Francesco Tordoni

Nationality: Italian Gender: Male  Phone number: (+39) 3281195516

 Email address: [email protected]

 LinkedIn: https://www.linkedin.com/in/francesco-tordoni-ab42777b/
 Home: Bruxelles (Belgium)

ABOUT ME

As a Vulnerability Management Consultant, I utilize industry-leading tools like Nexpose, Detectify, Burp Suite an
d Nessus to identify and mitigate system weaknesses, ensuring proactive risk management.
I analyze threat intelligence feeds, identify emerging threats, and assess their potential impact, keeping relevant
teams informed of new threats and trends.
I lead team meetings to present comprehensive weekly vulnerability scan reports to stakeholders, providing
actionable insights for continuous security improvement.
I hold CEH, Security+, and ISO27001 Lead Auditor certifications and am deeply passionate about creating and
delivering engaging staff training sessions.

WORK EXPERIENCE

Vulnerability Management Consultant | FREELANCE

Council of the European Union [ 07/2024 – Current ]
City: Brussels Metropolitan Area | Country: Belgium

• Utilize Nexpose to scan, prioritize, remediatie and report vulnerabilities.

• Lead team meetings to present comprehensive vulnerability weekly scan reports to stakeholders, providing
actionable insights for continuous security improvement.
• Request, review and approve exceptions to a vulnerable item or remediation task that cannot be remediated
according to the policy.
• Utilize Nessus for scanning IP addresses and ports to ensure security and compliance of applications and
netwroks in order to maintain a robust network defense against potential threats.
• Utilize Detectify for advanced web vulnerability scanning including identifying vulnerabilities such as
misconfigurations, missing security headers, and outdated software within web applications.
• Utilize Burp Suite for comprehensive attack surface management, identifying and securing vulnerabilities like
SQL injection, cross-site scripting in web applications by discovering and documenting endpoints and functionalities
that could be exploited.
• Compile and deliver critical threat intelligence reports, keeping relevant teams informed of emerging threats
and trends.
• Analyze threat intelligence feeds, identified emerging threats, and assessed their potential impact.

Vulnerability Management Consultant (on behalf of PQE)

Philip Morris International (on behalf of PQE Group) [ 14/02/2023 – 06/2024 ]
City: Firenze | Country: Italy

• Manage the patching process, applying vendor-issued updates to close security vulnerabilities and optimize the
performance of software and devices
• Request, review and approve exceptions to a vulnerable item or remediation task that cannot be remediated
according to the policy.
• Conduct stakeholder meetings to address and prioritize vulnerabilities.
• Develop and implement mitigation plans for identified vulnerabilities.
• Maintain documentation of cybersecurity policies and compliance records.

1/4
• Use Brinqa to stream workflows for managing and mitigating threat exposures from infrastructure, cloud,
application security, and vulnerability management.
• Conduct application security assessments using Micorsoft Copilot scripting.
• Track remediation efforts and keeping stakeholders informed.
• Utilize SAP LeanIX and ServiceNow integration to stream vulnerability management in order to assign
vulnerabilities to the correct system owners

IT Infrastructure Consultant
PQE Group [ 03/2023 – 06/06/2023 ]
City: Firenze | Country: Italy

• Help to keep up to date the inventory of all IT assets (servers, networks, storage devices) and document their
configurations and dependencies.
• Establish criteria for qualification, including hardware and software specifications, network performance metrics,
and security standards.
• Develop comprehensive testing procedures to validate each component against the qualification criteria.
• Identify potential risks to the IT infrastructure, such as cyber threats, hardware failures, and data breaches.
• Develop standard operating procedures (SOPs) for the deployment, maintenance, and troubleshooting of IT
infrastructure components.
• Perform tests to validate network performance, including bandwidth, latency, and packet loss.
• Test data backup and recovery processes to ensure data integrity and availability in case of failures.
• Test UPS systems to verify they provide adequate power during outages and that they are properly maintained and
monitored.

ICT Trainer & Consultant

FREELANCE [ 08/2019 – Current ]
City: Remote | Country: Italy

• Offer advice and solutions tailored to the unique needs of various clients
• Teach introductory Cybersecurity Courses, educating students using the Security Blue Team Level 1 certification
curriculum.
• Facilitate practical and theoretical learning, ensuring students gain both the knowledge and hands-on experience
needed for foundational cybersecurity skills
• Train new hires to help them integrate into the company’s cybersecurity protocols
• Develop and deliver an innovative security training program and create engaging training sessions

IT Analyst
TE Connectivity [ 2015 – 2018 ]
City: Brno | Country: Czechia

• Administer workstations and servers across US/EMEA, ensuring security and performance
• Manage user rights and profiles via Active Directory
• Perform hardware troubleshooting, minimizing downtime through timely component replacement
• Update security protocols using McAfee ePolicy Orchestrator and Blackberry Enterprise Server
• Provide technical support to remote users

Desktop Support Engineer

Twago - Team2Venture [ 2012 – 2015 ]
City: Berlin | Country: Germany

• Primary IT support contact, resolving hardware/software issues

• Review and optimize operational procedures for effectiveness
• Manage logistics of IT assets, ensuring equipment availability

2/4
Presales Technical Consultant
HP Enterprise [ 2011 – 2012 ]
City: Prague | Country: Czechia

• Deliver expert technical presales support within agreed service levels

• Formulate strategies by analyzing competitive specifications, enhancing customer engagement
• Ensure comprehensive resolution of customer issues

Network Support Engineer

AT&T [ 2009 – 2011 ]
City: Brno | Country: Czechia

• Multi platform Cisco router and switch support

• Implement, maintain and support computer networks
• Direct customer and account team interface providing day to day network support
• Performing failover tests, IOS upgrades and other tasks to validate and maintain the good operation ofthe AT&T
setups
• Implementing and troubleshooting the following technologies: BGP, VLAN, Access Lists, IPAddressing, TCP/IP,
DHCP, DNS,Fortinet, ASA, Checkpoint, QOS, VPN, Ethernet
• Manage trouble investigation, isolation and steady state recovery - Assists customers to identify and solve
complex connection/communication issues

Market research interviewer

Metrinomics [ 2007 – 2008 ]
City: Berlin | Country: Germany

• Collecting information on the perceptions, opinions, and preferences of customers in relation to commercial
products or services.
• Using interview techniques to draw as much information as possible by contacting people via telephone calls,
by approaching them face-to-face or by by virtual means.
• Passing information to experts for drawing analysis.

EDUCATION AND TRAINING

Security+
CompTIA

Certitfied Ethcial Hacker

EC Council

ISO27001:2022 Lead Auditor

GAQM Global Association for Quality Management

Master in Information Systems & Networking

Elis ICT Academy [ 2008 – 2009 ]

Political Science and Government stuides

Alma Mater Studiorum - University of Bologna [ 2003 – 2005 ]

LANGUAGE SKILLS

Mother tongue(s): Italian

3/4
Other language(s):
Italian English
LISTENING C2 READING C2 WRITING C2 LISTENING C1 READING C1 WRITING C1
SPOKEN PRODUCTION C2 SPOKEN INTERACTION C2 SPOKEN PRODUCTION C1 SPOKEN INTERACTION C1

German Spanish
LISTENING B2 READING B2 WRITING B2 LISTENING B1 READING B1 WRITING B1
SPOKEN PRODUCTION B2 SPOKEN INTERACTION B2 SPOKEN PRODUCTION B1 SPOKEN INTERACTION B1

Levels: A1 and A2: Basic user; B1 and B2: Independent user; C1 and C2: Proficient user

DIGITAL SKILLS

Vulnerability Management / Vulnerability Assesment / Rapid7 Nexpose / BURP Suite / Qualys, Tenable(Nessus)
/ Detectify / SERVICE NOW / LeanIX

4/4