Cybersecurity is one of the most pressing challenges of our time, and the Hackathon Cybersecurity Seminars, which took place online on 15 September, offered participants the opportunity to tackle real-life situations and develop effective strategies to protect data and systems.
The initiative, promoted by the University of Milan and the Fondazione Mondo Digitale, with the challenge launched by Advens Italia, is part of the Cybersecurity Seminars project, supported by Google.org in collaboration with Virtual Routes.
The challenge: a real attack on a private clinic
The nine teams, made up of students from the advanced course “The cybersecurity professional: regulatory and operational aspects”, tackled a complex case: the compromise of a private clinic's systems with the theft of sensitive data from around 12,000 patients. This was not a ransomware attack, but a silent and sophisticated attack aimed at exfiltrating medical reports, ongoing therapies, psychiatric diagnoses and personal data, with serious risks of misuse. Each team had two hours to prepare a technical report with immediate countermeasures, a communication plan for patients and stakeholders, and medium-term preventive proposals, in compliance with regulatory and compliance requirements.
When multidisciplinarity makes the difference
The solutions were evaluated by a technical jury (for the reports) and a communication jury (for the pitches). The winner was Team 2, led by Giuseppe Alverone, thanks to the clarity of its analysis, the soundness of its communication plan and the practicality of its preventive proposals.
The team, made up of students with backgrounds in STEM, law and humanities, demonstrated how multidisciplinarity is an added value in managing the complex challenges of cybersecurity.
Team 2 members: Andrea Cogotti, Cristina Bernasconi, Fabrizio Giuliani, Giorgina Vitiello, Giovanni Battista Gallus, Giuseppe Alverone (team leader), Giuseppe Damiani, Laura Muraro, Luca Cadonici, Tommaso Calderone and Viviana Petrozziello.
Testimonials from the judges
Marco Montironi, IT consultant, data protection, Privacy/GDPR and DPO for Fondazione Mondo Digitale: "This was my first time participating as a judge in a hackathon, so it was a very educational new experience. The challenge correctly intertwined technical and legislative aspects. The winning team was able to highlight technical, organisational and legal issues in a balanced way, introducing interesting ideas, especially on external communication.‘
Alessandro Rodolfi, University of Milan: ’Team 2 stood out for its punctuality and precision. Without frills, they stuck to what was required, achieving the objective in the established time and manner."
Marco Scognamiglio, Head of Offensive and GRC Consulting, Advens Italia: ‘Their work was the most comprehensive, concise and effective. Some teams neglected important parts or proposed unnecessary actions; Team 2, on the other hand, achieved every objective with a balanced and concrete approach.’
The winner's voice
Giuseppe Alverone, retired Carabinieri General, former DPO of the Carabinieri and currently a consultant and trainer in privacy, cybersecurity and risk management, recounted his experience: "I chose to participate in the Cybersecurity Seminars training project because I felt the need to get back in the game, updating my technical skills in an open and multidisciplinary context. From the very first lessons, I perceived the solidity of a project built with scientific rigour and a genuinely inclusive vision, capable of strengthening the most vulnerable areas of the country. The hackathon was the perfect synthesis. In a few hours, professionals and students from different backgrounds had to quickly converge on a common goal. Personally, I tried to put my military background to good use by immediately proposing a basic organisation: assigning roles, distributing tasks and clearly defining the operational focus. This structure gave the team confidence and allowed everyone to give their best. I believe it was one of the most useful lessons of the entire course: learning to work in a team in an unfavourable context, integrating different approaches and skills, is exactly what happens in the real world. But what I consider most significant is the philosophy of giving back that animates the entire course: at the end of the course, each of us will offer 40 hours of free consulting to an SME or local public body. It is a way to make cybersecurity a shared asset and not a privilege for the few. I am taking away much more than new skills from this course: the certainty that training security professionals means building bridges between knowledge and solidarity, between technology and humanity.
