Francesco Picasso

Francesco started out as a professional developer during the day, but his nightly passion for information security quickly switched to a full time InfoSec and DFIR consultant role. He obtained a Computer Science degree and a PhD. in "Intelligent Electronics for Security" and achieved a real-time log correlation patent. Also passionate about reverse engineering, he still practices it during his spare time to implement a so-called offensive digital investigation, which aims at gaining access to protected data. Aware that the sharing of knowledge and experiences is essential in the information technology field, he shares observations from his daily job on the Zena Forensics blog, on GitHub repositories and on Twitter.

Francesco is currently the Chief Technology at Reality Net Systems Solutions, a firm providing digital investigations, incident response and network security services. At SANS, Francesco teaches the FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics course. “I chose to teach this topic because I like to have (or, better, to pretend having) control on systems. I like to understand what is happening and why. It is a challenge to detect anomalies in systems and to explain them”

He believes a good teacher is someone who does not stop at first evidence, but someone who like to go in depth. “I am passionate, and I enjoy seeing the funny side the human-computer interaction. I like to infuse to students not just “a” knowledge, but the process to create that knowledge. The old well-known saying “teaching how to fish instead of giving out a fish”. It’s the only approach that would work, because it’s impossible to know everything due to the huge complexity in play”

Francesco started at SANS as a facilitator and kept in touch with the SANS faculty and the courses. After a few years of attending SANS classes and delivering talks in several topics at some of the SANS Summits, he agreed to start teaching for SANS. “SANS delivers the best info security training in the world. So, I said, “let’s try”, that is how I started. What made me decide to start the process? I like teaching, sharing, researching, and being challenged, and SANS is simply the top for that.”

He thinks DFIR is a mindset, “you never stop asking yourself, in dept, how stuff work.” There is always something to discover, to understand, even for well-known topics. He is a firm believer that continuous research, using many different points of view is key. A strong passion and commitment have pros and cons in our lives. Being able to face the everyday “unknown” is the goal. “I usually get comments like this one from my students: “When I was tired, you pushed even farther and that helped me focus and I not to lose any detail, I never had this level of instruction”.

Here is what you will hear on the first day of Francesco’s class: “Welcome to my class! you will get a lot of knowledge during these days, and knowledge is a requirement. But what is not explicitly written in the book, is the message between the lines… mindset, passion, curiosity to be like an old time (or space) explorer. You will enjoy even the frustrating moments because they are needed to reach your goals, and you’ll reach them.”

Finally, even though his job is his passion and number one pastime, Francesco also enjoys playing with his kids, he likes to read books, trekking and geopolitics.

ADDITIONAL CONTRIBUTIONS BY FRANCESCO PICASSO:

BLOG

Zena Forensics

TOOLS

• https://github.com/RealityNet/teleparserhttps://github.com/RealityNet/teleparser
• https://github.com/RealityNet/hotoloti
• https://github.com/dfirfpi/lsa...

• dpapilab - Windows DPAPI laboratory
• decwindbx - A sort of a toolkit to decrypt Dropbox Windows DBX files
  
  

CERTIFICATIONS

European Certificate on Cybersecurity and Electronic Evidence (ECCE) 
GIAC Continuous Monitoring Certification (GMON)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
Certified Information Forensics Investigator ( CIFI)