Nicolò Andronio

Nicolò Andronio

Full-stack developer, computer scientist, engineer
Evil Genius in the spare time


May 2018 - Present

I am currently working at Mind Foundry, a young startup which focuses on applied machine learning, prioritizing the enhancement and streamlining of the data science process for domain experts. My current position is software engineer within the engineering team of our main product, contributing as a full-stack developer. Given its fair novelty, I am also tasked with the architectural design of the product itself, both component-wise and performance-wise. I maintain and develop the java framework that organizes, distributes and surveils python-based machine learning processes in our kubernetes cluster, along with deployments of public APIs for prediction and data preparation in the fission FaaS environment. I actively contribute in the optimization of the platforms at many different levels, from the very low database layer (reducing query times, improving querying efficiency), to the application layer (caching and smart use of data structures, especially for sampling and counting huge data sets), to the communication layer (protobuf and json). Additionally, I contributed to the codebase of OPTaaS server, a lightweight api to facilitate the task of space exploration through bayesian optimization.

October 2015 - May 2018

Up until May 2018, I worked for .Cleafy, a very young yet successful cybersecurity startup that focuses on detection of MITB and MITM attacks, and mobile security as of later (especially tampering and overlay attacks). My role in .Cleafy was software engineer. I worked on the main detection engine, the web console dashboard, our intelligence platform, integration with IIS, mobile environments (Android, cordova) and implementations for several internal tools for maintenance and stress testing. My key role was research and development of new features.

My most important contribution to the product must have been the development of its specific clustering algorithm, which implements a policy for unsupervised incremental clustering of injected snippets. The implementation of such an algorithm increased the product’s detection-wise performance by more than a thousandfold and transformed it from a proof of concept to a full-fledged product. While the clustering algorithm is extremely domain-specific, the anomaly detection method is general-purpose and I think it can be applied to any data set with minimal tuning. I also think it would be easy to make those few remaining parameters self-tunable.

Last but not least, I worked on a few research projects in the field of browser-side security, like fingerprinting, semantic obfuscation and dynamic memory footprinting. I later discovered that some of the methods I devised were actually used in the state-of-the-art obfuscation tool JScrambler.

As a side note, I had some experience in mentoring newly hired employees. I equipped them with an overview of our platform, explained how our internal infrastructure worked and guided them through initial language barriers, introducing them to ECMAScript, PHP and React. As of now, I still help team members with their design choices, spanning from system-wise decisions (distributed caching, invalidation, etc…) to more trivial selections of the most suitable design pattern / naming conventions.


I started my academic education in September 2009 at Politecnico di Milano (Italy) with major in Information Engineering: it’s like a Computer Science degree, but with strong engineering traits, including typical courses like physics, mechanics, thermodynamics, electronics and automation. Upon completing my first degree, I started a joint master with the Univeristy of Illinois at Chicago, taking classes both in Italy and in the US. My master thesis revolved around Android security in the field or proactive detection of ransomware through natural language processing.

My thesis work and other derivative works have been published as research papers and brought to the attention of various security conferences like RAID and Black Hat. It has probably been one of the first research experiment on that category of mobile malware known as ransomware, which nowadays is famous as the most dangerous and lucrative among all families.