery, standardizzazione e quality-check — senza esporre dati sensibili.

Esperienza

Aesys Cyber — Head of Security Assessment & Vulnerability Management Set 2023 – Presente

Coordinamento team offensive per Security Assessment su sistemi/applicazioni critiche
Governance Vulnerability Management: triage → prioritizzazione → remediation tracking
Allineamento al rischio business e reporting orientato all’azione

Metriche: team ___ | assessment/anno ___ | riduzione remediation ___

Cyberpartners S.P.A. — Team Leader Feb 2022 – Ago 2023

Management VA/PT in contesti OT/ICS
Coordinamento delivery e stakeholder management

Metriche: siti OT ___ | assessment ___ | team ___

Deloitte Risk Advisory (Roma) — Manager IT / Team Leader Dic 2019 – Feb 2022

Management VA/PT, team leadership e remediation management
Contesti: militare, PA centrale, telco, rail network, assicurazioni, industria

Metriche: progetti/anno ___ | clienti ___ | miglioramento SLA remediation ___

Quantum Leap S.r.l. (Roma) — IT Security Consultant / Penetration Tester Lug 2014 – 2019

Penetration Test sistemi/reti (black-box e white-box) con metodologie OSSTMM/OWASP
Code review di sicurezza secondo OWASP

Metriche: assessment totali ___ | critiche identificate ___ | app analizzate ___

Framework & Toolset

OWASPOSSTMMPTES MITRE ATT&CKCVSS

nmap, Nessus, Burp Suite, Metasploit, sqlmap, Wireshark/tcpdump
Nexpose, Nikto, MobSF, Hashcat, John the Ripper, Hydra

CISO-as-a-Service (dal 2026)

Governance e policy essenziali
Risk management e priorità basate su impatto
Roadmap di sicurezza e program oversight
Supporto compliance ed exec advisory

AI & LLM workflows

AI-assisted development / “vibe coding” per accelerare prototipi e automazioni
Agentic workflows e RAG per knowledge management (playbook, reporting, template)
Fine-tuning / adaptation di LLM per task specifici (solo con dati consentiti)
Focus sicurezza: redaction, minimizzazione dati, governance dei prompt

Ricerca & riconoscimenti

CVE advisories (2015–2021)
Microsoft Hall of Fame (2019–2020) — SharePoint Online findings

AI-ready snippet

Security Assessment & VM leader.
Since 2026: Fractional CISO (CISO-as-a-Service).
AI-assisted development (agents/RAG/fine-tuning) to scale delivery & knowledge workflows.
Vulnerability researcher (multiple CVEs) + Microsoft Hall of Fame.