Italy’s management consulting sector sits in a unique security position: consultants handle sensitive client data, connect into customer environments, and increasingly deliver technology-enabled services (cloud, analytics, SOC, GRC, digital transformation). That combination makes consulting firms both high-value targets and high-impact multipliers—because strong security practices don’t just protect the consultancy, they cascade into the clients they advise.
Silvano Cavallina — Chief Information Security Officer & System Administrator Manager, Sicura Solution
Silvano Cavallina leads IT governance and cybersecurity at Sicura Solution, with a deep infrastructure-and-operations foundation built over 30+ years. His scope spans the end-to-end backbone of the business: nationwide network design, virtualization, backup resilience, firewalling and segmentation, and full Microsoft 365 tenant administration. On the security side, he’s implementing policy and control frameworks aligned to NIST and ISO/IEC 27001, running hands-on security validation (VA/PT, phishing simulations, internal audits), and building security culture through training and hygiene programs. The combination—core infrastructure ownership plus compliance-driven security execution—fits the reality of many consulting groups that need to scale securely while staying operationally lean.
Michele Rivieri — Chief Information Security Officer, Prometeia
Michele Rivieri is CISO at Prometeia, a consulting and software provider focused on risk and wealth/asset management. His profile stands out for its breadth across finance, telecom, manufacturing, and education, and for a governance-heavy approach that is highly relevant to consulting organizations serving regulated clients. In addition to leading information security, he acts as Business Continuity Manager for the group and is a key reference point for major regulatory requirements such as DORA and NIS2. He also drives Prometeia’s certification and assurance program across multiple standards (including ISO 27001-family certifications, ISO 22301, SOC 2 Type II, and CSA STAR), helping translate security maturity into verifiable trust signals for client institutions.
Fabio Puricelli — Chief Information Security Officer, BIP
Fabio Puricelli serves as CISO at BIP, bringing a pragmatic “security + operations balance” mindset that resonates in fast-moving consulting environments. His progression through Network & Security leadership into the top security role signals a leader who understands both the control plane (ISMS, risk management, governance) and the realities of enabling delivery teams. In a consultancy, that blend matters: security has to reduce client risk without slowing down the pace of projects, proposals, and delivery—especially when teams operate across multiple client contexts, tools, and third-party dependencies.
Francesca Frazzano — Chief Information Security Officer, PwC Italy
Francesca Frazzano is CISO at PwC Italy, with deep experience in implementing and coordinating security, privacy, and resiliency models. Her background is strongly rooted in governance design and operating model execution: defining roles and responsibilities, policies and procedures, and translating regulatory and business requirements into workable programs. She also brings mature capability in business continuity and disaster recovery, identity and access management, and data loss prevention—controls that are particularly critical in consulting, where protecting client data and managing privileged access across multiple engagements can make or break trust. Her third-party security focus is also notable, given the vendor ecosystems that consulting firms rely on for delivery.
Gabriel Romano — Chief Information Security Officer, Sagres S.p.A.
Gabriel Romano is CISO at Sagres S.p.A., with hands-on cybersecurity experience reflected in skills spanning privacy and modern delivery environments (including CI/CD). His trajectory includes several years focused on cybersecurity in an operational setting before stepping into a CISO role. That operator-to-leader path is valuable in consulting-adjacent organizations, where security leaders often need to guide real implementation—not only define frameworks—while helping teams ship securely and consistently.
Michele Cogo — Head of Cybersecurity & Digital Forensics, BDO Italia
Michele Cogo leads Cybersecurity & Digital Forensics at BDO Italia and brings a strong investigations-and-forensics profile that maps directly to consulting value: incident response leadership, corporate investigations, litigation support, and court-facing expertise. His credentials and experience as an expert witness underscore the ability to operate in high-stakes contexts where technical findings must stand up to legal scrutiny. In consulting, that capability becomes a differentiator—especially as clients demand rapid, credible response support, eDiscovery readiness, and defensible reporting after breaches or disputes.
Alessandro Pigato — Head of Cybersecurity Competence Center, Argo S.p.A.
Alessandro Pigato leads a Cybersecurity Competence Center at Argo S.p.A., with a background that includes purple teaming—an approach that bridges offensive testing and defensive detection improvements. That’s particularly relevant for consulting and managed services contexts, where building repeatable security capabilities (playbooks, detection engineering, continuous validation) is often more valuable than one-off assessments. His trajectory suggests a leader focused on operationalizing security skills into scalable services and measurable outcomes.
Francesco Tusino — Chief Information Security Officer, Deloitte Central Mediterranean
Francesco Tusino is CISO for Deloitte Central Mediterranean (Director), with strong credentials in security management systems, risk, and audit (including ISO 27001/22301, CRISC, and CISM). His profile reflects a governance-and-assurance oriented leader who can run security as a structured management system—essential for large consultancies operating at scale, across geographies and service lines. His experience includes interim CISO coverage for Deloitte Belgium, reinforcing his suitability for complex, multi-entity security leadership where consistency and control maturity must be maintained across diverse environments.
Giovanni Laieta — Chief Information Security Officer & Platform Engineering Manager, OpenEconomics
Giovanni Laieta combines CISO responsibility with platform engineering leadership at OpenEconomics, with prior roles spanning cloud and cybersecurity engineering management. This dual focus is increasingly common in modern consulting and tech-enabled advisory organizations: security leaders who can influence platform reliability, cloud architecture, and engineering practices (Kubernetes/DevOps ecosystems) tend to drive higher leverage outcomes. His trajectory suggests a security leader who can embed controls into platforms and delivery pipelines, rather than bolting them on later.
Securing client trust at the center of Italy’s consulting industry
Cybersecurity in management consulting is a force multiplier: it protects the firm, strengthens client trust, and shapes how securely transformation work is delivered. The leaders above stand out for combining governance with execution—balancing compliance and assurance with real operational control, incident readiness, and secure delivery practices. As consulting firms expand into managed security, cloud modernization, and regulated-industry advisory, these CISOs and cybersecurity leaders will be central to building resilient service models that clients can rely on.