Continuing the path started many years ago, the focus evolves to the creation of new offerings for addressing the most important Customer needs and sharing the know-how gained over the years with colleagues and Customers.

Main activities performed during the period:

• Definition and implementation of a program to adopt Threat Modeling for a big Public Company in Italy.
• Execution of Threat Models for external Customers, including organizations in the Public (Poste Italiane, SAPS), Automotive (Daimler, CNHi), Transport (SNCF), Electric Equipment (Rexel, Hager, Siemens Gamesa), Energy (Agder Energy), and Sport (Real Madrid) sectors.
• Execution of Security Code Reviews for internal and external Customers, for organizations in the Public (Poste Italiane, Poland's Ministry of Finance) and Transport (Italian National Railway "FS") sectors.
• Development and implementation of a personalized program to introduce Application Security to SAPS (Public Sector).
• Secure Design on MCS projects for AB InBev, INAIL, Posti, Sandvik Coromant, and Zeiss.
• Co-authored a paper published on learn.microsoft.com, "Integrating threat modeling with DevOps".
• Co-authored a paper entitled "Evolving Threat Modeling for Agility and Business Value" on the future of Threat Modeling.
• Participation in webinars and virtual conferences as a speaker, including:
  • "Evolving Threat Modeling for Agility and Business Value" presented at (ISC)2 Security Congress 2021. 
  • "Modern Best Practices to Accelerate your Threat Modeling for Enterprise Security" for Security Compass, with Altaz Valani from Security Compass and Ayhan Tek from Cyber Electra.
  • "Security vs Developers - How to Make DevSecOps Work Together" for WhiteSource, with Tom Shapira from WhiteSource.
  • "Significance of DevSecOps" with Caroline Wong from Cobalt.io, Mark Miller from Sonatype, and DJ Schleen from Sonatype.
  • "Threat Modeling vNext" for Secure Coding Virtual Summit.
  • “Maintain Software Security During Code Changes”, with John Martin from SafeCode, Lofti Ben-Othame from the Iowa State University and Altaz Valani from Component Source.
  • "The Importance of Threat Modeling" for Xellentro and the DevOps India Summit.
  • "Research Perspectives on Lightweight Security Risk Assessments" for Security Compass, with Altaz Valani from Security Compass, Christopher Schmitz and Sebastian Pape from the Goethe Universitat, and Hasan Yasar from Carnegie Mellon University.
  • “The Need of Threat Modeling in a DevSecOps World”, part of the DevSecOps Days organized by the Software Engineering Institute of the Carnegie Mellon University.
• Creation of a new Threat Modeling tool called Threats Manager Studio (https://threatsmanager.com). 

Cybersecurity Consultants in Microsoft have the role of working on engagements where the goal is to protect, detect, or respond to malicious activity from determined human adversaries. As a Cybersecurity Senior Consultant, the goal has been to work on projects based on the current Microsoft Cybersecurity offerings, for Customers in Europe and beyond.
The personal goal, as ever, is to contribute to expand the Application Security practice in Microsoft, as the Worldwide Lead for the Application Security Community at Microsoft.

Main activities performed during the period:

• Development of a new offering, a full-fledged high-assurance Threat Modeling exercise called Threat Modeling for Security Risk (TMSR).
• Execution of Threat Models for internal and external Customers, including organizations in the Public (GIZ), Electric Equipment (ABB), Financial (Aktif Bank), Transport (Heathrow Airport, Damco), Insurance (Europ Assistance, SwissRE), Services (Adecco) and Sport (Real Madrid) sectors.
• Execution of Security Code Reviews for internal and external Customers, for organizations in the Sport (FIFA), Energy (GSE) and Commercial (IBS) sectors.
• Security Advisory for the execution of projects, for Maersk, including regular Threat Models, Security Code Reviews and much more.
• Development and Implementation of a personalized program to introduce Application Security to Corte dei Conti (Public Sector).
• Assistance to get better security for ATMs for a major Italian Bank.

Simone has started building a strong foundation on Infrastructure Security topics like Active Directory, PKI and DirectAccess, and also he has further developed his knowledge around Security Development Lifecycle (SDL) and Threat Modeling: more specifically, he has developed for Microsoft a new Workshop on Threat Modeling and an Application Security Review offering, that he has delivered to some Customers with great success.

• Delivery of Workshops on Application Security, SDL and Threat Modeling to various Customers and to Microsoft employees.
• Contribution to a Council about the introduction of SOA concepts within INPS. Other organizations involved were IBM, Accenture and Avanade.
• Contributed as Architect to a project about the re-engineering of the Teller Application for Banca delle Marche (a minor Italian Bank).
• Architecture and Team Leading for various projects based on SharePoint 2010 for the Unicredit Group.
• Design and implementation of a Visio AddIn for a Unicredit Group internal project, for the HR Organization. The project has won an award from Unicredit and another award from the Microsoft Communities.
• Migration of a BPM-like infrastructure built by an Italian Bank, from SharePoint 2007 and SharePoint 2013. The activity has included the execution of a Security Code Review.

Design and development of a Teller Application for Deutsche Bank Italy, a Software Factory for Winthertur and of a Client-Server application for small Investment Management Firms for Financial Tradeware.

In this period Simone has made the first steps in Microsoft Consulting Services. He has started very fast to play much greater roles than those implied by his formal role, like those of Analyst and Architect. The most important activities in this period, have been the development of an Application Server for Il Sole 24 Ore-Radiocor and the design and implementation of a Web Single Sign-On adopted by Intesa SanPaolo-IMI Group, RAI, Telecom Italia, Winterthur and Finsiel.