I am Federica Bertoni, formerly a court-appointed Digital Forensics Technical Consultant (CTP) in Italy until early 2025, with almost twenty years of professional practice. I was the first woman in the country to enter the field of Digital Forensics as a recognised professional, and the first in Italy to obtain the CIFI certification with full marks (125/125). I was also the Founder and Director of Brixia Forensics Institute, established in 2008 following a public startup competition by Regione Lombardia, where the project was ranked among the top 10 over 400 proposals. For over 17 years, Brixia provided forensic services in criminal and civil proceedings, investigative support, and technical training to legal professionals, institutions, and businesses.

I hold a classical education background and a Law degree with a thesis in Legal Informatics, focused on the legal and cybersecurity implications of phishing and privacy. I have been officially listed as both Technical Consultant and Expert Witness in the registers of the Ordinary Court of Brescia. I served as CTU (Court-Appointed Technical Expert) in the “Informatics” category, specialising in “Information Systems Analysis” (entry no. 522), and as Perito (Expert Witness) in the category “Engineering and Related Specialties” (entry no. 110). Additionally, I was listed in the Register of Experts and Technicians at the Brescia Chamber of Commerce (entry no. 553, Category XXIII – Informatics, subcategory 005 – Forensic Informatics).

Since 2006, I have dedicated myself to the field of digital forensics, particularly in defence-side technical consultancy for law firms and economic organisations, combining hands-on investigative expertise with specialised knowledge in cybersecurity and privacy regulation. From 2007 to 2011, I served as a Conciliator in disputes concerning ICT for the alternative out-of-court resolution of conflicts, working at the Conciliation and Arbitration Desks of the Brescia Chamber of Commerce Over the past seven years, I have increasingly devoted myself to independent research, collaborating with the Chairs of Legal Informatics at the Faculties of Law at the Universities of Milan and Brescia.

My professional focus on cybercrime and digital security dates back to 2000, when I first began exploring hacking and computer security as a young researcher. I am the author or co-author of numerous publications in the fields of IT security, legal informatics, emerging technologies and digital forensics, and I have spoken at various seminars, academic panels and institutional events.  I served as an Affiliate Scholar and Fellow Researcher (2017–2022) at the Information Society Law Center (ISLC) at the University of Milan, under the direction of Prof. Giovanni Ziccardi. Since April 2022, I have been a Residential Affiliate Fellow in the centre’s renewed research group.

In late November 2025, I also applied to the ISLC Call for Fellowship 2026–2027, submitting a proposal under the thematic area Geopolitics, Global Affairs and Human Rights. This application reflects my current research trajectory, particularly my work on the impact of artificial intelligence on governance, fundamental rights, disinformation, and cybersecurity. Among my academic works, I authored the peer-reviewed article “Deepfake, ovvero Manipola et impera”, analysing the causes, effects and national security implications of malicious AI-driven disinformation (CIBERSPAZIO E DIRITTO, STEM Mucchi Editore, Vol. 20 No. 62, 2019, pp. 12–28). I am the author of the peer-reviewed article “Intelligenza artificiale e sovranità digitale: linee per una dottrina giuridica delle operazioni offensive automatizzate nel dominio cibernetico” [“Artificial Intelligence and Digital Sovereignty: Guidelines for a Legal Doctrine on Automated Offensive Operations in the Cyber Domain”], published in Ciberspazio e Diritto, STEM Mucchi Editore, no. 3/2025, pp. 469–482, DOI: 10.53148/CD202503011. I was also a member of IISFA and the Scientific Committee of CLUSIT, Italy’s national cybersecurity association, from 2018 to 2021. My independent research currently spans multiple domains that are now examined through the lens of artificial intelligence and its governance. This includes both the governance of AI systems and the governance with AI, where automated and algorithmically assisted decision-making raises critical questions of responsibility, legitimacy, accountability, and oversight across security, legal, and institutional contexts.

• Democratic security, e-voting and political information warfare (with a focus on AI-driven manipulation)
• Deepfakes and national/international security
• Legal-technological issues of the zero-day exploit grey market
• Cyber surveillance, privacy, and state spyware (“lawful trojans”)
• Cyberbullying, online harassment, and hate speech
• Drone forensics
• Vehicle (in)security and embedded forensics.

The project is now undergoing international expansion, in alignment with my broader global strategy, to make its content and AI-driven guidance accessible beyond Italy. I also collaborated with the Faculty of Engineering at the University of Brescia to support the CyberChallenge 2023, preparing students for the national selection and delivering a seminar on cyber threats targeting vehicles, in partnership with the Chairs of Cybersecurity and Network Security. I am a partner of the Coalition Against Stalkerware (CAS) and a member of the Electronic Frontier Foundation (EFF). I am the author of the monograph “L’impatto dell’intelligenza artificiale sui sistemi di voto elettronico nell’epoca delle crisi globali” [“The Impact of Artificial Intelligence on Electronic Voting Systems in the Age of Global Crises”], published in open access by Milano University Press in the Information, Law and Society series on 4 May 2026. The volume is available in PDF and EPUB formats and is identified by DOI: 10.54103/infolawsoc.280. The English edition of the work will be published jointly with Professor Max Kilger of the University of Texas at San Antonio (UTSA). I am also currently preparing for the Cyber Threat Intelligence Analyst (CTIA) certification, as part of my ongoing transition toward strategic cyber intelligence consultancy under the Toralya brand. In late September 2025, I obtained a DMCC licence in the field of artificial intelligence, marking a formal transition toward AI governance–oriented professional activity. The final quarter of 2025 represented a transitional phase, during which I initiated my work as an independent consultant under the Toralya brand, focusing on AI governance as a natural evolution of my long-standing career in digital forensics and cybersecurity. From January 2026 onward, I will operate on a permanent basis from the United Arab Emirates, continuing my work in AI governance, cyber risk, and intelligence-led oversight within international and high-risk decision-making environments.