Hello
I'm Luca
350+ publicly undisclosed vulnerabilities identified on major platforms including PayPal, eBay, Amazon, Salesforce, and U.S. Department of Defense.
Let's Talklearn more
About Me
why you hire me
A 20+ year career in cybersecurity, recognized at the highest levels of the industry. Ranked among the top security researchers worldwide on HackerOne — placing third in the OWASP Injection category in both 2022 and 2023, fourth in 2024, and fifth in 2025 — 350+ publicly undisclosed vulnerabilities have been identified on major platforms including PayPal, eBay, Amazon, Salesforce and the U.S. Department of Defense.
The expertise is backed by industry certifications including Certified Ethical Hacker (CEH), CCNA Routing and Switching, CCNA Security, CCNP Routing — and formally recognized at the highest academic level through a certification approved byHarvard's Office of the Vice Provost for Advances in Learning.
You're not just hiring a consultant — you're gaining a partner with two decades of proven results, global recognition, and the technical depth to protect what matters most.
Smart Work:
Penetration Test and Vulnerability Assessment delivered remotely.
Modern Work:
Fully remote and agile security services, designed to fit your workflow and timeline.
smart work
Penetration Test and Vulnerability Assessment delivered remotely.
Modern work
Fully remote and agile security services, designed to fit your workflow and timeline.
services
What I Provide
A controlled simulation of a real-world cyberattack, designed to uncover vulnerabilities in your systems — whether websites, API servers, networks, or applications. The goal is to assess your actual security posture, identify weaknesses before malicious actors can exploit them, and provide actionable recommendations to mitigate risks. The result: protected sensitive data, ensured operational continuity, and demonstrated compliance with industry security standards.
Business Continuity
Preventing direct and indirect losses caused by the failure of business-critical systems, keeping your operations running without interruption.
Legal & Compliance
Reducing exposure to lawsuits, fines, and regulatory penalties that can arise in the aftermath of a cyberattack.
Reputational Integrity
Protecting your organization's image from the long-term damage that a public security breach can cause to customer trust and brand value.
Portfolio
Brands I've Secured
The following are some of the notable companies whose systems I have successfully secured through professional penetration testing and vulnerability assessment.
Adobe
AirBNB
Amazon
Booking
CloudFlare
U.S. Dept of Defense
EpicGames
GitHub
GitLab
Mozilla
Nord Security
Paypal
Playstation
Shopify
Spotify
Starbucks
Stripe
TikTok
Vimeo
Visa
Vodafone
WellsFargo
Wordpress
Curriculum
Skills & Expertise
Cybersecurity is a constantly evolving field, and staying ahead requires continuous learning. Academic recognition from Harvard, industry certifications, and an active presence on global bug bounty platforms ensure that every skill stays sharp, relevant, and battle-tested.
Download CV
Testimonial
What my clients are saying about me
Luca Ercoli provided us with a well written and detailed report, using a novel attack.
Mozilla Foundation
Awards
my achievement
Cited at Black Hat, ranked in the HackerOne world top-5, listed on Wikipedia, and author of two books — a track record built on research, contribution, and community. Among the latest achievements:
Fifth place in the 2025 World Ranking
Ranked among the top 5 security researchers worldwide in the OWASP Injection category on HackerOne — a recognition earned competing against millions of researchers globally.
Forth place in the 2024 World Ranking
Secured 4th place in the world for OWASP Injection on HackerOne in 2024, confirming a consistent presence at the very top of the global security research community.
Third place in the 2023 World Ranking
For the second consecutive year, ranked 3rd worldwide in OWASP Injection on HackerOne, demonstrating consistent excellence at an international level.
Third place in the 2022 World Ranking
Top 3 in the world on HackerOne's OWASP Injection ranking in 2022 — one of the most competitive categories in the global bug bounty landscape.
contact
let's work together
Your security is one message away — write to luca@lucaercoli.it