Curriculum Vitae
Work Experience
Nov 2020 - present Research Assistant Professor in DISI Security Research Group at the University of Trento, Italy
Research interests: ML/DL tools for finding security vulnerabilities, software supply chain attacks on PyPI, secure usage of open-source software libraries (Java and Python)
WP main contact from the University of Trento in H2020-AssureMOSS (4.7M Euro, 12 partners) and H2020-CyberSec4Europe (16M Euro, 44 partners)
Nov 2019 - Nov 2020 Postdoctoral Researcher in DISI Security Research Group at the University of Trento, Italy
Assisted in preparation of 3 Horizon 2020 project proposals, 1 accepted (Budget 4.7M Euro)
Invited speaker at Github Satellite Virtual (6500+ live listeners) and Java Devs Summit (10K+ participants)
Sep 2017 - Mar 2018 Machine Learning Intern at SAP Security Research, Sophia-Antipolis, France
Developed a Python ML tool (natural language processing, scikit-learn) to automatically identify programming language of a CVE entry in NVD. Used internally by SAP developers
Developed a Python DL tool (TensorFlow) to automatically identify hidden security fixes in software repositories
Completed 3 certification training (Machine Learning, Deep Learning with TensorFlow, Design Thinking)
Nov 2013 - Sep 2015 Leading Security Engineer, Bashneft-Inform, Ufa, Russia
Security administrator in charge of antivirus protection of Windows and UNIX/Linux based environments, and local network
Developed ransomware protection policy: 0 servers/computers with lost data
Completed 3 certification training (TrendMicro, Cisco IDS/IPS, RSA Envision)
Education
Nov 2015 – Sep 2019 PhD Candidate in Information and Communication Technology, University of Trento, Italy
Thesis title: “Decision Support of Security Assessment of Software Vulnerabilities in Industrial Practice”. Advisor: Prof. Fabio Massacci
Research topics:
ACM/Microsoft silver medal for 2nd place at Student Research Competition in the Graduate category at ESEC/FSE 2017 (A*)
Designed methodology for comparing static analysis security testing tools (Fortify SCA, Coverity, SonarQube, etc.) and developed a Python tool - awarded ACM/Microsoft silver medal
Designed a methodology for reducing false alerts (20% reduction) when analysing software dependencies and a Python tool supporting it. Conference paper published, journal paper is under review
Published 3 papers in A/A* conferences
Assisted in preparation of 4 Horizon 2020 project proposals
PhD completed in accordance with the requirements of "Doctor Europaeus".
Mar 2016 – Present EIT Digital Academy, EIT Digital Doctoral student
Complementary Double Degree Program in Innovation & Entrepreneurship
Sep 2008 – Jun 2013 Diploma of Information Security Specialist, Ufa State Aviation Technical University, Russia
Major: Information Security. Thesis Title: "Smart Grid security system design"
Cum laude
Best thesis award at all-Russian thesis competition by FSB (Federal Security Service)
Scholarship of Bashkortostan Republic President (top 100 master students in Bashkortostan, Russia)
European Projects
Nov 2019 - Present - A pilot for a future European Cybersecurity Competence Network (Horizon2020 CyberSec4Europe)
WP main contact from the University of Trento;
44 partners, budget: 16M Euro
Jan 2016 – Jan 2017 - Vulnerability Analysis and Management for Open-Source Software (VAMOSS).
WP main contact from the University of Trento;
responsible for risk assessment design;
developed Java RESTful plug-in for prioritisation of findings generated by the Eclipse Steady dependency analysis tool;
8 partners, budget: 60K Euro
Project proposal preparation experience:
Assisted in preparation of 5 Horizon2020 EU project proposals, out of which one project received funding (AssureMOSS, 11 partners, Budget: 5M Euro)
Awards
2017 - Silver medal for the 2nd place at the Student Research Competition (ESEC/FSE 2017) by ACM/Microsoft
Other Awards
2019 - Winner of the 2050 Migratory Bird Reunion program
A 2050 Migratory Bird program grant for attending the yearly Reunion 2050 conference organised by Ali Baba in Hangzhou, China.
2018 - Grant for attendance of the 2nd ACM Europe Summer School on Data Science
2016 - Best Entrepreneurial Team Award (EIT Digital Summer School Privacy, Security & Trust, 2016)
The most innovative security project (Simpassy password manager) at the EIT Digital Summer School Privacy, Security & Trust.
2014 – 2015 Scholarship of Bashkortostan Republic President
Prestigious scholarship awarded to the 100 best master students in Bashkortostan, Russia.
2013 - Best Master Thesis Award
All-Russian Cyber Security Thesis Competition organised by Russian Federal Security Services (FSB).
2012 – Erasmus Mundus Action 2 Multic scholarship
Teaching experience
Cyber Security Risk Assessment 2019-2020
Assistant for a Master course. 27 students. 53 hours, including 10 hours in class (lectures + practical exercises)
Cyber Security Risk Assessment 2018-2019
Assistant for a Master course. 30 students. 53 hours, including 8 hours in class (practical exercises)
Introduction to Cybersecurity for Polizia di Stato (Caserta, IT) 2019
Invited lecturer for a one-day training course. 4 hours of lectures
Certifications
Enterprise Machine Learning in a Nutshell (certified by SAP) - certificate
Enterprise Deep Learning with TensorFlow (certified by SAP) - certificate
Developing Software Using Design Thinking (certified by SAP) - certificate
Invited talks and Services
Featured invited talks
Github Satellite Virtual 2020. Talk title: "Dependency Hell or Developer's Perception of Software Dependencies" (>6500 online listeners)
Global Summit for Java Devs’20. Talk title: "A Lesson from the Trenches: How to Make Dependency Management Secure" (>10000 participants)
SFScon 2019. Talk title: "Say No to the Dependency Hell: Proper Management of Software Dependencies" (~100 attendees)
Area Editor at ACM Digital Threats: Research and Practice (DTRAP)
Area editor for the Software Supply Chain Vulnerability Exploitation
Invited reviewer
Transactions of Software Engineering, Empirical Software Engineering, Information and Software Technology, Elsevier Computers and Security, Security and Communications Network, IEEE Access
Contact me at:
E-mail: ivan.pashchenko[at]unitn.it Twitter: @ivPashenko Skype: ivanpashchenko My LinkedIn page: LinkedIn