Personal Profile

Born on 1978. I have more than 12 years of experience in IT Security. I have been involved in projects in Europe, Africa, and in the United States. My actual field is electonic healthcare. I am an active contributor of European Large Scale Pilots. I am ITIL and ISO 27000 certified and I have a lot of interests (see below). Download full CV.

Computer Science

My job is in IT. I am 1/3 Developer, 1/3 Agile Security Architect, and 1/3 Editor of standards. In IT I enjoy continual improvement. I like participating international task forces, challenges, and emergency situations. I think at coding as one of the most important stage of any IT process. I am a Computing Reviews reviewer.


I am a wine maker, for leisure. I inherited a small wineyard in Chianti, and I am following one of the old Chianti recipes (Canaiolo, Malvasia, and Sangiovese). My high school was in agriculture, which is part of my cultural heritage. I strongly believe in organic agriculture. I think that IT and mathematical modelling will help us to build a better and sustainable future.


I play classical guitar, samba and bossa nova. I also play electric guitar, where I try to play funky, but it's hard!


I love sports: I am playing baseball since I was 16, with various interruptions. In the meanwhile I enjoyed Karate for 8 years. I am actually playing fastpich in Antella. I love running, I am an happy half-marathon runner.

IT Security

I am an IT Security Architect. I developed, planned, and engineered IT security measures in Africa, Europe, and in the United States. Service Oriented Architectures (e.g., web services) security is my main focus, SAML, XACML, XSPA, TrustEl, Stork, XUA, OAuth are the keywords


I am a Object Oriented Java developer, with strong background in C and MATLAB. I follow Kent Beck's Test Driven Development, and I fit in Continuos Delivery settings


I am used to play Lego with international standards and profiles (such as ISO, IHE, ETSI, HL7, OASIS, and rfcs). I use them, I contribute to them and I develop them


My academical background is in Computer Science

Ph.D., Formal Methods

I have a Ph.D. (italian Dottorato di Ricerca, Doctor Europaeus) in formal methods applied to Computer Science, obtained from the University of Florence. My thesis has been reviewed by Fraunhofer, University of Leicester, and ICT4G fellows.

M.Sc., Numerical Analysis

I have a master's degree in Computer Science, with a specialization in numerical analysis. I have made my thesis at CERN, at the LHC Computing Grid (LCG).

My Results


My academic studies began with a typical computer science master (curricula of five years). During the studies I appreciated numerical analysis and I kept the focus on Computer Aided Geometric Design, Mathematical Modelling, Approximation Theories, Numerical Optimization, and Neural Networks. Under the supervision of CERN's scientists I started to learn GRID security. At the time (2006) the LCG was the biggest attempt to a huge-scale computing. I began the Ph.D. to try to become an expert in IT Security, after the Geneva experience. The first result has been published in 2008 and it was about an attack to SAML assertions, in the layout widely used in the eHealth sector. The formal method used was model checking. Using the same approach, other results have been found (faulty Proof-of-Concept, protocol for sharing data in disconnected environments), which witness the strength of formal methods in the real world.


My career started as a C developer and it slowly moved to a more architectural approach. Nevertheless, development is still a constant. Only three experiences are listed here. A complete list is available in the full CV.

Tiani "Spirit" GmbH, 2007 -

SME based in Vienna, specialized in eHealth. Here I am full time employed as architect / java developer / consultant for the Ministry of Health. I participated in the development of the epSOS, IHE Security profiles, eSens, and many other projects. At the time of writing, I have a mandate to explore the Gas and Energy sectors for IT interoperability.

CERN 2006

I was at CERN as student. I enjoyed one year of work in one of the most exciting place in the world. I developed a system controlling the availability of the machines in the computer centre.

Fal.Co. S.a.s 2001 - 2005

Fal.Co. was a SME outsourcing developers. I worked with this team as system integrator: I produced C++ code to integraty legacy COBOL applications towards modern frameworks.

Massimiliano Masi, IT Security Architect. Via di Ripoli 249, 50126 Firenze, IT