David Cervigni

Senior security research engineer at R3
  • Claim this Profile
Contact Information
us****@****om
(386) 825-5501
Location
London Area, United Kingdom, UK
Languages
  • Inglese Full professional proficiency
  • Spanish Native or bilingual proficiency
  • Italian Native or bilingual proficiency

Topline Score

Bio

Generated by
Topline AI

5.0

/5.0
/ Based on 2 ratings
  • (2)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

You need to have a working account to view this content. Click here to join now
LinkedIn User

David, worked as part of the security assurance team on a number of projects for Visa, and whilst I didn't work with David day to day - I had good visibility of his work ethic and the results they brought. David is dedicated about improving the security of the projects he is working on, often going beyond what is asked to further improve things. David always makes time to sit down and explain security issues to developers or other stakeholders and is highly skilled at articulating detailed technical topics in a number of ways that non-technical people can understand. The only feedback I ever received about David was always excellent stating how he is highly professional, personable and a very strong addition to any team.

LinkedIn User

I have worked with David for just over a year while at Visa Europe. David has an excellent work ethic, works proactively to improve the security posture above and beyond brief, is strong across multiple programming disciplines. A strong team player who would be a good addition to any team.

0

/5.0
/ Based on 0 ratings
  • (0)
  • (0)
  • (0)
  • (0)
  • (0)

Filter reviews by:

No reviews to display There are currently no reviews available.
You need to have a working account to view this content. Click here to join now

Credentials

  • AWS Certified Developer - Associate (DVA)
    Amazon Web Services
    Nov, 2018
    - Sep, 2024
  • AWS Certified Security - Specialty
    Amazon Web Services
    Dec, 2018
    - Sep, 2024

Experience

  • R3
    • France
    • Environmental Services
    • 1 - 100 Employee
    • Senior security research engineer
      • Jul 2022 - Present

      Threat modelling a complex Distributed Ledger Technology architecture - “Corda 5” using different methodologies like STRIDE and Attack Trees, and deploy a scalable process that enables teams to achieve a secure by design SDL. Threat modelling a complex Distributed Ledger Technology architecture - “Corda 5” using different methodologies like STRIDE and Attack Trees, and deploy a scalable process that enables teams to achieve a secure by design SDL.

  • Hyland
    • Australia
    • Marketing and Advertising
    • 1 - 100 Employee
    • Software Security Architect
      • Jun 2020 - Feb 2022

      Creating a vibrant community around security best practices within Hyland/Alfresco, including design, threat modeling, secure coding, and related security testing. Creating a vibrant community around security best practices within Hyland/Alfresco, including design, threat modeling, secure coding, and related security testing.

  • Arm
    • United Kingdom
    • Semiconductor Manufacturing
    • 700 & Above Employee
    • SDL Advisor
      • Mar 2019 - Oct 2019

      Threat Modelling Engineer. Increase the maturity of security practices in the ARM Secure Development Lidecycle, specially Threat Modeling across IPG and OSS teams Threat Modelling Engineer. Increase the maturity of security practices in the ARM Secure Development Lidecycle, specially Threat Modeling across IPG and OSS teams

  • Minded Security
    • United Kingdom
    • Retail Office Equipment
    • Senior Information Security Consultant
      • Apr 2017 - Oct 2019

      OWASP Software Assurance Maturity Model (SAMM) assessments and roadmap definition. Secure coding training, including tools and JavaScript security https://www.blueclosure.com/ Code review for different customers (finance sector) Security Hackathon event project creator, leader and implementer; an innovative defensive secure coding event suited for extreme security learning: https://www.mindedsecurity.com/index.php/services/training/security-hackathon , https://mayaseven.com/krungsri-mayaseven-security-development-hackathom-2017/ Speaker at cyber security events: https://www.owasp.org/index.php/Jakarta#tab=Meetup, http://blog.mindedsecurity.com/2017/11/javascript-security-evolution-talk-at.html, http://2017.owasp.org.tw/speakers_01.html Blockchain technologies research. Show less

  • Tutamantic Ltd.
    • Cyber Security Consultant
      • Sep 2018 - Nov 2018

      Implementing reference architectures diagrams to test the Threat modeling automation tool: http://www.tutamantic.com Implementing reference architectures diagrams to test the Threat modeling automation tool: http://www.tutamantic.com

  • Photobox Group Security
    • Application Security Consultant
      • May 2018 - Aug 2018

      * Implementing Security Champion Programme: increase effectiveness in Dev and AppSec team collaboration, from security design and treat Modelling processes to DevSecOps and testing automation. * Secure Development and Coding training to dev team: maximize the value of the training and workshops by being specifically targeted to tech stack, processes and security requirement of the dev team. * Help teams to review and remediate actual code vulnerabilities in source code. * Contributing to the successful execution of the https://open-security-summit.org/ and manage the outcomes of the workshops. * Implement processes in Secure SDLC to meet business security goals. Code review of most critical applications. Show less

  • HSBC
    • United Kingdom
    • Financial Services
    • 700 & Above Employee
    • DevSecOps consultant
      • Aug 2016 - Nov 2016

      Secure the development lifecycle of critical applications. Promote security awareness and Static Code Analysis tooling to developer teams globally. Secure the development lifecycle of critical applications. Promote security awareness and Static Code Analysis tooling to developer teams globally.

  • Aviva
    • Insurance
    • 1 - 100 Employee
    • CISO advisor
      • May 2016 - Aug 2016

      IT security project assurance and analysis. IT security project assurance and analysis.

  • Visa Europe
    • United Kingdom
    • 1 - 100 Employee
    • IT Security Consultant: PCI-DSS review, Quality Assurance
      • Dec 2013 - Sep 2015

      Manage application security across VISA Europe digital assets and high innovation projects: • PCI compliance assessment: application/banking API security and code review (Java, .Net, Angular/Javascript …) • Defining a secure SDLC for all the dev and devOps teams and provide those secure coding standards and training, adopting *and extending* OWASP and CERT best coding practices to be well-above industry standards! • Integrate technical assurance in agile development contexts. Achieving measurable improvements in avoidance/early detection of vulnerabilities (thus reducing maintenance costs). • Security team member: analyse and define architecture and implementation adherence to quality standards. • Evaluate penetration testing results and investigate/sign off remediations. • Lead security technical assurance for Visa wallet "V.me" Secure SDLC and code review (2013-2015) • Lead security technical assurance for another future of payment main Visa Europe project (2015) Show less

  • Swissquote
    • Switzerland
    • Banking
    • 700 & Above Employee
    • Java Senior Developer Consultant
      • Oct 2012 - Jan 2013

      Implementing a secure systems integration with Swissquote partners companies (banks/insurances), involving asynchronous messaging based on Spring/Hibernate architecture. Main technologies: Stripes MVC, Spring JMS, Caucho(Resin), Hibernate 3, JaxWS/Apache CXF. Implementing a secure systems integration with Swissquote partners companies (banks/insurances), involving asynchronous messaging based on Spring/Hibernate architecture. Main technologies: Stripes MVC, Spring JMS, Caucho(Resin), Hibernate 3, JaxWS/Apache CXF.

  • Cornèr Banca SA
    • Banking
    • 700 & Above Employee
    • Java Senior Developer
      • Feb 2011 - Jun 2012

      Implementation of the Security system of the e-banking public website and single sign on. Security code review (PCI-DSS) for of the already implemented systems, mainly java. Apache:SSO, Web services, mod_security, mod_auth_TKT Security code review, refactoring (OWASP) Implementation of the Security system of the e-banking public website and single sign on. Security code review (PCI-DSS) for of the already implemented systems, mainly java. Apache:SSO, Web services, mod_security, mod_auth_TKT Security code review, refactoring (OWASP)

  • Freelance
    • Egypt
    • Human Resources
    • 1 - 100 Employee
    • Analyst/Developer
      • 2007 - Oct 2010

      Design and development of custom webbased management software for various direct customers in different fields: Real Estate Management, public administration, secure/legal customers data exchange, multi-tiers associations membership management and others. RAD: rapid application development UML Design, requirements definition with customers, coding: Servlet, Ajax, echo2, EJB3, JPA/Postgres SQL. Design and development of custom webbased management software for various direct customers in different fields: Real Estate Management, public administration, secure/legal customers data exchange, multi-tiers associations membership management and others. RAD: rapid application development UML Design, requirements definition with customers, coding: Servlet, Ajax, echo2, EJB3, JPA/Postgres SQL.

  • Seat Pagine Gialle
    • Italy
    • Advertising Services
    • 700 & Above Employee
    • Java developer
      • Jan 2006 - Dec 2007

      Implementation of complex business logic in customer data management for the Italian Yellow Pages (SEAT Pagine Gialle) Technologies: J2EE, Oracle 9, EJB3 - OC4J, Hibernate Implementation of complex business logic in customer data management for the Italian Yellow Pages (SEAT Pagine Gialle) Technologies: J2EE, Oracle 9, EJB3 - OC4J, Hibernate

  • TeamSystem
    • Italy
    • Software Development
    • 700 & Above Employee
    • C Programmer
      • Mar 2001 - Feb 2002

      Implementation of a Linux distribution (www.teamlinux.it) for thin clients. Implementation of a Linux distribution (www.teamlinux.it) for thin clients.

Education

  • Università di Camerino
    2004, Computer, programming
    2000 - 2004
  • University of Victoria BC, Canada.
    English school, English Language
    2005 - 2005
  • Helsingin Ammattikorkeakoulu Stadia
    Bachelor of Science (BS), Digital Economy and computer science
    2002 - 2003

Community

You need to have a working account to view this content. Click here to join now