Download PDF

Summary

Simone Curzi has a 15 years experience as a Consultant and Delivery Architect within Microsoft Consulting Services, 2 years in Microsoft Customer Service & Support organization as Senior PFE specialized on Security and 4 years as a Senior and Principal Consultant in Cybersecurity. As such, he has gained strong competencies around Software Architectures, Methodologies and Security. 
Application Security has been one of Simone's main areas of interests, even before joining Microsoft: since late 1990s he has cultivated the passion for Security and this has led Simone to publish a set of articles on Cryptography on an important Italian Magazine for Developers.
Simone has envisioned a long term journey that will allow him to be a more complete Security Expert. This has allowed him to achieve many important goals, such as participating as a Speaker at various Microsoft internal technical events (TechReady, Microsoft Ready), be a recognized contributing member of the Microsoft SDL Community and a Threat Modeling Expert.

Simone is certified by (ISC)2 as a CSSLP Professional, since April 2016.

On May 2016, Simone has assumed the role of Lead of the Worldwide Microsoft Technical Community for the Security Development Lifecycle.

Previous Experiences

Sep 2018Present

Principal Consultant, Cyber

Microsoft

Continuing the path started many years ago, the focus evolves to the creation of new offerings for addressing the most important Customer needs and share the know how gained over the years with colleagues and Customers.

Main activities performed during the period:

  • Development of a new offering to introduce Threat Modeling as a main Security Practice to Customers, called Threat Modeling Program.
  • Execution of Threat Models for external Customers, including organizations in the Public (Poste Italiane, SAPS), Automotive (Daimler, CNHi), Transport (SNCF), Electric Equipment (Rexel, Hager, Siemens Gamesa), Energy (Agder Energy) and Sport (Real Madrid) sectors.
  • Execution of Security Code Reviews for internal and external Customers, for organizations in the Public (Poste Italiane, Poland's Ministry of Finance) and Transport (Italian National Railway "FS") sectors.
  • Development and implementation of a personalized program to introduce Application Security to SAPS (Public Sector).
  • Secure Design on MCS projects for AB InBev, INAIL, Posti, Sandvik Coromant and Zeiss.
  • Participation to webinars and virtual conferences as a speaker, including:
    • "Modern Best Practices to Accelerate your Threat Modeling for Enterprise Security" for Security Compass, with Altaz Valani from Security Compass and Ayhan Tek from Cyber Electra.
    • "Security vs Developers - How to Make DevSecOps Work Together" for WhiteSource, with Tom Shapira from WhiteSource.
    • "Significance of DevSecOps" with Caroline Wong from Cobalt.io, Mark Miller from Sonatype, and DJ Schleen from Sonatype.
    • "Threat Modeling vNext" for Secure Coding Virtual Summit.
    • “Maintain Software Security During Code Changes”, with John Martin from SafeCode, Lofti Ben-Othame from the Iowa State University and Altaz Valani from Component Source.
    • "The Importance of Threat Modeling" for Xellentro and the DevOps India Summit.
    • "Research Perspectives on Lightweight Security Risk Assessments" for Security Compass, with Altaz Valani from Security Compass, Christopher Schmitz and Sebastian Pape from the Goethe Universitat, and Hasan Yasar from Carnegie Mellon University.
    • “The Need of Threat Modeling in a DevSecOps World”, part of the DevSecOps Days organized by the Software Engineering Institute of the Carnegie Mellon University.
  • Creation of a new Threat Modeling tool called Threats Manager Platform, in part published as Open Source in https://github.com/simonec73/threatsmanager
Feb 2017Aug 2018

Senior Consultant, Cyber

Microsoft

Cybersecurity Consultants in Microsoft have the role of working on engagements where the goal is to protect, detect, or respond to malicious activity from determined human adversaries. As a Cybersecurity Senior Consultant, the goal has been to work on projects based on the current Microsoft Cybersecurity offerings, for Customers in Europe and beyond.
The personal goal, as ever, is to contribute to expand the Application Security practice in Microsoft, as the Worldwide Lead for the Application Security Community at Microsoft.

Main activities performed during the period:

  • Development of a new offering, a full-fledged high-assurance Threat Modeling exercise called Threat Modeling for Security Risk (TMSR).
  • Execution of Threat Models for internal and external Customers, including organizations in the Public (GIZ), Electric Equipment (ABB), Financial (Aktif Bank), Transport (Heathrow Airport, Damco), Insurance (Europ Assistance, SwissRE), Services (Adecco) and Sport (Real Madrid) sectors.
  • Execution of Security Code Reviews for internal and external Customers, for organizations in the Sport (FIFA), Energy (GSE) and Commercial (IBS) sectors.
  • Security Advisory for the execution of projects, for Maersk, including regular Threat Models, Security Code Reviews and much more.
  • Development and Implementation of a personalized program to introduce Application Security to Corte dei Conti (Public Sector).
  • Assistance to get better security for ATMs for a major Italian Bank.
May 2015Jan 2017

Senior PFE Security

Microsoft

Simone has started building a strong foundation on Infrastructure Security topics like Active Directory, PKI and DirectAccess, and also he has further developed his knowledge around Security Development Lifecycle (SDL) and Threat Modeling: more specifically, he has developed for Microsoft a new Workshop on Threat Modeling and an Application Security Review offering, that he has delivered to some Customers with great success.

2008Apr 2015

Senior Consultant and Delivery Architect

Microsoft
  • Delivery of Workshops on Application Security, SDL and Threat Modeling to various Customers and to Microsoft employees.
  • Contribution to a Council about the introduction of SOA concepts within INPS. Other organizations involved were IBM, Accenture and Avanade.
  • Contributed as Architect to a project about the re-engineering of the Teller Application for Banca delle Marche (a minor Italian Bank).
  • Architecture and Team Leading for various projects based on SharePoint 2010 for the Unicredit Group.
  • Design and implementation of a Visio AddIn for a Unicredit Group internal project, for the HR Organization. The project has won an award from Unicredit and another award from the Microsoft Communities.
  • Migration of a BPM-like infrastructure built by an Italian Bank, from SharePoint 2007 and SharePoint 2013. The activity has included the execution of a Security Code Review.
20052008

Experienced Consultant

Microsoft

Various collaborations with Monte dei Paschi di Siena Bank Group, including leading a project on “High-Performance Computing” (HPC), the developmnet of an Enterprise Service Bus, and various other projects of various sizes.

20022005

Consultant

Microsoft

Design and development of a Teller Application for Deutsche Bank Italy, a Software Factory for Winthertur and of a Client-Server application for small Investment Management Firms for Financial Tradeware.

20002002

Assistant Consultant I & II

Microsoft

In this period Simone has made the first steps in Microsoft Consulting Services. He has started very fast to play much greater roles than those implied by his formal role, like those of Analyst and Architect. The most important activities in this period, have been the development of an Application Server for Il Sole 24 Ore-Radiocor and the design and implementation of a Web Single Sign-On adopted by Intesa SanPaolo-IMI Group, RAI, Telecom Italia, Winterthur and Finsiel.

19981999

Freelance Developer

Development of various solutions for local Customers.

Education

1998

Master's Degree on Electronic Engineer

Università degli Studi di Perugia
Electronic Engineer Degree with Thesis on "Design and Development of a Protection System for Data Banks to be Published on Internet".