Career Profile
Domenico Gigante received the Bachelor degree in Computer Science and M.S. degree in Cybersecurity from the University of Bari “A. Moro”, Italy, in 2019 and 2021, respectively. He currently works at Ser&Practices Srl as Cybersecurity Engineer. His activities involve Web Application Penetration Testing, VAPT and Code Review. In November 2024, he has concluded his industrial PhD in Cybersecurity applied to AI-based systems at the Department of Computer Science, University of Bari “A. Moro”. He is the author and co-author of research articles in peer-reviewed national and international journals. His research interests include Trustworthy (Privacy- and Security-oriented) AI and Secure Software Engineering. In his free time, he loves playing CTFs, mostly on HTB, reading cybersecurity bullettins, and working out.
Experiences
Here he works as teacher for a Professional Master’s Programme (Master di 1° livello) on Ethical Hacking. The topics are:
- Information Gathering
- Footprinting & Scanning
- Enumeration
- Fundamental Host-based & Network-based Attacks
- Exploitation
- Priviledge Escalation
- Metasploit Framework
Here he mainly works as Security Engineer. His activities involve:
- Web Application Penetration Testing
- Code Audit
- VAPT
More in detail, over a 3 years period here he addressed various application domains (Retails, Finance, Sport and Bidding, Furniture) and he: - Performed 30 black-box API penetration tests (Burp, Nmap, …)
- Performed 5 black-box web application penetration tests (Burp, Nmap, …)
- Performed 5 Vulnerability Assessment and Penetration Testing (VAPT) for web applications and API
- Performed 20 code static and dynamic analyses (Fortify SAST and DAST, SonarQube)
- Discovered and exploited more than 100 Critical and 300 High vulnerabilities
- Reviewed the on-cloud system design for the entire product line of a proprietary service
- Created 100+ automation scripts using Python and Bash
- Discussed with 10+ company owners to provide recommendations for secure designs
- Wrote 100+ security reports detailing the security vulnerabilities compliant with standards like OWASP and GDPR
- Prepared 100+ executive reports and presentations
- Created 10 cloud CI/CD pipelines to implement DevSecOps processes for companies
He also works as Project Lead for the backend side of an internal product. Some of the activities are: - Interaction with customer to decide the system architecture optimization and evolution
- Interaction with customer to validate bugs and plan change requests
- Creation and maintenance of the cloud CI/CD pipeline
- Creation and maintenance of the required cloud environments and assets (AWS, Azure)
- Planning and execution of source code development tasks (PHP, .NET, Python, Bash)
- Creation and maintenance of the application databases (MySQL, MongoDB)
- Creation and maintenance of a cache system for the application (Redis)
- Development of webviews rendered by a mobile application (HTML, CSS, Javascript)
Here he worked as junior developer in the banking & finance domain. His activities involved:
- Development of low-level libraries to interact with small and specialized hardware (C++)
- Development of high-level libraries to simplify the interaction with low-level libraries (C#)
- Development of frontend components for a proprietary console application (ASP.NET)
- Hardening of Windows machines against physical attacks
Education
He conducted research in the fields of Trustworthy (Privacy- and Security-oriented) AI and Secure Software Engineering. He published various articles in peer-reviewed national and international journals and was a speaker at international conferences, e.g. International Conference on Evaluation and Assessment in Software Engineering (EASE) and International Conference on AI Engineering (CAIN). He is the main author of the POLARIS AI framework. More details in the dedicated paragraph below.
He acquired basic knowledge regarding the main aspects of Cybersecurity. Among the most relevant topics, there are:
- Web Application Penetration Testing
- Network Security
- Code Audit
- Cryptography
He acquired the fundamental notions of Computer Science. Among these, there are:
- Object-Oriented Programming
- Data Structures and Algorithms
- Computer Networks
- Operating Systems
- Databases
- Software Engineering
He acquired the fundamental notions of Mathematics, Physics, and Computer Science.
Certifications
INE Security’s eWPT provides essential skills and knowledge required to plan and perform a thorough and professional web application penetration test and how to effectively identify, exploit, and mitigate vulnerabilities in modern web applications.
INE Security’s eJPT is for Penetration testers and validates that the individual has the knowledge, skills, and abilities required to fulfill a role as a penetration tester. This certification exam covers Assessment Methodologies, Host and Network Auditing, Host and Network Penetration Testing, and Web Application Penetration Testing.
Earners of the Azure Fundamentals certification have demonstrated foundational level knowledge of cloud services and how those services are provided with Microsoft Azure.
This certification provides participants with demonstrations and hands-on activities using a practical, solutions-based approach to identify and mitigate today’s most common business security risks to applications.
Fortify SAST and DAST for Developers is a two day training that explores how the Fortify product suite Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans for security vulnerabilities.
CyberChallenge.IT is a training programme for young talent aged 16 to 24, is Italy’s leading initiative to identify, attract, recruit and place the next generation of cybersecurity professionals.
Publications
Here is the list of the currently published research papers.