Teaching

Teaching

Teaching Philosophy

My teaching activity focuses on connecting academic foundations with operational cybersecurity practice. I work with students, professionals, and executive audiences to move beyond abstract models and understand how adversarial ecosystems, threat intelligence processes, and enterprise security programs operate in real environments.

The common thread across my teaching, supervision, mentoring, and professional training activity is the translation of complex cybersecurity topics into structured, evidence-based learning paths: from Cyber Threat Intelligence, dark web intelligence, ransomware ecosystems, and incident response to vulnerability management, security governance, attack surface analysis, and digital risk awareness.

My approach combines academic rigor, practical laboratories, case-based analysis, and operational experience matured across enterprise cybersecurity, security operations, threat intelligence, and governance functions.


Academic Teaching & Supervision

This section includes university teaching, academic supervision, Ph.D. research activity, thesis co-supervision, and internship collaborations developed within formal academic contexts.


University of Rome Tor Vergata

Industry Lecturer – Master’s in Cybersecurity and Privacy (02/2023 - Present)

  • Design and deliver advanced academic modules on Cyber Threat Intelligence, ransomware ecosystems, and dark web intelligence.
  • Integrate CTI frameworks such as MITRE ATT&CK and the cyber kill chain with real-world datasets and practical analysis workflows.
  • Develop intelligence-driven exercises focused on threat actor profiling, infrastructure mapping, incident response, and threat hunting.
  • Bridge academic theory with enterprise security operations, supporting students in understanding how intelligence-driven security models can be applied in real organizational contexts.

University of Sannio

Lecturer & Ph.D. Researcher

  • Deliver academic modules focused on ransomware ecosystems, dark web intelligence, and intelligence-driven detection and response.
  • Develop research-oriented material that connects academic theory with enterprise CTI operations.
  • Co-supervise thesis work on Cyber Threat Intelligence platforms, data leak detection, adversary simulation, ransomware analysis, and attack surface intelligence.
  • Contribute to research and teaching activities on threat actor behavior, cybercriminal ecosystems, and data-driven security analysis.

Ph.D. Research

Academic PathThesis Title
Ph.D. in Cyber Threat IntelligenceEcosystem Dynamics and Structural Resilience of the Ransomware Economy

Thesis Co-Supervision

Academic YearStudentThesis Title
2022/2023Raffaela CrisciDARK WEB MONITOR: Evolution of a Threat Intelligence Platform for Monitoring the Dark Web to Intercept Data Leakage
2022/2023Valerio CammarotaDesign and Implementation of a Threat Intelligence Platform for the Analysis of the Ransomware Phenomenon
2022/2023Giulio SantabarbaraEvolution of the Ransomware Phenomenon: Analysis of the Cybergangs Business Model
2022/2023Michele NuzzoCyber Attacks Detection from Adversary Simulation Tools
2022/2023Luca CiarloDevelopment and Implementation of Deepye: A Threat Intelligence Platform for Attack Surface Analysis

Free University of Bozen-Bolzano

Cybersecurity Thesis & Internship Collaboration with Würth Italia (2026 - Present)

Through my role as Chief Information Security Officer at Würth Italia, I support thesis and internship activities involving students from the Free University of Bozen-Bolzano. These projects are developed within an enterprise cybersecurity context and focus on applied topics such as security governance, cyber risk management, vulnerability management, threat intelligence, and secure digital transformation.

The objective is to expose students to real organizational challenges while maintaining a structured academic approach, helping them connect university-level learning with practical cybersecurity operations.

Thesis & Internship Supervision

Academic YearStudentThesis / Internship Topic
2026/2027Nicole BortolottiThe Ransomware Economy: Criminal Business Models and New Corporate Responsibilities after NIS2

University of Trento

Cybersecurity Thesis & Internship Collaboration with Würth Italia (2026 - Present)

I also support students from the University of Trento who start internship and thesis activities at Würth Italia on cybersecurity-related topics. These initiatives combine academic research, professional mentoring, and practical exposure to enterprise security processes.

Typical areas of work include Cyber Threat Intelligence, security awareness, attack surface analysis, governance and compliance, security operations, and the application of structured methodologies to real-world cyber risk scenarios.

Thesis & Internship Supervision

Academic YearStudentThesis / Internship Topic
2025/2026Federico GonzalezSPEAR: Simulation of Phishing Environments for Awareness and Risk Analysis
2025/2026David BrugnaraRansomPly: An Integrated Monitor for Supply Chain Attacks
2025/2026Francesco Mario BoldrinFrom Reactive to Proactive: Exploring a Behavior-Centered Approach to Ransomware On-Chain Monitoring

Professional Courses & Training for Organizations

This section separates professional courses, academy programs, and training activities delivered for external organizations from formal university teaching and academic supervision.

The objective of these courses is to provide professionals, analysts, students, and cybersecurity practitioners with structured and practical learning paths on threat intelligence, dark web analysis, ransomware ecosystems, underground communities, cybercrime, and intelligence-driven security operations.


Red Hot Cyber Academy

Instructor – Dark Web & Cyber Threat Intelligence Courses

Red Hot Cyber is an Italian cybersecurity community and media organization focused on cybercrime, vulnerability analysis, digital culture, innovation, events, and professional training. Through the Red Hot Cyber Academy, I deliver dedicated training paths on Dark Web and Cyber Threat Intelligence, available in both Live Class and E-Learning formats.

Course Portfolio

CourseFormatLevelDurationCertificationLink
Dark Web & Cyber Threat IntelligenceLive Class with instructorIntermediate15 hoursCyber Threat Intelligence Professional (CTIP)Course page
Dark Web & Cyber Threat IntelligenceE-Learning with offline instructor supportBasic6 hours, 5 modules, 17 lessonsCyber Threat Intelligence Fundamental (CTIF)E-Learning course

Dark Web & Cyber Threat Intelligence – Live Class

The Live Class version is an intermediate-level course designed to provide participants with technical, operational, and strategic skills for understanding the dark web and Cyber Threat Intelligence. The course combines instructor-led lessons, practical analysis workflows, and intelligence-oriented exercises.

Main characteristics

  • Provider: Red Hot Cyber Academy
  • Course code: RHC0002
  • Format: Live Class with instructor
  • Course name: Dark Web & Cyber Threat Intelligence
  • Level: Intermediate
  • Duration: 15 hours
  • Prerequisites: Internet navigation skills and basic cybersecurity knowledge
  • Certification: Cyber Threat Intelligence Professional (CTIP), issued by Red Hot Cyber after completion of the final exam
  • Instructor: Pietro Melillo

Main topics

  • Dark web and protected networks
  • Safe access to the dark web
  • Underground resources, dark markets, and cybercrime forums
  • Threat actors and underground ecosystems
  • Botnets and infostealers
  • Zero-day vulnerabilities and exploit markets
  • Initial Access Brokers
  • Telegram and cybercriminal communities
  • Malware-as-a-Service (MaaS)
  • Threat hunting and Indicators of Compromise (IoC)
  • Cyber Threat Intelligence fundamentals
  • OSINT, HUMINT, TECHINT, and CLOSINT sources
  • Traffic Light Protocol (TLP)
  • Intelligence collection tools and workflows
  • Ransomware gangs and Ransomware-as-a-Service (RaaS)
  • Data Leak Sites (DLS)
  • Ransomware monitoring sources
  • Open-source and commercial intelligence tools
  • Monitoring, detection, and analysis methodologies
  • Practical exercises and intelligence reporting activities

The course is also connected to the DarkLab Intelligence Laboratory, an operational learning environment designed to help students apply the skills acquired during the course through threat analysis, dark web investigation, and intelligence reporting activities.


Dark Web & Cyber Threat Intelligence – E-Learning

The E-Learning version is a basic-level course designed for learners who want to approach dark web intelligence and Cyber Threat Intelligence through a structured, accessible, and self-paced format.

Main characteristics

  • Provider: Red Hot Cyber Academy
  • Format: E-Learning with offline instructor support
  • Level: Basic
  • Duration: 6 hours of video content
  • Structure: 5 modules and 17 lessons
  • Prerequisites: Basic knowledge of Internet navigation and fundamental cybersecurity concepts
  • Certification: Cyber Threat Intelligence Fundamental (CTIF)
  • Instructor: Pietro Melillo

Course modules

  • Introduction to the course
  • Welcome and course onboarding
  • Discovering the dark web
  • Introduction to the dark web
  • History of the dark web
  • Safe access to the dark web
  • Dark markets and dark forums
  • Data Leak Sites
  • Legal considerations
  • Introduction to Cyber Threat Intelligence
  • Threat Intelligence lifecycle
  • Information sources and data collection
  • Cyber Threat Intelligence analysis models
  • Intelligence sharing and collaboration
  • Intelligence reporting and communication
  • Threat actors and ransomware gangs
  • Case study and final content

The course is intended for people who want to understand the fundamentals of dark web analysis and Cyber Threat Intelligence, with a practical introduction to threat identification, intelligence lifecycle concepts, data sources, analysis models, and reporting.


IUSI Corporate University (Ferrara, Italy)

Cyber Security Instructor (10/2022 - 10/2024)

  • Designed and delivered advanced training programs in cybersecurity and Cyber Threat Intelligence, including incident response, threat analysis, and offensive security fundamentals.
  • Supervised students on applied cybersecurity projects, combining academic rigor with practical threat intelligence and penetration testing workflows.
  • Developed hands-on labs focused on emerging threats, attack techniques, vulnerability assessment, and defensive strategies.
  • Supported the development of practical learning paths aimed at connecting technical skills, adversary analysis, and real-world cybersecurity operations.

Main Teaching Areas

AreaTeaching Focus
Cyber Threat IntelligenceCTI lifecycle, intelligence requirements, source evaluation, collection, processing, analysis, dissemination, feedback, and intelligence reporting
Dark Web IntelligenceSafe access models, underground resources, forums, markets, data leak sites, cybercriminal communities, and legal/ethical boundaries
Ransomware EcosystemsRansomware gangs, RaaS models, extortion strategies, affiliate structures, data leak sites, victim disclosure dynamics, and threat actor behavior
Threat Actor AnalysisActor profiling, infrastructure mapping, behavioral patterns, TTP analysis, MITRE ATT&CK mapping, and adversary tracking
Incident Response & Threat HuntingIoC/IoA lifecycle, detection workflows, investigation logic, alert triage, threat hunting hypotheses, and operational response
OSINT & CLOSINTOpen-source and closed-source intelligence collection, enrichment, correlation, source reliability, and analytical limitations
Security Governance & RiskCyber risk management, compliance, awareness, NIS2-oriented governance, ISO/IEC 27001 alignment, and enterprise security strategy
Attack Surface & Vulnerability ManagementExternal exposure analysis, vulnerability prioritization, CVSS/EPSS-based decision-making, remediation workflows, and executive reporting
Malware & CybercrimeMalware ecosystems, infostealers, botnets, MaaS models, adversary tooling, and cybercriminal monetization models
Awareness & Digital RiskCybersecurity awareness, phishing resilience, safe behavior, digital exposure, and risk communication for non-technical audiences

Teaching Methodology

My teaching methodology is built around four principles:

  1. Operational realism — lessons are grounded in real adversary behavior, public intelligence sources, enterprise security challenges, and current threat scenarios.
  2. Structured analysis — students are guided through repeatable intelligence workflows, from collection and enrichment to reporting and decision support.
  3. Practical experimentation — courses include hands-on activities, case studies, laboratories, and exercises designed to develop analytical autonomy.
  4. Strategic translation — technical findings are connected to governance, risk management, executive communication, and organizational resilience.

Mentoring & Educational Impact

Across academic programs, professional training, and thesis supervision, my objective is to help students and professionals develop a mature understanding of cybersecurity as both a technical and strategic discipline.

The goal is not only to teach tools or concepts, but to build the ability to interpret adversarial behavior, structure evidence, communicate intelligence, and support security decisions in complex organizational environments.