Cybersecurity is evolving, and so is ITASEC. In this episode of On Location, we recap ITASEC 2025 with Professor Alessandro Armando, exploring how this conference has grown into a key cybersecurity event in Italy.
Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro Armando
Cybersecurity is no longer a niche topic—it’s a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.
Although we weren’t there in person this year, we’re diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.
This year’s event, held in Bologna, showcased the growing maturity of Italy’s cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.
One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.
We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.
And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.
Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it’s headed, and why events like ITASEC matter now more than ever.
🎙️ Stay connected with us—subscribe to On Location with Sean Martin and Marco Ciappelli for more in-depth conversations from the world of cybersecurity, technology, and beyond!
Guest: Professor Alessandro Armando. University of Genoa | Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation | On LinkedIn: https://www.linkedin.com/in/alessandro-armando-67505913/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
This Episode’s Sponsors
HITRUST: https://itspm.ag/itsphitweb
____________________________
Resources
Website: https://itasec.it
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
Sean Martin: Marco,
Marco Ciappelli: Sean,
Sean Martin: ciao. How are you?
Marco Ciappelli: how is your Italian? How's it going?
Sean Martin: It's not good, but my cyber security is way better than my Italian. I
Marco Ciappelli: Are you using chatGPT for your, uh, for your Italian?
Sean Martin: GPT for my Italian.
Marco Ciappelli: Very good. That's a luxury. See
Sean Martin: best was, uh, having chats with your mother. When I, uh, I drove through, uh, went through Florence. That was really nice. She helped me, but then I lost all the, uh,
Marco Ciappelli: you forgot everything. Once you came back to the US, your Italian was gone.
Sean Martin: didn't, you didn't keep me on it. That's I blame you
Marco Ciappelli: Well, well, now you have a homework
Sean Martin: because I take no responsibility myself.
Marco Ciappelli: Okay. Are you ready for a homework for next year?
Sean Martin: All right. Homework.
Marco Ciappelli: So you need to learn Italian because next year we're going to go to Itasec, which is The conference, the official Italian conference on cyber security, and I missed it just [00:01:00] by a few days because I had to come back in the United States, but I did promise to go there next year.
And in the in the meantime, um, I invited Professor Alessandro Armando here on the show so that he can tell us what's been going on uh this year and maybe even the year before what is all about and uh and we'll make a commitment to go on location. I'm sure Sean I don't have to push you to go
Sean Martin: No, no arm twisting needed here. I'll be there in a heartbeat. Yes.
Marco Ciappelli: Very well. Okay. Enough chatting. Uh, Alessandro, welcome to the show.
Alessandro Armando: Thank you. Thank you very much for the kind invitation. I'm very glad to be here and to talk with you. So about the ITASEC. So ITASEC is a national cyber security conference that we, uh, held, uh, we held all the annually, uh, in Italy. So since, uh, 2016. So each year [00:02:00] in a different city, uh, this year was in Bologna.
The, the, not this year that, uh, uh, it was a joint conference. So, uh, let me explain a bit about ITSEC first. So, ITSEC is the result of, uh, the, the product of, uh, of a, uh, of an, in a national cybersecurity, uh, laboratory, which is, uh, overseen, is seen, is a, uh, national. inter university consortium of informatics, where basically all universities offering courses in cyber security or doing research in cyber security participate.
And so, and in, in particular, there is the laboratory in cyber security, which I'm, I'm a director of. As or launched this initiative of having a national Cybersecurity conference back in, uh, 2016. So, and this is already the ninth [00:03:00] edition that, uh, the next year will be the 10th. So, so the time to, so that we've an opportunity to celebrate and, um.
So it's, uh, interesting venue because, uh, uh, we had the privilege to be sent to form kind to do a kind of community building in Italy on cyber security. So at the beginning, back in 2016, there was a lot of work to do in this direction. So we offered a venue where scientists work in cyber security, but also relevant stakeholders, so in governments and institutions.
And also industry could meet and exchange ideas and problems on cybersecurity and over the years, as we all know, cyber security has evolved a lot. And nowadays in Italy, we have, uh, we have, uh, also a national cybersecurity agency, and this, we're very happy to. Host them in, uh, in, uh, in NETASEC, uh, and, uh, and letting them [00:04:00] explain what they do and the, the, the, uh, this, uh, what, uh, the support they are giving to the, to the national community industry and then the public administration to help them getting more secure.
And, uh, so it's, it's a hybrid in a sense, because, uh, the IETA SEC, because it offers the opportunity to scientists to present their research achievements. But at the same time, it offers a showcase for stakeholders, such as the National Cyber Security Agencies and also industry to, to present their problems and the challenges.
And, uh, that's, I think the key of the success of, uh, VitaSec. So that's, uh, was very, and then this year, as I said, it was a joint venture between the National Cybersecurity Laboratory of CINI and, uh, another major, uh, effort that we are conducting here in Italy at the research level, which is called [00:05:00] CERICS, which stands for, is an acronym for Uh, security and rights in the cyberspace that this is a so called extended partnership that where there are public and private partners involved in on a working together on quite ambitious research agenda.
And, uh, thanks also to the, to them. Uh, funding by the European Union in, in the context of, uh, resilience and recovery plan. And, uh, so this, uh, is a three years effort. So we are entering, we are just entered the third years. So it was a good opportunity to present the, the research, the result with the research of all the teams.
So cel. comprises 24 partners, mostly from academia, but we also have top players in cyber security contributing to the work. So that was a nice opportunity to present the result of the project.[00:06:00]
Sean Martin: Yeah. And, uh, Alessandro, I, uh, I see the CERECs events, uh, noted here in the overall program. Can you, can you give us an overview of the, of the structure? There's that event, there's an ACN event, there's a scientific track, a workshop. It's a six calendar day event. Third through the eighth of February is when it was held.
One of the longer conferences,
Alessandro Armando: Yeah, it is.
Sean Martin: A lot of, a lot of stuff. Can you give us like an overview of
Alessandro Armando: Yeah.
Sean Martin: what, what some of the programs are, who, who attends each thing? I'm assuming there's some executives, some practitioners, some education,
Alessandro Armando: Uh, I
Sean Martin: can
Alessandro Armando: propose to go, I'm, I mean, I'm proceeding, uh, chronologically. So starting from the first day was devoted to workshops and, uh, uh, satellite events. One of these was very interesting, very important for us, uh, uh, where we involved the students from the high school. Uh, so especially for [00:07:00] vocational studies, and so they had the opportunity, we had the opportunity to present a research program, which is called the cyber challenge for for for them.
So they basically we provide this, uh, teaching in, uh, in, uh, cyber security, but for hands on activities, basically, where they basically learn by. Uh, by playing essentials, by, by, by using this. So this capture the flag competition. So that's, was I important. We gathered, so we had the opportunity to have, uh, more than 100 students, uh, listening to the presentation of the, uh, program.
And that was the, the, the starting in day. So then we had a, a number of, uh, of workshop that day, specialized workshop in a number of topics. Uh, one on the security of ai. So. Topics of, for instance, machine learning, which is a very [00:08:00] hot topic nowadays. And there was a specialized, uh, workshop on, on these, uh, themes.
And, uh, and then we had, uh, throughout the whole week, we had a number of very relevant keynote speakers. We had the pleasure to have, uh, Giovanni Vigna, uh, having, representing a keynote speech and then Lorenzo Cavallaro. Uh, Batista Vijo and Melanie Reik. So it was very, very nice to, to listen by their own voices in presence, uh, what they are doing, and also confronting them in, uh, talking with the listening and interacting with the, the scientists here in Italy.
And then the first, the second day of the. On Tuesday, there was a presentation by the Deputy Director General of the National Cyber Security Agency and also the Director of the European Cyber Security Center. And, uh, [00:09:00] and, and then the scientific, uh, track started. And we touched, uh, so we organized the scientific tracks in a number of. So there are many topics on human and legal aspects, one of the very several session on that, uh, one on attacks and defenses, uh, including the, the, the role of AI and for us to, for the cyber, but as I said before, also a very important and, uh, the, the, the security of AI, so to what extent we can rely on, on AI and the concern is that it can me.
Also become a new vector for attacks. So if not, uh, uh, um, designed in a proper way or undeployed in a proper, in a proper way. And then we touched, uh, some with technical session, session, touched a number of very, uh, relevant topics. Uh, so. For instance, security [00:10:00] of virtualization and ization technologies and, uh, the, the, uh, the topic on cyber risks, uh, new trends in, in that, in that area and, uh, and so on.
And, um,
Marco Ciappelli: bit of everything.
Alessandro Armando: yes, a bit of everything. So that's, it's, it's so large. Uh, this also explain why. The full week was necessary to present what's going on because cyber security is now so broad. I mean, every bit of ICT is touched by, is affected by cyber security. So that's if you want to talk
Marco Ciappelli: So Alessandro, so I mentioned that many years ago, I think it may have been 2017. I guess that maybe that was the year that was in Pisa and I was there in Italy. I went there. I was in touch with Professor Luigi Martino at the time, and it was a very small venue. Uh, not that many people almost [00:11:00] like classroom.
So it was really at the beginning. I'd love to know from you how This has progressed into become six days with all this truck and and that of course goes along with The importance and the role that cyber security has been taking in society. You mentioned that as well. So I remember in those years when I would say cyber security in italy people would be like what?
What are you talking about? And now, of course, you're here in the news, it's everywhere, European community and so on. So, your vision, because you've been involved with this since the beginning, on how it's progressing and if it's progressing in the right way, in your opinion.
Alessandro Armando: No, my, my vision is, uh, I mean, I, I had the opportunity to solve the community, the cybersecurity community grow the years, and have been fundamental changes also in industry and in the government, uh, [00:12:00] organization. Uh, At the beginning, the beginning, security cybersecurity was not only seen as a, a problem of, uh, it or the IT department, uh, but it was a noise answer that it was a prob a problem that we have to deal with, unfortunately, and, uh, and now it's, uh, it is understood.
Uh, that is also, uh, first of all, it is an op. It, it is not an option anymore. So you must have to deal with it and is, and also companies, uh, even if even a company that are not cyber security providers, uh, but they see also cyber security as an opportunity. So, because, uh, being as, uh, having the right.
Posturing cybersecurity make, made the difference also in terms of perception by the potential customers. So, so that's, that has been a very significant evolution in [00:13:00] this, from this point of view. And so, and there is also, of course, now growing, growing interest in also because as you know, in Europe, we have this tendency to be very, to emphasize the normative part.
And, uh, and so. There have been a number of very important, uh, laws and regulations in cybersecurity. So one of the, this is the so called is DORA is a Digital Operational Resilience Act, uh, for the financial sector. Uh, so I, this morning I was in, in, in, uh, in, uh, the opportunity to participate in a meeting organized by Bank of Italy, uh, concerning the implementation of these regulations, very important, and it provides very.
Significantly advanced, advanced, advanced tech approach and advanced approach to cybersecurity. So in particular, so called threat led penetration testing. So financial institutions, especially the big ones, uh, are, [00:14:00] uh, mandatorily must undergo penetration testing on the System that are under production. So that's not trivial.
Uh, test to be contacted back to my financial through. So, and this just for the financial sectors now in a few weeks ago. Uh, so, and there was also there was also out there. So there is a permutation. The needs to directive, which is also. affecting need or also in just in Italy, uh, only in Italy, 40, 000 companies are affected.
They say it must be basically comply within this new directive. So, but these
Sean Martin: can I, can I pause you? I'm, I'm curious. One thing we'd like to, um. We'd like to explore is kind of the different cultures and I'll say maturity level of different regions around the world, obviously, Italy being part of the [00:15:00] EU. There's a lot driven by the European Union into Italy. But what's your perspective on the culture and the mindset within Italy?
And perhaps as a driver of better security maturity, not just in Italy, but into back into Europe and perhaps around the world.
Alessandro Armando: So, uh, my perception is that, uh, I mean, there is a, there is a, there are a number of regulations that are being implemented right now. Uh, a few years ago, I had the perception that there was kind of, I mean, There was not complete understanding of the need, uh, to, to, to follow this regulation. But now in the light of the new developments, uh, companies and organization, there is understanding that, uh, something so, so there's not just.
It's not, it's not just a compliance issue. So that's, these are homeworks that must be, that [00:16:00] must be done basically. And of course, the problem is that this comes with the cost of implementing a threat led penetration testing. It's. for a financial institution is the cost. I mean, large banks can afford these, uh, smaller, uh, of course, uh, they are not, it is not mandated for smaller companies, but still, uh, it would be beneficial to them, but it comes
Marco Ciappelli: Right. Let's talk a second about that because Sean and I have been talking about this for 10 years with ITSP magazine, which is it needs to be stopped to we need to stop to look at this just as a coast and the famous department of no, right? You said that at the beginning, it is annoyance when it comes to security.
But then we noticed, especially maybe in the US, And that, you know, it becomes an asset, meaning we are [00:17:00] secure, we take care of your privacy, we care about, you know, blah, blah, blah. It becomes branding and marketing as well. So are we at the point, I guess, to go deeper in Sean's question where the perception is changing and being secure is not just a cost, but is an investment?
Alessandro Armando: that's absolutely, uh, that I at least think companies and organization in general understand that. So the problem is that, uh, that's, it's an investment. The problem is that there is a lot of pressure on, uh, on companies and nowadays for a number of reasons. And, uh, so it's, I don't think it's an issue of, uh, uh, willingness.
To undertake is, uh, and implement a cybersecurity program. That's, that is, I mean, I mean, of course I'm generalizing a bit. There are,
Marco Ciappelli: Right. No, of course.
Alessandro Armando: but the tendency is that, I mean, the, [00:18:00] and, uh, but there are many other concerns nowadays. The company is facing a lot of, uh, strains in, in different direction, but for sure, cybersecurity is, were very well perceived, and so I'm sure you, you're.
Aware of the, of the, uh, um, um, cyber, the risk barometer of alliance that they publish, uh, every year. And, and cyber risk is a top concern. Consider, uh, most relevant risk for businesses in general. So along with the, there are other concerns, uh. Uh, so the fact of, uh, uh, climate change and then without very important, but still cyber risk is top this list.
So this, I think the businesses, they know that this is a major issue.
Marco Ciappelli: Right.
Sean Martin: Uh, Sandra. Sorry, Marco. I'm just on this point. So I think it's one, [00:19:00] one slice of the pie from the business perspective. Obviously we looked at the policy, you mentioned education being a big part of Eat the Sec. Where, where does Italy stand in terms of. Of a workforce that's ready, willing, excited, able to participate in the challenges and opportunities ahead.
Alessandro Armando: So here, uh, I'm telling this with, with, with proud. So with pride, so, uh, So as a national cybersecurity laboratory, so we have been working hard on this because we are the consortium of universities. So for us, the main mission is, uh, train and, uh, people and, uh, and, uh, youngsters mostly. So we have. Uh, device.
The a a a very program that initial was, was called Cyber Challenge. It and, uh, with basically all participating university training, [00:20:00] selecting and training 2020 students. So ranging with the age ranging from 16 to to 24. So this also including student from, from student, from the high school. So initially we were, there was just one university, the University of Rome, second year we were six.
Uh, university and now we are 50. And if 50 times 20 students gives, uh, one 1000, which is impressive number I, I believe. And, uh, so this is a, I'm very proud of this because this result, uh, is an, so it's consortium is is a network university and we are leveraging. The fact we have, we are a network, uh, university.
So we have, we have somehow we managed, it was a magic at some point that we stopped reasoning as this individual university competing with each other. And at some point, thanks to predecessors, also, and, uh, they, we [00:21:00] started with thinking as a, as a, the system level. So, and the, the. The work has brought fruits and important one.
So, uh, so we have been given by the, by the government, the, the, the, the privilege and, uh, and also the, the, the, the, um, the privilege to, to organize that support the national cyber security team. So it's, uh, so that competes at the national level on, on, and this year. Uh, so it's called Team Italy and this year we hosted, uh, the European cybersecurity challenge in, uh, uh, in Torino.
So, and, and this was a very nice, there were 40, uh, country participating. Uh, uh, 36 from, if I remember right, 36 from Europe, uh, in broad sense. Uh, and four from outside Europe, overseas. So it was also, uh, US, [00:22:00] uh, UK, uh, as a external, uh, and also Canada, uh, and, uh, it was in Australia. So, and it was very major, major, major event.
Uh, also logistically, as you can imagine, organizing, uh, an event like this and also, which it's not only having a venue, you must also. Set up a platform, uh, the playground for a site to host such as a cyber security event. So there was computing infrastructure and everything went very, very, very well. And, uh, so next year, so this is an event organized by an EISA, the European cybersecurity agency, and, uh, so, and next year it will be in Warsaw in Poland.
So that's, that's.
Marco Ciappelli: Well, I have to say, Alessandro, I'm very, very impressed and very proud as an Italian as well to, to see the progress that, that has been done in, in these, years that, that [00:23:00] this is happening. I know how hard you guys work on this and, uh, I can see a lot of conversation. I hope we will have more conversation with you, with all the, the, the committee and all the people that are part of the programs and, uh, A question is, as we close, do you guys decided where it's going to be next year?
Alessandro Armando: Yeah, of course. . I
Marco Ciappelli: Yeah. Can you
Alessandro Armando: ready,
Marco Ciappelli: it?
Alessandro Armando: I was waiting for this question. So
Marco Ciappelli: Yeah. Tell me about that.
Alessandro Armando: next year will be the beautiful Sardinia. So in
Marco Ciappelli: Oh, wow.
Alessandro Armando: now , that's, uh, so,
Marco Ciappelli: That's, that's interesting. So I, I guess, uh, I never been to Sardinia, so that would be my excuse. Hopefully to, to, to be there. It's definitely a beautiful place to, to check
Alessandro Armando: I look forward to, to see you all in
Marco Ciappelli: Absolutely. And hopefully we'll get to see you. Um, before that as well, we, uh, with all our coverage, we will be in London in, uh, in June for [00:24:00] InfoSecure Europe.
And I know that Sean is going to be in Barcelona for, uh, OWASP, am I right, OWASP Global. And we always need just one single excuse to tell us to go around the world and we will, we will
Sean Martin: very close to both of them.
Marco Ciappelli: Well, Alessandro, thank you so much. I would love to have you back, even, you know, before next year's event. And of course, I'll get in touch with you when, uh, when, uh, we'll be in Italy. Hopefully we'll get the opportunity to meet in person and, uh, great job. I love what you guys are doing. We'll, of course, put the link to the, the website, uh, on, uh, on the notes and, uh, I hope it keeps growing.
I hope it keeps growing every year and it's not going away. Cyber security, it's not going away. So buckle
Sean Martin: Congratulations, and, uh, keep up the, the good work. Hopefully you have a good team surrounding you to help.
Marco Ciappelli: Very good.
Alessandro Armando: [00:25:00] you all. Thank you, Marco. Thank you, Sean.
Marco Ciappelli: It was a pleasure. And for everybody else listening, I hope you enjoyed the conversation. Stay connected with us. Subscribe to On Location with Sean Martin and Marco Ciappelli, which is me, as we have a lot more going on and talking from either On Location in As we go there physically, or if we can't, like this one, we'll just use technology and come
Sean Martin: you somewhere, somehow in the future.
Marco Ciappelli: Exactly. Take care, everybody. Thank you.
Sean Martin: Thanks, Alessandro.