About Me

Project
9I am an Embedded Security Researcher, with a Master's degree in Computer Science specialized in Cybersecurity from the University of Salerno. My studies concluded with a thesis developed at STMicroelectronics, titled "XAI-SideLeak: A Framework for Explainable Side-Channel Analysis", focused on the explainability (XAI) of Side-Channel Analysis attacks on COTS microcontrollers.
I work on Offensive Hardware Security: side-channel analysis (power and electromagnetic analysis, fault injection), hardware penetration testing, and firmware reverse engineering on microcontrollers and IoT devices, with a background in automotive cybersecurity (ISO 21434), ICS/SCADA security, and TARA threat modeling. I carry out research and development activities both independently and at the Habes Lab of the University of Salerno, focusing on hardware and embedded security.
I like to experiment hands-on, taking apart hardware and software to truly understand how they work. It's this practical approach, combined with curiosity, that drives the way I approach security.
Education
- M.Sc. in Computer Science โ Cybersecurity Curriculum, University of Salerno (2023โ2026) โ 110 cum laude
- B.Sc. in Computer Science, University of Salerno (2019โ2023) โ 106/110
Internships

STMicroelectronics (Naples)
January 2026 - June 2026 (6 months)
Master Thesis: "XAI-SideLeak: A Framework for Explainable Side-Channel Analysis" - power and electromagnetic analysis with fault injection on COTS microcontrollers across multiple MCU families, with XAI-driven explainability of Side-Channel Analysis attack outcomes.

STMicroelectronics (Naples)
April 2024 - July 2024 (4 months)
Development of a Penetration Testing suite compliant with ISO 21434 standard.
LargeSystem (Naples)
4 months
External internship during my Bachelor's degree, focused on web design and microservices architecture.
Collaborations

LinearIT (Salerno)
October 2024 - March 2025 (4 months)
Development of a portable security device (Custom Travel Router) with OpenWRT, custom Python IDS/IPS, integrated ad-block, and mobile app for efficient management. Achieved 3rd place in the 2024/2025 App Challenge.

LinearIT (Salerno)
2 months
Development of a web app with a private blockchain using Hyperledger Besu/FireFly and Flutter for the front-end.
Publications
Umberto Della Monica, Christian Esposito
SAC '26 - 41st ACM/SIGAPP Symposium on Applied Computing ยท ACM Digital Library โข 2026
Umberto Della Monica*, Kimberly-Annalena Munjal, Mark Paul Tamas, Biagio Boi, Christian Esposito, Rahamatullah Khondoker
Applied Sciences, Special Issue: Application of IoT and Cybersecurity Technologies โข 2025
Skills
Cybersecurity
Firmware/Software Reverse Engineering
Firmware extraction via JTAG, SPI, UART
Android Reverse Engineering
ICS/SCADA Security (Modbus, OPC-UA, SNAP7)
Defensive Strategies
Network Protocols & Configuration
Digital Forensics
Cryptography
Penetration Testing
Penetration Testing Methodologies
OSINT Tools & Techniques
Target Discovery & Enumeration
Port Scanning
Vulnerability Mapping & Analysis
Vulnerability Taxonomies
Exploit Development & PoC
AI & Data Science
Machine/Deep Learning
Large Language Models
Genetic Algorithms
Prompt Engineering
Computer Vision
IoT & Embedded
Embedded Programming
IoT Security
IoT/ICS Communication Protocols
Hardware Analysis (UART, JTAG, SPI)
Programming & Frameworks
Java
C
C++
C#
Python
JavaScript
Dart
Solidity
VHDL/VHDP
Bash Scripting
Spring Boot
Flutter
Angular
React
Flask
Django
Databases & Other
MySQL
PostgreSQL
Neo4J
Linux / macOS / Windows
Virtualization
QEMU / VirtManager
Open-source Contributions
Teamwork & Critical Thinking
Hardware Security & Penetration Testing
XAI-SideLeak
Explainable Side-Channel Analysis framework developed for my Master Thesis at STMicroelectronics: power and electromagnetic analysis with fault injection on COTS microcontrollers across multiple MCU families, with Machine Learning/XAI techniques applied to explain SCA attack outcomes.
S.I.D.E. - SCADA Intrusion Detection Engine
Modular IDS platform for ICS/SCADA traffic: anomaly detection via Isolation Forest, event correlation on Neo4J, packet capture in Python. Containerized microservices with Docker & RabbitMQ and a Next.js monitoring dashboard.
Linksys-WRT54GL-Exploitation
Hardware penetration testing on the Linksys WRT54GL router including full JTAG extraction and reverse shell attack.
Project
DefNet
Custom travel router with IDS/IPS, FastAPI backend, SQLite database and mobile app.
Academic Projects
ViLearERC-1155
Microservices-based management of courses and certificates as NFTs. Bachelor's thesis on the project and the NFT ecosystem. Project no longer active.
Filiera-Token
Web App for supply chain management using private Hyperledger Besu blockchain and Hyperledger FireFly. Front-End developed in Flutter.
UniConnect
University social network with Flutter front-end, Spring Boot backend and Neo4J NoSQL database.
fp-mash
Tool based on Lyndon factorization of DNA strings for genomic distancing, evaluated with Jaccard distance. Complete software rewrite with CLI component.
MarcoSmiles-RhythmGames
Game to learn playing using hands, leveraging a DQN neural network to predict if the user can play the recorded note during training.