Teaching
Teaching Philosophy
My teaching activity focuses on connecting academic foundations with operational cybersecurity practice. I work with students, professionals, and executive audiences to move beyond abstract models and understand how adversarial ecosystems, threat intelligence processes, and enterprise security programs operate in real environments.
The common thread across my teaching, supervision, mentoring, and professional training activity is the translation of complex cybersecurity topics into structured, evidence-based learning paths: from Cyber Threat Intelligence, dark web intelligence, ransomware ecosystems, and incident response to vulnerability management, security governance, attack surface analysis, and digital risk awareness.
My approach combines academic rigor, practical laboratories, case-based analysis, and operational experience matured across enterprise cybersecurity, security operations, threat intelligence, and governance functions.
Academic Teaching & Supervision
This section includes university teaching, academic supervision, Ph.D. research activity, thesis co-supervision, and internship collaborations developed within formal academic contexts.
University of Rome Tor Vergata
Industry Lecturer – Master’s in Cybersecurity and Privacy (02/2023 - Present)
- Design and deliver advanced academic modules on Cyber Threat Intelligence, ransomware ecosystems, and dark web intelligence.
- Integrate CTI frameworks such as MITRE ATT&CK and the cyber kill chain with real-world datasets and practical analysis workflows.
- Develop intelligence-driven exercises focused on threat actor profiling, infrastructure mapping, incident response, and threat hunting.
- Bridge academic theory with enterprise security operations, supporting students in understanding how intelligence-driven security models can be applied in real organizational contexts.
University of Sannio
Lecturer & Ph.D. Researcher
- Deliver academic modules focused on ransomware ecosystems, dark web intelligence, and intelligence-driven detection and response.
- Develop research-oriented material that connects academic theory with enterprise CTI operations.
- Co-supervise thesis work on Cyber Threat Intelligence platforms, data leak detection, adversary simulation, ransomware analysis, and attack surface intelligence.
- Contribute to research and teaching activities on threat actor behavior, cybercriminal ecosystems, and data-driven security analysis.
Ph.D. Research
| Academic Path | Thesis Title |
|---|---|
| Ph.D. in Cyber Threat Intelligence | Ecosystem Dynamics and Structural Resilience of the Ransomware Economy |
Thesis Co-Supervision
| Academic Year | Student | Thesis Title |
|---|---|---|
| 2022/2023 | Raffaela Crisci | DARK WEB MONITOR: Evolution of a Threat Intelligence Platform for Monitoring the Dark Web to Intercept Data Leakage |
| 2022/2023 | Valerio Cammarota | Design and Implementation of a Threat Intelligence Platform for the Analysis of the Ransomware Phenomenon |
| 2022/2023 | Giulio Santabarbara | Evolution of the Ransomware Phenomenon: Analysis of the Cybergangs Business Model |
| 2022/2023 | Michele Nuzzo | Cyber Attacks Detection from Adversary Simulation Tools |
| 2022/2023 | Luca Ciarlo | Development and Implementation of Deepye: A Threat Intelligence Platform for Attack Surface Analysis |
Free University of Bozen-Bolzano
Cybersecurity Thesis & Internship Collaboration with Würth Italia (2026 - Present)
Through my role as Chief Information Security Officer at Würth Italia, I support thesis and internship activities involving students from the Free University of Bozen-Bolzano. These projects are developed within an enterprise cybersecurity context and focus on applied topics such as security governance, cyber risk management, vulnerability management, threat intelligence, and secure digital transformation.
The objective is to expose students to real organizational challenges while maintaining a structured academic approach, helping them connect university-level learning with practical cybersecurity operations.
Thesis & Internship Supervision
| Academic Year | Student | Thesis / Internship Topic |
|---|---|---|
| 2026/2027 | Nicole Bortolotti | The Ransomware Economy: Criminal Business Models and New Corporate Responsibilities after NIS2 |
University of Trento
Cybersecurity Thesis & Internship Collaboration with Würth Italia (2026 - Present)
I also support students from the University of Trento who start internship and thesis activities at Würth Italia on cybersecurity-related topics. These initiatives combine academic research, professional mentoring, and practical exposure to enterprise security processes.
Typical areas of work include Cyber Threat Intelligence, security awareness, attack surface analysis, governance and compliance, security operations, and the application of structured methodologies to real-world cyber risk scenarios.
Thesis & Internship Supervision
| Academic Year | Student | Thesis / Internship Topic |
|---|---|---|
| 2025/2026 | Federico Gonzalez | SPEAR: Simulation of Phishing Environments for Awareness and Risk Analysis |
| 2025/2026 | David Brugnara | RansomPly: An Integrated Monitor for Supply Chain Attacks |
| 2025/2026 | Francesco Mario Boldrin | From Reactive to Proactive: Exploring a Behavior-Centered Approach to Ransomware On-Chain Monitoring |
Professional Courses & Training for Organizations
This section separates professional courses, academy programs, and training activities delivered for external organizations from formal university teaching and academic supervision.
The objective of these courses is to provide professionals, analysts, students, and cybersecurity practitioners with structured and practical learning paths on threat intelligence, dark web analysis, ransomware ecosystems, underground communities, cybercrime, and intelligence-driven security operations.
Red Hot Cyber Academy
Instructor – Dark Web & Cyber Threat Intelligence Courses
Red Hot Cyber is an Italian cybersecurity community and media organization focused on cybercrime, vulnerability analysis, digital culture, innovation, events, and professional training. Through the Red Hot Cyber Academy, I deliver dedicated training paths on Dark Web and Cyber Threat Intelligence, available in both Live Class and E-Learning formats.
Course Portfolio
| Course | Format | Level | Duration | Certification | Link |
|---|---|---|---|---|---|
| Dark Web & Cyber Threat Intelligence | Live Class with instructor | Intermediate | 15 hours | Cyber Threat Intelligence Professional (CTIP) | Course page |
| Dark Web & Cyber Threat Intelligence | E-Learning with offline instructor support | Basic | 6 hours, 5 modules, 17 lessons | Cyber Threat Intelligence Fundamental (CTIF) | E-Learning course |
Dark Web & Cyber Threat Intelligence – Live Class
The Live Class version is an intermediate-level course designed to provide participants with technical, operational, and strategic skills for understanding the dark web and Cyber Threat Intelligence. The course combines instructor-led lessons, practical analysis workflows, and intelligence-oriented exercises.
Main characteristics
- Provider: Red Hot Cyber Academy
- Course code: RHC0002
- Format: Live Class with instructor
- Course name: Dark Web & Cyber Threat Intelligence
- Level: Intermediate
- Duration: 15 hours
- Prerequisites: Internet navigation skills and basic cybersecurity knowledge
- Certification: Cyber Threat Intelligence Professional (CTIP), issued by Red Hot Cyber after completion of the final exam
- Instructor: Pietro Melillo
Main topics
- Dark web and protected networks
- Safe access to the dark web
- Underground resources, dark markets, and cybercrime forums
- Threat actors and underground ecosystems
- Botnets and infostealers
- Zero-day vulnerabilities and exploit markets
- Initial Access Brokers
- Telegram and cybercriminal communities
- Malware-as-a-Service (MaaS)
- Threat hunting and Indicators of Compromise (IoC)
- Cyber Threat Intelligence fundamentals
- OSINT, HUMINT, TECHINT, and CLOSINT sources
- Traffic Light Protocol (TLP)
- Intelligence collection tools and workflows
- Ransomware gangs and Ransomware-as-a-Service (RaaS)
- Data Leak Sites (DLS)
- Ransomware monitoring sources
- Open-source and commercial intelligence tools
- Monitoring, detection, and analysis methodologies
- Practical exercises and intelligence reporting activities
The course is also connected to the DarkLab Intelligence Laboratory, an operational learning environment designed to help students apply the skills acquired during the course through threat analysis, dark web investigation, and intelligence reporting activities.
Dark Web & Cyber Threat Intelligence – E-Learning
The E-Learning version is a basic-level course designed for learners who want to approach dark web intelligence and Cyber Threat Intelligence through a structured, accessible, and self-paced format.
Main characteristics
- Provider: Red Hot Cyber Academy
- Format: E-Learning with offline instructor support
- Level: Basic
- Duration: 6 hours of video content
- Structure: 5 modules and 17 lessons
- Prerequisites: Basic knowledge of Internet navigation and fundamental cybersecurity concepts
- Certification: Cyber Threat Intelligence Fundamental (CTIF)
- Instructor: Pietro Melillo
Course modules
- Introduction to the course
- Welcome and course onboarding
- Discovering the dark web
- Introduction to the dark web
- History of the dark web
- Safe access to the dark web
- Dark markets and dark forums
- Data Leak Sites
- Legal considerations
- Introduction to Cyber Threat Intelligence
- Threat Intelligence lifecycle
- Information sources and data collection
- Cyber Threat Intelligence analysis models
- Intelligence sharing and collaboration
- Intelligence reporting and communication
- Threat actors and ransomware gangs
- Case study and final content
The course is intended for people who want to understand the fundamentals of dark web analysis and Cyber Threat Intelligence, with a practical introduction to threat identification, intelligence lifecycle concepts, data sources, analysis models, and reporting.
IUSI Corporate University (Ferrara, Italy)
Cyber Security Instructor (10/2022 - 10/2024)
- Designed and delivered advanced training programs in cybersecurity and Cyber Threat Intelligence, including incident response, threat analysis, and offensive security fundamentals.
- Supervised students on applied cybersecurity projects, combining academic rigor with practical threat intelligence and penetration testing workflows.
- Developed hands-on labs focused on emerging threats, attack techniques, vulnerability assessment, and defensive strategies.
- Supported the development of practical learning paths aimed at connecting technical skills, adversary analysis, and real-world cybersecurity operations.
Main Teaching Areas
| Area | Teaching Focus |
|---|---|
| Cyber Threat Intelligence | CTI lifecycle, intelligence requirements, source evaluation, collection, processing, analysis, dissemination, feedback, and intelligence reporting |
| Dark Web Intelligence | Safe access models, underground resources, forums, markets, data leak sites, cybercriminal communities, and legal/ethical boundaries |
| Ransomware Ecosystems | Ransomware gangs, RaaS models, extortion strategies, affiliate structures, data leak sites, victim disclosure dynamics, and threat actor behavior |
| Threat Actor Analysis | Actor profiling, infrastructure mapping, behavioral patterns, TTP analysis, MITRE ATT&CK mapping, and adversary tracking |
| Incident Response & Threat Hunting | IoC/IoA lifecycle, detection workflows, investigation logic, alert triage, threat hunting hypotheses, and operational response |
| OSINT & CLOSINT | Open-source and closed-source intelligence collection, enrichment, correlation, source reliability, and analytical limitations |
| Security Governance & Risk | Cyber risk management, compliance, awareness, NIS2-oriented governance, ISO/IEC 27001 alignment, and enterprise security strategy |
| Attack Surface & Vulnerability Management | External exposure analysis, vulnerability prioritization, CVSS/EPSS-based decision-making, remediation workflows, and executive reporting |
| Malware & Cybercrime | Malware ecosystems, infostealers, botnets, MaaS models, adversary tooling, and cybercriminal monetization models |
| Awareness & Digital Risk | Cybersecurity awareness, phishing resilience, safe behavior, digital exposure, and risk communication for non-technical audiences |
Teaching Methodology
My teaching methodology is built around four principles:
- Operational realism — lessons are grounded in real adversary behavior, public intelligence sources, enterprise security challenges, and current threat scenarios.
- Structured analysis — students are guided through repeatable intelligence workflows, from collection and enrichment to reporting and decision support.
- Practical experimentation — courses include hands-on activities, case studies, laboratories, and exercises designed to develop analytical autonomy.
- Strategic translation — technical findings are connected to governance, risk management, executive communication, and organizational resilience.
Mentoring & Educational Impact
Across academic programs, professional training, and thesis supervision, my objective is to help students and professionals develop a mature understanding of cybersecurity as both a technical and strategic discipline.
The goal is not only to teach tools or concepts, but to build the ability to interpret adversarial behavior, structure evidence, communicate intelligence, and support security decisions in complex organizational environments.