Principal Consultant, Cyber
Continuing the path started many years ago, the focus evolves to the creation of new offerings for addressing the most important Customer needs and share the know how gained over the years with colleagues and Customers.
Main activities performed during the period:
- Development of a new offering to introduce Threat Modeling as a main Security Practice to Customers, called Threat Modeling Program.
- Execution of Threat Models for external Customers, including organizations in the Public (Poste Italiane, SAPS), Automotive (Daimler, CNHi), Transport (SNCF), Electric Equipment (Rexel, Hager, Siemens Gamesa), Energy (Agder Energy) and Sport (Real Madrid) sectors.
- Development and implementation of a personalized program to introduce Application Security to SAPS (Public Sector).
- Secure Design on MCS projects for AB InBev, INAIL, Posti, Sandvik Coromant and Zeiss.
- Participation to webinars and virtual conferences as a speaker, including:
- "Modern Best Practices to Accelerate your Threat Modeling for Enterprise Security" for Security Compass, with Altaz Valani from Security Compass and Ayhan Tek from Cyber Electra.
- "Security vs Developers - How to Make DevSecOps Work Together" for WhiteSource, with Tom Shapira from WhiteSource.
- "Significance of DevSecOps" with Caroline Wong from Cobalt.io, Mark Miller from Sonatype, and DJ Schleen from Sonatype.
- "Threat Modeling vNext" for Secure Coding Virtual Summit.
- “Maintain Software Security During Code Changes”, with John Martin from SafeCode, Lofti Ben-Othame from the Iowa State University and Altaz Valani from Component Source.
- "The Importance of Threat Modeling" for Xellentro and the DevOps India Summit.
- "Research Perspectives on Lightweight Security Risk Assessments" for Security Compass, with Altaz Valani from Security Compass, Christopher Schmitz and Sebastian Pape from the Goethe Universitat, and Hasan Yasar from Carnegie Mellon University.
- “The Need of Threat Modeling in a DevSecOps World”, part of the DevSecOps Days organized by the Software Engineering Institute of the Carnegie Mellon University.
- Creation of a new Threat Modeling tool called Threats Manager Platform, in part published as Open Source in https://github.com/simonec73/threatsmanager.