10+ years in tech. 5+ in cybersecurity.
PCI DSS · GDPR · Secure Development · Team Leadership.
Based in Como, Italy — working across CH/IT.
I'm a Security Engineer who came up through software development — which means I don't just audit systems, I understand how they're built and why they break.
My background spans hands-on PCI DSS and GDPR assessments, leading security teams, and years of frontend engineering on high-traffic platforms. I bridge the gap between development and security operations.
Most of my career has been inside the Lastminute.com Group — one of Europe's largest travel tech companies — where I've held roles from frontend developer to cyber security engineer.
Security-aware frontend development on a travel platform serving millions of users. Leading migration of legacy codebase to TypeScript, with focus on XSS prevention, input validation, and secure API patterns.
Led a security team of 8. Designed and implemented security training programs, drove shift-left security adoption across the engineering organisation, and oversaw infrastructure and application security strategy.
Hands-on PCI DSS and GDPR assessments. Vulnerability scanning and penetration testing using industry-standard tooling. Cross-team collaboration for remediation.
Four years on high-traffic booking platform. Search results, advertising server, and progressive migration from BackboneJS to ReactJS.
Custom JavaScript framework on international e-commerce platform.
I'm open to new opportunities in security engineering, penetration testing, and secure development — particularly in tech companies operating at scale.
me@carlodenaro.com