Carlo Grancini.
Network & Cybersecurity student
Milan, Italy
// 01. ABOUT
Who I Am
I am a computer science student passionate about networking, cybersecurity, and Linux environments. I am motivated, reliable, and highly oriented towards technical problem-solving.
I have solid experience in CTF competitions, including OliCyber and CyberChallenge.IT, where I trained and competed alongside the official cybersecurity team of the University of Milan (Università Statale di Milano).
I believe in hands-on learning, security hardening, and building robust, highly optimized systems. When I am not solving security challenges, I am designing home network infrastructures, configuring physical network nodes, or scripting automation tools.
// 02. SKILLS
What I Work With
Virtualization & Infra
Cybersecurity & Analysis
Networking & Routing
Languages & Dev
// 03. EXPERIENCE
What I've Done
PC Hardware & Retail Engineering Intern
Sep 2025PC Maestro · Cork, Ireland
Performed hardware assembly, comprehensive troubleshooting, and detailed board-level repairs on enterprise laptops and consumer PCs. Handled technical sales and customer support, operating completely within a native English-speaking environment.
CyberChallenge.IT Competitor & Security Trainee
2023 — 2025Università Statale di Milano & OliCyber
Selected for the highly competitive national CyberChallenge.IT program at the University of Milan (Statale di Milano) in May 2025. Trained and competed with the university's official cybersecurity team in advanced security challenges, specializing in Reverse Engineering, Cryptography, Binary Exploitation, and Web Security. Was also active in the OliCyber.IT competition from 2023 to 2025.
IT Infrastructure & Network Developer
Oct 2023 — May 2024Ricoh · Milan, Italy
Assisted in planning, designing, and deploying robust IT and digitalization systems. Built secure, scaled network infrastructures optimized for educational institutions in partnership with Ricoh's engineering team.
Computer Science Student
2021 — PresentITSOS Marie Curie · Cernusco sul Naviglio
Studying Computer Science and Telecommunications with a major focus on standard networking protocols, Cisco IOS routing, Linux system administration, database management, and structured software development.
// 04. PROJECTS
What I've Built
Enterprise Homelab & Virtualization Cluster
A compact, resilient, and segmented home lab for hosting containerized services, automation scripts, and network security testing.
Logical Architecture & Clustering
- Proxmox VE Cluster (3 Nodes): Configured in High Availability (HA) for dynamic failover and orchestrating KVM virtual machines and LXC containers.
- Windows Workstation (1 Node): Isolated environment optimized for high-performance development and active security testing.
- VLAN Network Segmentation: Controlled routing and traffic isolation implemented via custom firewall policies, separating IoT devices, sandbox lab systems, and home LAN.
Physical Networking & Resilience
- Layer 2 Managed Switching: High-speed local switching backbone to manage high-throughput inter-node clustering communication and bridge to the main gateway.
- 1200W UPS Continuity: Complete power protection, preventing data corruption during outages and enabling graceful automated shutdown sequences.
- Setup Status: Active & Segmented
Siregest.it — Zero-Trust Cloud Architecture
Visit WebsiteFull deployment, speed tuning, and strict security hardening for a real-world enterprise management platform.
VPS Hardening & Zero-Trust
- Local Service Confinement: All backend processes and database layers bind strictly to local loopback interfaces, remaining entirely invisible to the public internet.
- Cloudflare Tunnel Integration: Standard web ingress ports are locked at the system firewall. Web traffic enters securely via a local encrypted tunnel daemon.
- OS-Level Protections: Hardened system firewall policies, Fail2Ban brute-force mitigation on SSH, unattended nightly security patches, and automated encrypted cron backups.
Edge Security & Threat Mitigation
- BREACH Side-Channel Defense: Payload compression (Gzip/Brotli) is disabled on administrative control panels, neutralizing side-channel leaks of sensitive session cookies.
- Edge Security Headers: Enforced strict HSTS policies, X-Frame anti-clickjacking protections, MIME-sniffing mitigations, and stripped tech identifiers to block fingerprinting.
- WAF & Geo-Fencing: Configured Cloudflare Bot Fight Mode, custom challenges for irregular geographical regions, and static Edge caching for performance.
Troubleshooting Case Study: The 15-Minute Token Expiry Bug
The Bug: Initially, authenticated media assets expired every 15 minutes due to CDN edge
caching holding onto temporary session-based authorization tokens generated by the server. When the token
expired, the cached asset links broke, resulting in sporadic loading failures.
The Secure Resolution: Redesigned the asset routing to pull public-facing media directly
from structured folders, bypassing the need for session tokens in URLs. Enforced server-side validation
using static API keys confined strictly within the local environment. This achieved flawless caching
efficiency while elevating asset access security.
// 05. CREDENTIALS
Credentials & Training
Professional & Global Credentials
MITRE eCTF 2025
Team Lead & Coordinator · Selected to lead the ITSOS team due to exceptional organizational and planning skills, guiding the team to reach a peak of 3rd place in the world during the competition.
CCNA: Introduction to Networks
Cisco · Verified foundational networking, IP subnetting, Ethernet data link routing, and basic CLI device configuration.
Cisco Learn-A-Thon 2024
Cisco Networking Academy · Successfully completed specialized technical training modules during the Cisco global learning event.
Cisco IT Essentials
Cisco · Certified in PC hardware configuration, operational software diagnostics, network interface cards, and security fundamentals.
Cambridge B2 First English
Cambridge University · Statement of Results (Score: 178 - Pass at Grade B). Demonstrated C1-level proficiency in Reading sub-modules.
Erasmus+ Immersive Internship
Career Training Internships, Ireland · Completed technical hardware repairs and network troubleshooting in Cork, operating in a native English business environment.
Independent Certified Courses
Linux System Administrator
Accademia Domani · ISO 9001 certified course covering Linux systems administration, package management, daemon configurations, and shell utilities.
C Language Programmer
Accademia Domani · ISO 9001 certified course in C programming, covering low-level concepts, memory management, pointers, and data structures.
Introduction to Python (2025)
Accademia Domani · ISO 9001 certified course covering object-oriented programming, data structures, and automation scripting in Python 3.
Coding in Python (2024)
Accademia Domani · ISO 9001 certified coding course on core syntax, logic control flow, and data structure implementations in Python.
Introduction to HTML5
Accademia Domani · ISO 9001 certified web development course on semantic structures, layout formatting, and CSS presentation principles.
Operating Systems Fundamentals
Accademia Domani · ISO 9001 certified course on operating systems, detailing kernel abstractions, file systems, process scheduling, and memory virtualization.
// 06. CONTACT
Let's Connect
Interested in collaborating or just want to chat about tech and cybersecurity? Feel free to reach out.