Luigi Ferri

Luigi Ferri

Certified
Senior Project Manager for Security & Compliance at Utimaco GmbH

Greetings, my name is Luigi, and I am committed to helping individuals develop skills and achieve their professional aspirations. In my opinion, the key to professional growth lies in taking responsibility for your own development, asking introspective questions, creating a learning path, and defining achievable milestones. With over 25 years of experience in the field of ICT, I have worked with renowned companies such as Utimaco, Giesecke+Devrient Mobile Security, Volkswagen Financial Services, Serco, Vodafone, and Swisscom. It would be my pleasure to support you in your journey towards attaining your goals. Let me accompany you on this journey and help you achieve your full potential. Stay Connected: Spotify: podcasters.spotify.com/pod/show/theitsmpractice Youtube: https://www.youtube.com/@theitsmpractice Website: http://www.theitsmpractice.com Contact: Direct message on LinkedIn

My Mentoring Topics

  • Project Management (Prince2, Scrum)
  • IT Service Management (ITIL, ISO/IEC 20000)
  • IT Security (ISO/IEC 27001, ISO/IEC 27002)
  • Business Continuity & Risk Management (ISO/IEC 22301, ISO/IEC 31000)
  • Secure Software Development Lifecycle
  • Cloud Security (ISO/IEC 27017)
  • FinOps
  • DevOps and DevSecOps
  • Identity Management
  • Digital Transformations
M.
29.November 2023

I love my conversation with Luigi. He is so nice and comfortable to talk and share his insights. He will keep following up with my improvement and giving me feedback. He also sent me some learning material references to improve my skills. Looking forward to seeing him next time

H.
21.February 2023

Great meeting , conforting, and friendly! Luigi shared with me some insights on what the next steps might be in my project.

J.
1.November 2022

Luigi helped me a lot to understand IT security better. I work in the manufacturing environment on digitalization project. Luigi gave me information which was related to both how to improve myself as tips on how to do digitalization projects from the perspective of IT security. Thank you a lot Luigi!

P.
23.May 2022

Very helpful. Thanks for taking the time to explain the need for certain processes and validate my ideas. Thank you for sharing learning material.

R.
16.April 2022

Good overview and balance between the big picture and small details.

E.
19.February 2022

You are welcoming, and I felt comfortable throughout our session. The pieces of advice you provided were genuine, and it helped to clear most of my doubts and queries. I am looking forward to more learning and guidance from you.

M.
8.February 2022

Yes. The session with Luigi was great and provided me with clear picture on possible new paths in my career

S.
26.January 2022

Great session! Find it very helpful. Thanks again.

C.
12.January 2022

Luigi is a knowledgeable and warm person. His insights are very valuable and takes the time to review one's profile and tailor his guidance accordingly. I look forward to meeting him again!

I.
6.January 2022

The session was quick and to the point, a meeting of like minded people. I enjoyed the insights & recommendations that Luigi shared based on the journey that he has walked. And it also reminded me that Information Security is a worldwide issue, my options for where i could end up are only limited by my imagination. The follow-up information was also quite a gem, I really appreciated it.

E.
3.January 2022

It was an insightful one. I had a broader perspective about my job search which was kind of limited prior to our meeting.

J.
11.November 2021

I have been very pleased with the way that the mentoring session went and I feel that I benefited greatly from being able to discuss work and career-related issues with someone who was not directly involved in my work and had no detailed knowledge of it. Since starting the mentorship session, I have changed my view towards the career and am certain that I would not have changed my views about the my current role if we had not had our mentorship sessions. The advice received was always dispassionate, well-considered and very constructive, and as such I found it incredibly helpful. It encouraged me to look at things in a different way and helped me to be able to take a more objective perspective on my achievements, career development options and future plans. My mentor is really talented and very helpful and had really given time to me and helped me to think through my workload and which areas to prioritize. We chat a bit about our lives generally and moan a little about the challenges of the work but he is very generous and mainly lets me focus on my most pressing issues. I couldn’t be happier with the quality of mentorship I received and with the way that this was all organized by Luigi.

M.
14.October 2021

It was very helpful

ITIL® 4 Leader Digital and IT Strategy (DITS) Courseware
Van Haren Learning Solutions

Key Insights from the Book Understanding the digital world: The book sheds light on the importance of understanding the digital world, its evolution, and the role of IT strategy in driving digital transformation. The role of IT strategy in business: The book explains how IT strategy aligns with the business strategy and how it contributes to achieving business goals. Leadership and culture in digital transformation: The book emphasizes the role of leadership and culture in driving and managing digital transformation within an organization. Strategic approaches for digital transformation: The book outlines various strategic approaches and models that help in achieving successful digital transformation. Risk management in digital transformation: The book underscores the importance of identifying, assessing, and managing risks associated with digital transformation. Measuring the success of IT strategy: The book details metrics and key performance indicators (KPIs) to measure the success of the IT strategy. IT governance and compliance: The book discusses IT governance and how it ensures that IT investments align with business objectives, and the role of compliance in maintaining the integrity of IT systems. Implementing IT strategy: The book provides a roadmap for implementing IT strategy, which includes planning, execution, monitoring, and continuous improvement. Emerging technologies and IT strategy: The book highlights the impact of emerging technologies like Artificial Intelligence (AI), Internet of Things (IoT), and blockchain on IT strategy. IT service management: The book focuses on IT service management (ITSM) and how it supports IT strategy. The ITIL Framework: The book introduces the ITIL 4 framework, which provides a practical and flexible basis to support organizations on their journey to the new world of digital transformation. An In-Depth Analysis of the Book The book "ITIL® 4 Leader Digital and IT Strategy (DITS) Courseware" by Van Haren Learning Solutions provides a comprehensive guide to understanding and implementing IT strategy in the age of digital transformation. It is a valuable resource for IT professionals, managers, and leaders who want to align IT strategy with business strategy and drive digital innovation within their organizations. The book begins by highlighting the importance of understanding the digital world and the role of IT strategy in driving digital transformation. It emphasizes that adopting a digital mind-set is crucial for organizations to stay competitive in today's digital age. The book further explains how IT strategy aligns with business strategy and contributes to achieving business goals. This insight underscores the strategic role of IT not just as a support function, but as a business enabler. An important aspect covered in the book is the role of leadership and culture in driving and managing digital transformation. The book stresses that effective leadership and a supportive culture are essential for successful digital transformation. Leaders should not only be tech-savvy but also have a clear vision and the ability to inspire and motivate their teams to embrace change. The book outlines various strategic approaches and models that help in achieving successful digital transformation. It also underscores the importance of identifying, assessing, and managing risks associated with digital transformation. This insight is crucial since digital transformation involves a significant amount of uncertainty and risks that can impact the organization's performance and reputation. Another key insight from the book is the importance of measuring the success of the IT strategy. It details metrics and KPIs that can help organizations evaluate the effectiveness of their IT strategy. This is important to ensure that the IT strategy is delivering the desired results and contributing to the organization's goals. The book further discusses IT governance and how it ensures that IT investments align with business objectives. It also highlights the role of compliance in maintaining the integrity of IT systems. This is critical in today's environment where regulatory requirements are becoming increasingly stringent and non-compliance can result in severe penalties. The book concludes by providing a roadmap for implementing IT strategy, which includes planning, execution, monitoring, and continuous improvement. It highlights the impact of emerging technologies like AI, IoT, and blockchain on IT strategy and focuses on ITSM and how it supports IT strategy. Finally, the book introduces the ITIL 4 framework, which provides a practical and flexible basis to support organizations on their journey to the new world of digital transformation. This framework is a valuable tool for IT professionals to effectively manage IT services and drive digital transformation. In conclusion, "ITIL® 4 Leader Digital and IT Strategy (DITS) Courseware" provides a comprehensive guide to understanding and implementing IT strategy in the digital age. It is a must-read for anyone who wants to navigate the complex landscape of digital transformation and drive strategic value through IT.

View
Implementing the ISO/IEC 27001:2013 ISMS Standard
Edward Humphreys

Key Facts and Insights The book provides a comprehensive guide to implementing ISO/IEC 27001:2013 ISMS Standard. The implementation of the standard requires a risk-based approach that is highly dependent on the organization's context. The book emphasizes on the importance of leadership commitment and involvement for successful implementation of ISMS. There's a focus on maintaining and improving the ISMS once it is implemented, through regular audits and management reviews. The book presents a clear roadmap for ISMS implementation including establishing the context, assessing risks, selecting controls, and monitoring effectiveness. It provides detailed explanations of the mandatory clauses and controls in the ISO/IEC 27001:2013 Standard. The book also provides practical examples and case studies to illustrate the implementation process. It also discusses the certification process for the ISO/IEC 27001:2013 ISMS Standard. The book emphasizes the importance of integrating ISMS with other management systems in the organization. It demonstrates how ISMS can be used as a tool for business improvement and strategic advantage. Content Analysis and Conclusions "Implementing the ISO/IEC 27001:2013 ISMS Standard" by Edward Humphreys is a comprehensive guide that provides a step-by-step methodology for implementing the ISO/IEC 27001:2013 ISMS Standard in any organization. The book is divided into various sections, each focusing on different aspects of the standard and its implementation. The initial chapters of the book provide an overview of the standard, its objectives, and the benefits of implementing it. Humphreys emphasizes that the implementation of the standard should be a top-down approach, with strong leadership commitment being a key factor for success. The author then delves into the specifics of the standard, explaining the mandatory clauses and controls in detail. The explanations are very clear and concise, making it easy for readers to grasp the requirements of the standard. The book also provides practical examples and case studies to illustrate the implementation process, which I found to be very helpful. A significant part of the book is dedicated to the risk-based approach that is required for the implementation of the standard. Humphreys explains how to establish the context of the organization, assess risks, and select appropriate controls to manage those risks. The book also discusses the certification process for the ISO/IEC 27001:2013 ISMS Standard. Humphreys provides a clear roadmap for organizations to follow in order to achieve certification. Another key insight from the book is the importance of maintaining and improving the ISMS once it is implemented. Humphreys stresses the need for regular audits and management reviews to ensure the effectiveness of the ISMS and to identify areas for improvement. The book also encourages integrating ISMS with other management systems in the organization. This is an important point as it ensures that the ISMS is not viewed as a standalone system, but as an integral part of the organization's overall management system. The final chapters of the book demonstrate how ISMS can be used as a tool for business improvement and strategic advantage. Humphreys argues that a well-implemented ISMS can not only protect an organization from information security risks but also provide it with a competitive advantage. In conclusion, "Implementing the ISO/IEC 27001:2013 ISMS Standard" is a valuable resource for anyone involved in information security management. It provides a clear roadmap for the implementation of the ISO/IEC 27001:2013 Standard, and equips readers with the knowledge and tools they need to successfully implement and maintain an ISMS in their organization.

View
Practical Cloud Security - A Guide for Secure Design and Deployment
Chris Dotson

Key Facts and Insights from the Book Cloud security is a shared responsibility between the cloud service provider and the client. Understanding cloud architecture is crucial for implementing effective cloud security measures. The book provides a comprehensive overview of the various security controls and mechanisms available for cloud environments. Dotson emphasizes the importance of a threat modelling approach to cloud security. Compliance with regulatory frameworks and standards is a major aspect of cloud security. Effective cloud security requires a deep understanding of Identity and Access Management (IAM). The book provides practical recommendations for secure cloud design and deployment. Encryption, Key Management, and Secure APIs are among the technical aspects discussed in detail in the book. Dotson provides case studies and practical examples to illustrate the challenges and solutions in cloud security. Incident response and disaster recovery strategies in the cloud environment are discussed in the book. In-depth Analysis and Summary "Practical Cloud Security - A Guide for Secure Design and Deployment" by Chris Dotson is a comprehensive guide to mastering the intricate aspects of cloud security. As an experienced professor dealing with these topics for many years, I find this book to be an invaluable resource for anyone seeking to understand and implement effective security measures in a cloud environment. The book begins by emphasizing the shared responsibility model in cloud security. This concept is fundamental as it delineates the roles of the cloud service providers and the clients in ensuring a secure cloud environment. The service providers are responsible for the security of the cloud while the clients are responsible for security in the cloud. Understanding the architecture of the cloud is another key insight from the book. Dotson explores how the different components of a cloud environment interact and the potential vulnerabilities that may arise. This understanding is crucial as it informs the design and implementation of security controls. Security controls and mechanisms are discussed in depth in the book. These include firewall and network security controls, encryption and key management strategies, secure APIs, and IAM controls. The author provides practical recommendations on how these controls can be effectively implemented in a cloud environment. Dotson advocates for a threat modelling approach to cloud security. This approach involves identifying potential threats, assessing the risks they pose, and implementing appropriate mitigation measures. This proactive approach to security is more effective than the traditional, reactive approach. Compliance with regulatory frameworks and standards is another major aspect of cloud security covered in the book. Dotson discusses various standards such as ISO 27001, PCI DSS, and GDPR, and their implications for cloud security. The importance of aligning security measures with these standards cannot be overstated. The book provides a deep dive into IAM – a critical aspect of cloud security. Effective IAM involves managing users' identities and controlling their access to resources. Dotson discusses various IAM strategies and provides practical tips for their implementation. Technical aspects such as encryption, key management, and secure APIs are discussed in detail in the book. These are important aspects of cloud security that require a deep understanding for effective implementation. Dotson uses case studies and practical examples to illustrate the challenges and solutions in cloud security. These examples provide a practical perspective to the theoretical concepts discussed in the book, making it easier for readers to understand and apply these concepts. Finally, the book discusses incident response and disaster recovery strategies in the cloud environment. These are important aspects of cloud security as they ensure business continuity in the event of a security incident. In conclusion, "Practical Cloud Security - A Guide for Secure Design and Deployment" by Chris Dotson is a comprehensive guide to understanding and implementing effective security measures in a cloud environment. The book provides practical insights and recommendations that can be applied in real-world scenarios, making it an invaluable resource for anyone dealing with cloud security.

View
Managing Successful Projects with PRINCE2
Great Britain. Office of Government Commerce

Key Facts and Insights from the Book PRINCE2 is a universally accepted project management methodology: PRINCE2 (Projects In Controlled Environments) is a versatile and adaptable framework used worldwide, which can be applied to any project regardless of its size, industry, and complexity. PRINCE2 is built on seven principles: These principles form the foundation of PRINCE2's approach to project management, which are continued business justification, learn from experience, defined roles and responsibilities, manage by stages, manage by exception, focus on products and tailor to suit the project environment. It emphasizes the importance of clear project organization: The book details a structured model for project organization, emphasizing the importance of clearly defined roles and responsibilities for successful project delivery. PRINCE2 is a process-based approach: The book outlines seven key processes that guide the project from start to finish, providing clear steps for project management teams to follow. It provides a detailed guidance on risk management: The book provides extensive insights into managing risks and issues that may arise during a project lifecycle. PRINCE2 is adaptable: The book highlights how PRINCE2 methodology can be tailored to fit a wide range of project environments, sizes, and complexity. PRINCE2 encourages learning and improvement: The book promotes the idea of learning from past projects and improving project management practices continuously. The book serves as a manual: It is not just a theoretical text, but serves as a practical manual for running successful projects using PRINCE2. It also serves as a reference guide for the PRINCE2 certification exam: The book is a valuable resource for professionals preparing for the PRINCE2 certification exam. In-depth Analysis of the Content "Managing Successful Projects with PRINCE2" is a comprehensive guide to the globally recognized PRINCE2 project management methodology. The book demonstrates the versatility and adaptability of PRINCE2, highlighting its applicability across a wide range of industries and project types. The book meticulously outlines the seven principles of PRINCE2: continued business justification, learn from experience, defined roles and responsibilities, manage by stages, manage by exception, focus on products and tailor to suit the project environment. These principles serve as the guiding lights for the entire project management process, ensuring that every decision made aligns with the project’s objectives and business case. A major insight from the book is the importance of clear project organization. PRINCE2 emphasizes the need for clearly defined roles and responsibilities in a project. This clarity serves as the backbone for efficient project delivery, as each team member knows exactly what is expected of them, reducing the likelihood of confusion or overlap of duties. The PRINCE2 methodology is process-based, with the book outlining seven key processes that guide the project from initiation to closure. These processes provide a roadmap for project management teams, clearly delineating the steps to follow at each stage of the project. Risk management is another critical aspect highlighted in the book. It provides extensive insights into identifying, assessing, and mitigating risks and issues that may arise during the project lifecycle. This approach ensures that project teams are well-equipped to handle potential challenges, thus increasing the likelihood of successful project delivery. An important takeaway from the book is the adaptability of PRINCE2. The book underscores how the PRINCE2 methodology can be tailored to fit different project environments, sizes, and complexity. This flexibility makes PRINCE2 a highly effective and practical project management tool across various industries and project types. PRINCE2 encourages learning from past experience and continuous improvement. The book promotes this idea, emphasizing the need to learn from past projects and to continually refine project management practices for better outcomes. The book serves not just as a theoretical text, but as a practical manual for running successful projects using PRINCE2. It is a valuable resource for both experienced project managers and those new to the field. Additionally, it is an excellent reference guide for professionals preparing for the PRINCE2 certification exam. In conclusion, "Managing Successful Projects with PRINCE2" is a thorough, practical, and insightful guide to the PRINCE2 project management methodology. It provides a clear roadmap for project delivery, from inception to closure, underpinned by seven guiding principles, a process-based approach, and a strong emphasis on risk management and continuous improvement. The book’s adaptability to various project environments makes it a critical resource for any project manager.

View
IT Governance - Implementing Frameworks and Standards for the Corporate Governance of IT
Alan Calder

Key Facts and Insights from the Book: The importance of IT governance in a company's overall corporate governance. The role of standards and frameworks in effectively implementing IT governance. The interplay between risk management, compliance, and IT governance. The significance of aligning IT strategy with the business strategy. The necessity of clear roles and responsibilities in IT governance. How to measure the effectiveness of IT governance. The importance of continual improvement and maturity models in IT governance. The role of IT governance in cybersecurity. The impact of emerging technologies on IT governance. Case studies and practical examples of IT governance implementation. The challenges and pitfalls to avoid in implementing IT governance. An In-depth Analysis of the Book: IT Governance - Implementing Frameworks and Standards for the Corporate Governance of IT, written by Alan Calder, is a seminal work that delves into the intricacies of IT governance and its role in the larger picture of corporate governance. The book begins by establishing the significance of IT governance within the broader framework of corporate governance. Calder asserts that in today's digital age, IT governance is not an isolated function but an integral part of a company's overall governance. He emphasizes that IT is not merely a support function but a strategic asset that can drive business performance and value. Calder discusses the role of standards and frameworks, such as COBIT, ITIL, and ISO 27001, in implementing effective IT governance. These provide a structured approach to IT governance, ensuring that IT processes align with business objectives, manage risks effectively, and provide a benchmark for measuring the performance of IT governance. The author also explores the relationship between risk management, compliance, and IT governance. He stresses the need for a comprehensive risk management strategy that identifies, assesses, and manages IT-related risks. Compliance, on the other hand, ensures that IT governance adheres to legal, regulatory, and contractual requirements. Aligning IT strategy with business strategy is another crucial aspect the book delves into. Calder argues that IT should not function in a silo but should be closely aligned with the business's strategic goals. This alignment ensures that IT initiatives contribute to achieving business objectives, improving business processes, and enhancing customer value. The book also emphasizes the importance of defining clear roles and responsibilities in IT governance. A well-defined governance structure, with clear roles and responsibilities, ensures accountability, enhances decision-making, and promotes effective communication. Calder then discusses how to measure the effectiveness of IT governance. He suggests metrics and key performance indicators (KPIs) to track the performance of IT governance and make necessary adjustments. The author also talks about the concept of continual improvement and maturity models in IT governance. These models provide a roadmap for improving IT governance over time and achieving a higher level of maturity. IT governance's role in cybersecurity is another key aspect discussed in the book. Calder stresses that good IT governance can significantly enhance an organization's cybersecurity posture by ensuring effective risk management, compliance, and incident response. Calder also touches upon the impact of emerging technologies, like AI and blockchain, on IT governance. He asserts that these technologies present both opportunities and challenges for IT governance, requiring companies to adapt their IT governance frameworks accordingly. The book also includes several case studies and practical examples of IT governance implementation, providing readers with real-world insights into the topic. Finally, the book outlines some common challenges and pitfalls to avoid in implementing IT governance. These include lack of top management support, lack of clear roles and responsibilities, poor alignment between IT and business, and inadequate risk management. In conclusion, Calder's book provides a comprehensive guide to implementing effective IT governance. His insights, drawn from years of experience, offer invaluable lessons for organizations seeking to leverage IT as a strategic asset. By adhering to the principles and practices outlined in this book, companies can ensure that their IT governance is robust, effective, and aligned with their business objectives.

View
Cloud FinOps - Collaborative, Real-Time Cloud Financial Management
J.R. Storment, Mike Fuller

Key Facts and Insights from the Book Cloud financial management is a collaborative effort: It isn't the responsibility of a single department or individual but requires input from multiple stakeholders including finance, engineering, and operations. Real-time cloud cost visibility is a necessity: Constant tracking and monitoring of cloud costs are needed to ensure optimal allocation of resources and prevent cost overruns. Effective cloud cost optimization strategies: The book provides comprehensive strategies for achieving cloud cost efficiency such as rightsizing instances, selecting the right pricing models, and eliminating wasted resources. Importance of a Cloud FinOps team: Establishing a dedicated team to manage and optimize cloud financial operations is critical for organizations using cloud services. Understanding cloud pricing models: The book offers a deep dive into various cloud pricing models, their pros and cons, and how to choose the most cost-effective model for your organization. Role of automation in Cloud FinOps: Automation of cloud financial management processes can lead to improved accuracy, efficiency, and cost savings. The need for a cloud financial management culture: Cultivating a culture of cloud cost awareness and responsibility across all levels of the organization is crucial for effective cloud financial management. Cloud FinOps maturity model: The book introduces a Cloud FinOps maturity model that organizations can use to assess their progress and identify areas for improvement. Cloud cost governance and compliance: Implementing robust governance and compliance measures are vital to controlling cloud costs and ensuring regulatory compliance. Case studies and real-world examples: The book includes numerous case studies and examples demonstrating the practical application of Cloud FinOps principles. Future of Cloud FinOps: The book anticipates how Cloud FinOps might evolve in the future, reflecting changes in cloud services, pricing models, and organizational needs. In-Depth Summary and Analysis The book is a comprehensive guide to understanding and implementing Cloud FinOps, a discipline that focuses on collaborative, real-time financial management of cloud resources. Drawing on their extensive experience in the field, authors J.R. Storment and Mike Fuller emphasize that cloud financial management should not be viewed as a standalone function but rather as a collaborative effort involving various stakeholders. An important concept introduced early in the book is the need for real-time visibility of cloud costs. Without constant monitoring and tracking, organizations can quickly find themselves facing unexpected cloud expenses. **This real-time visibility is achieved through the use of tools and dashboards that provide insights into the current cloud cost and usage data.** The book provides an in-depth look at various strategies for optimizing cloud costs. These include rightsizing instances to match workload requirements, selecting the most cost-effective pricing models, and eliminating wasted resources. **A particularly useful segment of the book is the discussion on different cloud pricing models.** The authors explain the nuances of on-demand, reserved, and spot instances, thereby enabling readers to make informed decisions about which model best suits their organization's needs. The authors also underscore the importance of establishing a dedicated Cloud FinOps team. This team, which can include members from finance, engineering, and operations, is responsible for managing and optimizing cloud financial operations. The Cloud FinOps team plays a crucial role in promoting a culture of cloud cost awareness and responsibility across the organization. Automation emerges as a key theme in the book. **The authors argue that automating cloud financial management processes can lead to improved accuracy, efficiency, and cost savings.** This can include automation of cost tracking, reporting, and optimization tasks. Introducing the Cloud FinOps maturity model, the authors provide organizations with a practical tool for assessing their progress in implementing Cloud FinOps principles. This model can help identify areas for improvement and guide future efforts. **The book also emphasizes the importance of robust governance and compliance measures in controlling cloud costs and ensuring regulatory compliance.** This includes establishing policies for cloud resource usage, implementing cost control measures, and conducting regular audits. Throughout the book, the authors include numerous case studies and real-world examples. These not only demonstrate the practical application of Cloud FinOps principles but also provide readers with insights into the challenges and successes experienced by other organizations. Looking towards the future, the authors speculate on how Cloud FinOps might evolve to reflect changes in cloud services, pricing models, and organizational needs. **This forward-looking perspective is particularly valuable in a field that is rapidly evolving and where staying ahead of the curve is crucial.** In conclusion, "Cloud FinOps - Collaborative, Real-Time Cloud Financial Management" is a must-read for anyone involved in managing cloud resources. The authors provide a thorough and practical guide to implementing Cloud FinOps principles, backed by real-world examples and insights.

View