Giorgio Di Tizio

Giorgio Di Tizio

Threat Intelligence Analyst

Airbus

About me

Hi! My name is Giorgio. I hold a Ph.D in Information and Communication Technology at the University of Trento with a thesis entitled “Leveraging Security Data for a Quantitative Evaluation of Security Mitigation Strategies”. I currently work at Airbus in the CERT group, focusing on Cyber Threat Intelligence.

Previous to that, I was a security researcher working with Prof. Fabio Massacci in the DISI Security Group at the University of Trento. During this period, I visited the Cambridge Cybercrime Centre at the University of Cambridge and the Information Security and Cryptography Group at the CISPA Helmholtz Center for Information Security.

I am an acknowledged author of the First.org CVSS v4.0 framework.

Interests
  • Cyber Threat Intelligence
  • Cybercrime
  • Cyber-risk
Education

  • Ph.D. Information and Communication Technology, 2023

    University of Trento

  • M.Sc. Computer Science, 2018

    University of Trento

  • B.Sc. Information Engineering, 2016

    University of Brescia

Publications

Giorgio Di Tizio, Gilberto Atondo Siu, Alice Hutchings, Fabio Massacci (2023). A Graph-based Stratified Sampling Methodology for the Analysis of (Underground) Forums. In IEEE TIFS, 2023.

PDF Dataset

Fabio Massacci, Giorgio Di Tizio (2022). Are Software Updates Useless against Advanced Persistent Threats?. In CACM, 2023.

PDF Video

Giorgio Di Tizio, Patrick Speicher, Milivoj Simeonovski, Michael Backes, Ben Stock, Robert Künnemann (2022). Pareto-Optimal Defenses for the Web Infrastructure: Theory and Practice. In ACM TOPS, 2022.

PDF Project

Giorgio Di Tizio, Michele Armellini, Fabio Massacci (2022). Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. In IEEE TSE, 2022.

PDF Code Dataset

Giorgio Di Tizio, Fabio Massacci (2021). A Calculus of Tracking: Theory and Practice. In PETS, 2021.

PDF Code Dataset Slides Video

Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic (2020). An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags. In EuroS&PW, 2020.

PDF Slides

Giorgio Di Tizio, Chan Nam Ngo (2020). Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem. In EuroS&PW, 2020.

PDF Code Slides

Services & Presentations

Services

  • Reviewer for ACSAC Artifacts Evaluation (2023), Computer&Security (2021-2022), TDSC, DTRAP, SSCR (2020).
  • PC member for IEEE WACCO (2021-2023), IEEE CRST (2021)
  • Publicity Chair for IEEE WACCO (2019-2020).

Presentations

  • La threat intelligence e il contrasto agli Advanced Persistent Threats. Seminario Confindustria Trento 2023.

  • Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. ICSE Journal-First 2023, 45th International Conference on Software Engineering.

  • Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. Huawei AI4SEC Research Seminar 2023.

  • Why are you not updating? The effectiveness of Software Updates against Advanced Persistent Threats Campaigns. SFScon 2022.

  • Estimating cyber risk from experiments with cyber ranges and CTFs. SRA Annual Meeting 2019.

  • Cyber Security Risk as an Experimental Discipline: a Proposal Building upon Capture the Flags. Poster Session Usenix Security 2019, 28th USENIX Security Symposium.

  • Cyber Security Risk as an Experimental Discipline: a Proposal Building upon Capture the Flags. Poster Session EuroS&P 2019, 4th IEEE European Symposium on Security and Privacy.

Teaching & Projects

Offensive Technologies (2019-2022)

The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications with a significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obvious security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product.

Duties: Teaching assistant

Course type: M.Sc.

Location: University of Trento

CyberChallenge.IT (2020-2021)

The CyberChallenge.IT is a national Capture The Flags training program for young talents. The training focuses on the technical, scientific, and ethical introduction to issues related to cybersecurity, alternating theoretical lessons and exercises on various topics such as cryptography, malware analysis, and web security.

Duties: Local organizer

Location: University of Trento

Resume

Positions

  • 2024/Feb → current - Cyber Threat Intelligence Analyst, Airbus (FR)
  • 2023/May → 2024/Jan - Postdoctoral researcher, University of Trento (IT)
  • 2019/Nov → 2023/Apr - Ph.D. student, University of Trento (IT)
  • 2022/Jan → 2022/Jul - Visiting Researcher, University of Cambridge (UK)
  • 2018/Nov → 2019/Nov - Research Fellow, University of Trento (IT)
  • 2018/Mar → 2018/Jun - Research Intern, CISPA Helmholtz Center for Information Security (DE)