Marco Mirko Morana

I am a seasoned professional with more than 15 years of experience in cyber as part of start-ups and corporations. My career in cyber-security started in USA while working at a project for NASA where I co-patented encryption for secure emails. After my work experience with NASA I joined cyber-security start-ups such as Internet Security Systems (ISSX) that became IPO in 1998 and was later acquired by IBM , eXCellNET where I managed a team for the development of encryption technology for mobile phones and was later acquired by Sybase and Foundstone where I developed and managed new consulting services business lines and processes. Foundstone was also a start-up that was acquired by McAfee Inc in 2004. I have been with Citi in the last eight years, initially as VP and technology information security officer responsabile for security go new on-line banking products. Today I am SVP and I manage global cyber-security processed including tasking a team of security architects dedicated to the analysis of business critical web and mobile applications in the private bank. This process is mandated to Citi by the Office of the Controller of the Currency and therefore has high visibility and is reported for compliance and audit. For Citi I am also responsible for key initiatives focused on the risk analysis of emerging cyber-threats to identify opportunities for investment in cost and risk mitigation effective countermeasures. Outside Citi and in compliance with outside directorship interests, I am one of the technical advisors of the US based start-up Nok Nok Labs Inc based in Palo Alto CA and Confer Technologies Inc. based in Waltham, MA.

I strongly believe that is important to give back to the community and encourage young people in pursuit a career in cyber-security. Therefore, I dedicate a lot of my free time by volunteering for non-profit organisations such as OWASP where I involve young talents in projects funded by corporations and organisations such as DHS in USA. Because of my professional work and activities, I am also frequently invited speaker at cyber-security conferences and blogger on sites such as and CSO magazine. I am also the author of two books on cyber-security the application security guide for CISO published by OWASP and Risk-centric threat modelling published by Wiley.

My academic credentials include a Master of Science in Computer System Engineering (MSCSE) from Northwestern Polytechnic (USA) and coursework at University of California Berkeley and a Master of Science in Mechanical Engineering (MSME) from the University of Padova (Italy) with Professional Doctorate Engineering certification