I offer consulting and training services in the areas of information security, formal methods, and software engineering.

University Courses

I can teach (or co-teach) university-level courses. I have more than 700 active teaching hours spanning undergraduate and graduate programmes at ETH Zürich and Politecnico di Milano.

I am available to design new courses, deliver lecture series, or contribute as a visiting lecturer at universities seeking expertise in these areas. See my teaching page for a list of courses I have taught and topics I can cover.

Corporate Security Training

I provide security training for companies looking to build or strengthen their security culture and technical capabilities. Training can be tailored to technical teams (engineers, architects) or to a broader audience including management and compliance staff.

Topics I offer training on include:

  • Fundamentals of information security
  • Secure software development practices
  • Privacy-enhancing technologies and data protection
  • Formal methods for security-critical systems
  • Runtime monitoring and anomaly detection
  • Runtime enforcement and information flow control

Training can be delivered as workshops, multi-day programmes, or ongoing engagement depending on organizational needs and required logistics.

Regulatory Compliance Consulting

I provide consulting services to help organizations design and implement software systems that comply with data protection and cybersecurity regulations, with a focus on the EU regulatory landscape.

Areas of expertise and personal interests include:

  • EU General Data Protection Regulation (GDPR): Data minimization, purpose limitation, lawful basis for processing, data subject rights, privacy-by-design architectures, and formal GDPR specification and compliance checking.
  • EU Cyber Resilience Act (CRA): Cybersecurity requirements for products with digital elements, vulnerability handling obligations, conformity assessment, and security-by-design practices.
  • Security and privacy by design: Architectural guidance for embedding compliance into software from the ground up, rather than as a retrofit.
  • Policy formalization and monitoring: Translating regulatory requirements into formal specifications that can be automatically monitored and enforced at runtime.

I work both with decision-makers, supporting them in understanding the compliance requirements, as well as with technical teams helping them (1) evaluate the curretent state of their systems’ compliance, (2) refine high-level requirements and principles to system-specific low-level requirements, and (3) guide them with system design and implementation.