Cybersecurity Seminars Hackathon

25/03/2026

3 min.

Team 2, led by Giulia Maria Lutea, takes the win

The Cybersecurity Seminars Hackathon took place yesterday, 24 March 2026, from 2.30 pm to 6 pm online. The event was organised by Fondazione Mondo Digitale and the University of Milan, with the challenge launched by Bit4Law, as part of the Cybersecurity Seminars project supported by Google.org in collaboration with Virtual Routes.

Students enrolled on the advanced course “The Cybersecurity Professional: Regulatory and Operational Aspects” took part in the competition, divided into seven teams. Each team had two hours to work on a realistic cyber incident scenario: the compromise of Rocco Fitness’s systems, involving the exfiltration of data relating to members, employees and suppliers (including medical certificates and videos) and the partial deletion of company data and logs, posing significant compliance and reputational risks.

An immersive experience combining training and practice

The hackathon opened with a welcome address by Pierluigi Perri, associate professor of Cyber Security, Privacy and Protection of Sensitive Data at the University of Milan, followed by the launch of the challenge by Bit4Law and an explanation of the rules by the Fondazione Mondo Digitale. From 3 pm, participants worked in digital rooms, supported by tutors and experts, experiencing a scenario that replicates the real-time dynamics and timelines of managing a cyber incident.

The challenge

The teams had to produce an operational report and a three-minute pitch to propose:

the initial technical actions to be taken
what evidence to collect and how to preserve it
the main risk profiles
essential regulatory compliance requirements
a concise incident response plan
any legal/disciplinary actions against the person responsible.

The scenario simulated a highly critical internal attack, involving the exfiltration of over 60 GB of data and the targeted destruction of evidence, testing the participants’ ability to operate under pressure and uncertainty.

Key solutions

The proposed solutions reveal a clear convergence on certain operational priorities: isolating compromised systems, locking privileged accounts, conducting forensic evidence collection, and activating a multidisciplinary team. Particular attention was paid to regulatory obligations, with reference to the GDPR (notification to the Data Protection Authority within 72 hours and communication to data subjects in the event of high risk), and to preventive measures, such as multi-factor authentication, control of privileged access and advanced monitoring systems.

The jury

The evaluation of the entries was entrusted to a dual jury, reflecting the integration of academic, corporate and project-based expertise.

Technical jury

Donato Caccavella, Bit4Law
Michele Ferrazzano, Bit4Law
Marco Montironi, Fondazione Mondo Digitale

Communication jury

Pierluigi Perri, University of Milan
Gabriele Suffia, University of Milan

The verdict

At the conclusion of the competition, Team 2, led by Giulia Maria Lutea, was declared the winner, having distinguished itself through the clarity of its analysis, the robustness of its communication plan and the practicality of its preventive proposals.

In second place was Team 3, led by Cristiano Capozzi, and in third place was Team 5, led by Leonardo Scalera.

The winning team, composed of students with a legal background, demonstrated how legal expertise can be a fundamental element in managing cybersecurity challenges. The team comprised Giulia Maria Lutea, Annalisa Nava, Caterina Dibitonto, Lucia Galbiati, Luca del Vecchio, Bernardino Vagnoni, Stefano Bianchi, Angelica Terranova and Riccardo Gualandri.

A training ground for the professionals of the future

The hackathon represented a key moment in the Cybersecurity Seminars programme: an advanced learning environment in which participants were able to experience the real complexity of cyber incidents. More than a competition, it was a true professional training ground. Because today, in cybersecurity, knowing how to respond means knowing how to integrate different skills, make rapid decisions and manage responsibilities that are not only technical, but also legal, organisational and social.

The medals

Inside the solutions: an integrated approach and strategic vision

Analysis of the reports reveals a key element: cybersecurity is not merely a technical issue, but an integrated process involving technology, law, organisation and communication.

Team 2, the competition winner, developed a response structured around four dimensions – technical, forensic, legal and organisational – proposing a sequential approach ranging from immediate containment (isolation of the compromised device and revocation of access) to long-term measures, such as the introduction of Privileged Access Management systems, Data Loss Prevention and multi-factor authentication.

The solutions proposed by the teams show a clear convergence on certain operational priorities:

isolation of the compromised endpoint and blocking of privileged accounts
comprehensive forensic acquisition (disk images, memory dumps, SIEM logs)
verification and securing of backups
activation of a multidisciplinary crisis team (IT, DPO, legal, communications).

On the regulatory front, there was a strong focus on the obligations under the GDPR, in particular:

notification to the Data Protection Authority within 72 hours
notification to data subjects where sensitive data is involved
recording of the incident in the data breach register.

The ability to assess risk was also significant: in addition to technical damage, participants highlighted reputational, operational and economic impacts, with potential claims for compensation and a loss of trust among users. Finally, all groups clearly identified certain systemic vulnerabilities:

non-blocking USB policies (only in audit mode)
inadequate management of privileged accounts
insufficient network segmentation
lack of automatic alert response mechanisms.

Cybersecurity Seminars Hackathon