My name is Lorenzo Stella and I’m a security professional based in Italy.
I'm currently part of the team at Wave serving as a Senior Application Security Engineer, building and securing a radically affordable financial infrastructure for Sub-Saharan Africa. Before this, I spent five years at Doyensec as a Staff Security Engineer, where I helped companies craft secure code, providing high quality security audits, vulnerability assessments and penetration tests (VA/PT) on hundreds of different web applications and infrastructures. Earlier I spent some time consulting at one of the Big Four consulting companies in the Information Risk Management field and as an Application Security Architect for two italian anti-theft systems companies. I completed my Computer Systems and Network Security degree at the University of Milan (SSRI) in 2018, while bug-bounty hunting and freelancing as a full-stack web developer for startups and companies. I have been a presenter at Black Hat USA and Hack In The Box (HITB). I am a founding member of the CTF teams 'JBZ' and 'PequalsNP'.

Together with a tight-knit group of security researchers I manage AS62233 or simply TUMPINET, which provides IPv4 and LIR services.

I am an infosec enthusiast, a pentester, and an all-around curious person. I am always fond of learning and exploring new ideas to exploit security vulnerabilities in applications and systems, uncovering new attack surfaces every day. I fundamentally believe that we are what we repeatedly do. Only in this way excellence can become not an act, but a habit.


Personal E-Mail: lorenzo.stl@gmail.com
PGP: 76CD D69E 3167 D4CA

Work E-Mail: lorenzo@doyensec.com
PGP: 421D 2857 33DC A19C

Drop me a line if you've got any request or question.

Past Research and Articles

While the majority of my research work is kept private, here's a collection of public resources in no particular order: