Curriculum Vitae

Nov 2020 - present Research Assistant Professor in DISI Security Research Group at the University of Trento, Italy

Research interests: ML/DL tools for finding security vulnerabilities, software supply chain attacks on PyPI, secure usage of open-source software libraries (Java and Python)
WP main contact from the University of Trento in H2020-AssureMOSS (4.7M Euro, 12 partners) and H2020-CyberSec4Europe (16M Euro, 44 partners)

Nov 2019 - Nov 2020 Postdoctoral Researcher in DISI Security Research Group at the University of Trento, Italy

Assisted in preparation of 3 Horizon 2020 project proposals, 1 accepted (Budget 4.7M Euro)
Invited speaker at Github Satellite Virtual (6500+ live listeners) and Java Devs Summit (10K+ participants)

Sep 2017 - Mar 2018 Machine Learning Intern at SAP Security Research, Sophia-Antipolis, France

Developed a Python ML tool (natural language processing, scikit-learn) to automatically identify programming language of a CVE entry in NVD. Used internally by SAP developers
Developed a Python DL tool (TensorFlow) to automatically identify hidden security fixes in software repositories
Completed 3 certification training (Machine Learning, Deep Learning with TensorFlow, Design Thinking)

Nov 2013 - Sep 2015 Leading Security Engineer, Bashneft-Inform, Ufa, Russia

Security administrator in charge of antivirus protection of Windows and UNIX/Linux based environments, and local network
Developed ransomware protection policy: 0 servers/computers with lost data
Completed 3 certification training (TrendMicro, Cisco IDS/IPS, RSA Envision)

Nov 2015 – Sep 2019 PhD Candidate in Information and Communication Technology, University of Trento, Italy

Thesis title: “Decision Support of Security Assessment of Software Vulnerabilities in Industrial Practice”. Advisor: Prof. Fabio Massacci

Research topics:

ACM/Microsoft silver medal for 2nd place at Student Research Competition in the Graduate category at ESEC/FSE 2017 (A*)
Designed methodology for comparing static analysis security testing tools (Fortify SCA, Coverity, SonarQube, etc.) and developed a Python tool - awarded ACM/Microsoft silver medal
Designed a methodology for reducing false alerts (20% reduction) when analysing software dependencies and a Python tool supporting it. Conference paper published, journal paper is under review
Published 3 papers in A/A* conferences
Assisted in preparation of 4 Horizon 2020 project proposals
PhD completed in accordance with the requirements of "Doctor Europaeus".

Mar 2016 – Present EIT Digital Academy, EIT Digital Doctoral student

Complementary Double Degree Program in Innovation & Entrepreneurship

Sep 2008 – Jun 2013 Diploma of Information Security Specialist, Ufa State Aviation Technical University, Russia

Major: Information Security. Thesis Title: "Smart Grid security system design"

Cum laude
Best thesis award at all-Russian thesis competition by FSB (Federal Security Service)
Scholarship of Bashkortostan Republic President (top 100 master students in Bashkortostan, Russia)

Nov 2019 - Present - A pilot for a future European Cybersecurity Competence Network (Horizon2020 CyberSec4Europe)

Jan 2016 – Jan 2017 - Vulnerability Analysis and Management for Open-Source Software (VAMOSS).

WP main contact from the University of Trento;
responsible for risk assessment design;
developed Java RESTful plug-in for prioritisation of findings generated by the Eclipse Steady dependency analysis tool;
8 partners, budget: 60K Euro

Assisted in preparation of 5 Horizon2020 EU project proposals, out of which one project received funding (AssureMOSS, 11 partners, Budget: 5M Euro)

2017 - Silver medal for the 2nd place at the Student Research Competition (ESEC/FSE 2017) by ACM/Microsoft

2019 - Winner of the 2050 Migratory Bird Reunion program
- A 2050 Migratory Bird program grant for attending the yearly Reunion 2050 conference organised by Ali Baba in Hangzhou, China.
2018 - Grant for attendance of the 2nd ACM Europe Summer School on Data Science
2016 - Best Entrepreneurial Team Award (EIT Digital Summer School Privacy, Security & Trust, 2016)
- The most innovative security project (Simpassy password manager) at the EIT Digital Summer School Privacy, Security & Trust.
2014 – 2015 Scholarship of Bashkortostan Republic President
- Prestigious scholarship awarded to the 100 best master students in Bashkortostan, Russia.
2013 - Best Master Thesis Award
- All-Russian Cyber Security Thesis Competition organised by Russian Federal Security Services (FSB).
2012 – Erasmus Mundus Action 2 Multic scholarship

Cyber Security Risk Assessment 2019-2020
- Assistant for a Master course. 27 students. 53 hours, including 10 hours in class (lectures + practical exercises)
Cyber Security Risk Assessment 2018-2019
- Assistant for a Master course. 30 students. 53 hours, including 8 hours in class (practical exercises)
Introduction to Cybersecurity for Polizia di Stato (Caserta, IT) 2019
- Invited lecturer for a one-day training course. 4 hours of lectures

Featured invited talks
- Github Satellite Virtual 2020. Talk title: "Dependency Hell or Developer's Perception of Software Dependencies" (>6500 online listeners)
- Global Summit for Java Devs’20. Talk title: "A Lesson from the Trenches: How to Make Dependency Management Secure" (>10000 participants)
- SFScon 2019. Talk title: "Say No to the Dependency Hell: Proper Management of Software Dependencies" (~100 attendees)
Area Editor at ACM Digital Threats: Research and Practice (DTRAP)
- Area editor for the Software Supply Chain Vulnerability Exploitation
Invited reviewer
- Transactions of Software Engineering, Empirical Software Engineering, Information and Software Technology, Elsevier Computers and Security, Security and Communications Network, IEEE Access

E-mail: ivan.pashchenko[at]unitn.it Twitter: @ivPashenko Skype: ivanpashchenko My LinkedIn page: LinkedIn