Diego Zamboni

I lead the global CISO Governance team, focusing on establishing robust security policies and monitoring compliance. I am in charge of defining and monitoring Avaloq's global Information Security Management System. My role involves defining requirements and ensuring effective oversight of first-line security functions, which is essential for maintaining a secure and compliant environment in the financial technology sector.

I worked with customers and within AWS to increase security awareness, design and build secure solutions, mentor and develop colleagues and customers in security best practices. I was Lead Security Architect in the Stellantis Virtual Engineering Workbench (VEW) project.

• Established the VEW security workstream to identify customer security requirements and policies, define and promote security best practices and drive activities related to risk analysis, threat modeling and mitigation definition, prioritization and implementation.

• Established in VEW measurement mechanisms for status and metrics for security activities, which provide visibility to both technical and business stakeholders.

• Established the VEW Security Champions program to promote and transfer security knowledge.

• Defined and tracked implementation of security features in VEW to fulfill both customer business requirements and AWS best practices.

Worked with AWS global customers to improve security posture and promote secure design and implementation practices. I was a member of the security team in the Volkswagen Digital Production Platform (DPP) project.

• Established in DPP scalable and durable mechanisms to enable DPP partners to work securely in the DPP program.

• Created and promoted security learning materials tailored for various roles within the DPP project.

• Increased security awareness and knowledge by promoting a Security Guardians initiative across the DPP organization.

As an Enterprise Architect, I participated in the design of future products and solutions offered by Swisscom, in collaboration with architects from all other divisions of the company.

As Solution Security Architect for Swisscom's Cloud Platforms (including Enterprise Service Cloud, Enterprise Application Cloud, Dynamic Computing Services, Enterprise Cloud for SAP Applications and related services) I was responsible for the security, compliance and data governance of those services. I defined, prioritized and drove relevant product features and business goals. I also lead the IT Clouds Security Community of Practice and advised engineering teams on compliance, governance and operational activities.

• Ensured cloud platform and service compliance with internal, contractual and regulatory standards, including ISO27001, ISAE3402/3000 and GDPR.

• Established and led a community of around 30 /Security Champions/ from different teams, who drove security initiatives and promote the security culture within the Swisscom IT Clouds organization.

• Coordinated threat modeling, audits, penetration tests and security compliance reporting.

• Coordinated organization- and team-wide processes for risk and vulnerability management.

• Development of the Swisscom Platforms vision for 2025.

I built and led a team which evolved on par with Swisscom cloud platforms to provide their monitoring and logging capabilities. My responsibilities included people management (up to 16 people), definition and prioritization of requirements and roadmaps (in collaboration with Product Managers and other stakeholders), technical architecture, and managing the planning and execution of team activities.

• Led the transition of the Enterprise Cloud LEMM (Logging, Event Management and Monitoring) and Access & Inventory frameworks into maintenance mode as the platform was retired.

• Defined the scope and mission of the Health and State Management (HSM) team as part of the new Enterprise Service Cloud project, and later of other platforms as the IT Clouds scope expanded to Application Cloud, Enterprise Cloud for SAP Solutions and Dynamic Computing Services.

• Defined the logging and monitoring architecture for the Enterprise Service Cloud platform based on VMware vRealize Operations and vRealize Log Insight.

• Led the transition of the Application Cloud platform monitoring from the Orchard framework to a TICK-based framework.

• Defined architecture and oversaw implementation of the Customer Log Forwarding service.

• Managed business relationship and technical implementation of OpsGenie for alert management in IT Clouds.

• Main technologies involved: VMware vSphere (ESX, vCenter, NSX), VMware vRealize Operations Manager and Log Insight, Ansible (configuration management), OpsGenie (alert management).

Managed a team of three people and led the Orchard project through its implementation, production release and further improvements and development.

• Designed the architecture and implemented the initial prototype for the Orchard health-management and self-healing framework for Swisscom's Application Cloud Platform-as-a-Service service.

• Main technologies involved: OpenStack (cloud computing infrastructure), Cloud Foundry (application platform), Consul (health management and service discovery), RabbitMQ (message bus), Riemann (event analysis).

• Managed the CFEngine language roadmap.

• Created and led the CFEngine Design Center project, which was the foundation for the current CFEngine Build service.

• Coordinated the work on CFEngine third-party integration (e.g. AWS EC2, VMware, Docker and OpenStack).

• Developed code for both the Design Center core and its integrations.

• CFEngine Advocate, with a special focus on security.

• Wrote the book Learning CFEngine 3, published by O'Reilly Media, which became the de facto introductory text to CFEngine.

• Gave talks, wrote articles and blog posts, taught classes, and in general spread the word about CFEngine.

• Developed and implemented the strategy for CFEngine as a security component.

I advised and coordinated teams working on teaching- and security-related products, consulting and services.

• Acted as first point of contact for all security-related issues for five HP enterprise customers in Mexico.

• Initiated, advised and managed security-related projects.

• Handled communication and coordination between technical teams involved in security initiatives.

• Involved in all security-related decisions at the sales, design, implementation, delivery and ongoing maintenance stages of IT Outsourcing projects.

• Helped multidisciplinary customer teams (software engineering, IT management, networking, sales and support) by solving complex problems in customer environments.

• Performed analysis, design and implementation of solutions in multiple areas of expertise, including system automation, configuration management, system administration, system design, virtualization, performance and security.

I was a member of the Global Security Analysis Laboratory (GSAL), where I worked in intrusion detection, malware detection and containment, and virtualization security research projects. See Research for details of my research.

• Developer for the Bruce host vulnerability scanner, later released as the Sun Enterprise Network Security Service (SENSS).

• Designed and implemented the first version of the network-based components of Bruce, which allowed it to operate on several hosts in a network, controlled from a central location.

• Established UNAM's Computer Security Area, the University's first team dedicated to computer security, which has evolved into the Information Security Coordination (UNAM-CERT).

• Managed up to nine people working on different projects related to computer security.

• Managed security monitoring for a Cray supercomputer and 22 Unix workstations.

• Provided security services to the whole University, including incident response, security information, auditing and teaching.

• Established the celebration of the International Computer Security Day (sponsored by the Association for Computing Machinery) at UNAM. Acted as the main organizer of the event for two years (1994 and 1995). This event has grown and evolved into the Computer Security Day and the Computer Security Congress.

• Designed and headed development of an audit-analysis tool for Unix systems (SAINT).

• System administrator at UNAM's Supercomputing Center, managing a Cray Y-MP Supercomputer and related systems.

• Managed the Network Queuing Subsystem (NQS),

• Managed and provided support for 22 Unix workstations.

• Monitored the security of the Cray supercomputer and related workstations.

• Other responsibilities: user administration, operating system installation, resource management, security policies.