PhD Thesis 2026 · Lucca, Italy
Transparent Dependencies: Improving Software Supply Chain Visibility at Build Time and Runtime
Serena Cofano
Serena
Cofano
PhD in Cybersecurity · Software Engineer
Belgium (open to remote)
I recently completed my PhD in Cybersecurity at IMT School for Advanced Studies Lucca and the University of Genoa, where I specialized in Software Supply Chain Security. My research focused on SBOM generation and its impact on vulnerability assessment in Python ecosystems. I am now looking for industry roles as a security engineer or software engineer in Belgium or remote.
Experience
Oct 2024 – Jun 2025
Visiting PhD Student
KTH Royal Institute of Technology, Stockholm, Sweden
Designed and implemented a Java-based prototype to identify software dependencies at runtime. Contributed to an international research team and helped organize a workshop on software supply chains.
Dec 2022 – Nov 2025
PhD Researcher — Software Supply Chain Security
IMT School for Advanced Studies Lucca & University of Genoa
Research on SBOM generation, vulnerability assessment, and software supply chain security in Python ecosystems. Published 3 papers in international peer-reviewed conferences.
Sep 2023 – Nov 2023
Cybersecurity Consultant
CINI — Consorzio Interuniversitario Nazionale per l'Informatica, Genoa
Contributed to the IT-Alert national public alerting system. Analyzed security requirements, designed a Security-by-Design pipeline, and delivered training to the development team.
Jul 2022 – Nov 2022
Research Scholarship
University of Genoa
Researched Android virtualization and ART instrumentation, focusing on privacy improvement through data anonymization techniques.
Mar 2021 – Dec 2021
Internship — Front-End Developer
Talos srl, Genoa
Built a web front-end for data visualization using Angular, TypeScript, and MongoDB.
May 2021 – May 2022
Junior Software Developer
Aizoon Consulting, Genoa
Developed and maintained front-end and back-end enterprise applications using C#, JavaScript, and Angular in an agile team environment.
Education
2022–2025
PhD in Cybersecurity
IMT School for Advanced Studies Lucca & University of Genoa
2022
MSc in Computer Engineering
University of Genoa
2019
BSc in Biomedical Engineering
University of Genoa
Projects
Selected work and open-source contributions.
Research
Classport
↗Runtime dependency introspection for Java. Embeds Maven metadata into compiled .class files, enabling vulnerability scanning and dependency tracking at runtime.
JavaMavenJVMSecurity contributor
Personal In development
Personal Website
↗This portfolio. Built with Astro and a security-first pipeline: secret scanning, SAST, dependency checks, SBOM generation, and OpenSSF Scorecard.
AstroTypeScriptGitHub Actions
Personal In development
Job Tracker
↗Job applications tracker with database migrations and Docker support for containerized deployment.
PythonDockerAlembic
Skills
Programming
Python
My main research language. Built SBOM generation and vulnerability analysis tools during my PhD.
Java
Built Classport — a Maven plugin and Java agent for runtime dependency introspection.
C#
JavaScript
TypeScript
Used for front-end work at Talos and Aizoon, and for this portfolio.
SQL
Bash
Frameworks & Tools
Angular
AngularJS
Maven
Core build tool for Classport — used to inject dependency metadata into compiled Java classes at build time.
MongoDB
Git
Docker
Used for containerized deployment in personal projects and professional experience.
Linux
Android
AI & Tools
AI-Assisted Development
Actively use LLM tools (Claude, GitHub Copilot) to accelerate development, write better code, and explore new domains faster.
Prompt Engineering
Design and iterate on prompts for code generation, research tasks, and tool integration.
LLM APIs
Security
Software Supply Chain
My PhD research focus. Studied how dependencies flow from build time to runtime and what that means for vulnerability exposure.
SBOM Generation & Analysis
Researched SBOM generation for Python ecosystems and its impact on vulnerability assessment accuracy.
Vulnerability Assessment
Assessed vulnerabilities in Python ecosystems as part of my PhD research, and applied it in practice during consulting at CINI.
OWASP Top 10
ISO 27001
GDPR · NIS2 · CRA
Security-by-Design
Designed and delivered a Security-by-Design pipeline for the IT-Alert national alerting system at CINI.
Publications
Research on software supply chain security, SBOM, and vulnerability assessment.
arXiv · Under Submission 2025 · Online
Classport: Designing Runtime Dependency Introspection for Java
Serena Cofano · Daniel Williams · Aman Sharma · Martin Monperrus
ACNS 2025 2025 · Munich, Germany
The Impact of SBOM Generators on Vulnerability Assessment in Python: A Comparison and a Novel Approach
Giacomo Benedetti · Serena Cofano · Alessandro Brighente · Mauro Conti
SIGBOVIK 2025 2025 · Pittsburgh, PA
UPPERCASE IS ALL YOU NEED
Vivi Andersson · Benoit Baudry · Sofia Bobadilla · Ludvig Christensen · Serena Cofano · Khashayar Etemadi · Raphina Liu · Martin Monperrus · Frank Reyes García · Javier Ron Arteaga · Aman Sharma · Deepika Tiwari · Tim Toady
IEEE TrustCom 2024 2024 · Sanya, China
SBOM Generation Tools in the Python Ecosystem: an In-Detail Analysis
Serena Cofano · Giacomo Benedetti · Matteo Dell'Amico
Activities
Conferences
23rd International Conference on Applied Cryptography and Network Security (ACNS 2025)
June 2025 · Munich, Germany
23rd IEEE International Conference on Trust, Security and Privacy (TrustCom 2024)
December 2024 · Sanya, China
ITASEC23 — Italian Conference on Cybersecurity
May 2023 · Bari, Italy
Workshops
4th KTH Workshop on the Software Supply Chain 2025
April 2025 · KTH, Stockholm, Sweden
Summer Schools
Summer School on Artificial Intelligence and Cybersecurity
September 2025 · TU Wien, Vienna, Austria
Teaching
Computer Security
MSc in Computer Engineering · University of Genoa
November 2023 – March 2024
Beyond the Lab
Research is what I do. Curiosity is who I am.
Languages
Italian — native
English — C1
French — B1
German · Spanish — A2
TryHackMe ↗
Practicing offensive security through CTF challenges and guided labs.
Hiking & Nature
Mountains, trails, and fresh air whenever possible.