Download PDF

Summary

Simone Curzi has 15 years of experience as a Consultant and Delivery Architect within Microsoft Consulting Services (now Industry Solutions Delivery), 2 years in Microsoft Customer Service & Support organization as Senior PFE specializing in Security, and more than 5 years as a Senior and Principal Consultant in Cybersecurity. As such, he has gained strong competencies in Software Architecture, Methodologies, and Security. 
Application Security has been one of Simone's main areas of interest, even before joining Microsoft: since the late 1990s he has cultivated a passion for Security, and this has led Simone to publish a set of articles on Cryptography in an important Italian Magazine for Developers.
A renowned Threat Modeling and Microsoft Security Development Lifecycle (SDL) expert, Simone is a regular speaker at international conferences like Microsoft Ready, Microsoft Spark, (ISC)2 Security Congress, Carnegie Mellon’s SEI DevOps Days, and Security Compass Equilibrium. Simone is also the author of an Open-Source Threat Modeling tool, Threats Manager Studio.

Simone is also co-author with Michael Howard and Heinrich Gantenbein of a book on Designing & Developing Secure Azure Solutions for Microsoft Press.

Simone is certified by (ISC)2 as a CSSLP Professional since April 2016.

Previous Experiences

Sep 2018Present

Principal Consultant, Cyber

Microsoft

Continuing the path started many years ago, the focus evolves to the creation of new offerings for addressing the most important Customer needs and sharing the know-how gained over the years with colleagues and Customers.

Main activities performed during the period:

Feb 2017Aug 2018

Senior Consultant, Cyber

Microsoft

Cybersecurity Consultants in Microsoft have the role of working on engagements where the goal is to protect, detect, or respond to malicious activity from determined human adversaries. As a Cybersecurity Senior Consultant, the goal has been to work on projects based on the current Microsoft Cybersecurity offerings, for Customers in Europe and beyond.
The personal goal, as ever, is to contribute to expand the Application Security practice in Microsoft, as the Worldwide Lead for the Application Security Community at Microsoft.

Main activities performed during the period:

  • Development of a new offering, a full-fledged high-assurance Threat Modeling exercise called Threat Modeling for Security Risk (TMSR).
  • Execution of Threat Models for internal and external Customers, including organizations in the Public (GIZ), Electric Equipment (ABB), Financial (Aktif Bank), Transport (Heathrow Airport, Damco), Insurance (Europ Assistance, SwissRE), Services (Adecco) and Sport (Real Madrid) sectors.
  • Execution of Security Code Reviews for internal and external Customers, for organizations in the Sport (FIFA), Energy (GSE) and Commercial (IBS) sectors.
  • Security Advisory for the execution of projects, for Maersk, including regular Threat Models, Security Code Reviews and much more.
  • Development and Implementation of a personalized program to introduce Application Security to Corte dei Conti (Public Sector).
  • Assistance to get better security for ATMs for a major Italian Bank.
May 2015Jan 2017

Senior PFE Security

Microsoft

Simone has started building a strong foundation on Infrastructure Security topics like Active Directory, PKI and DirectAccess, and also he has further developed his knowledge around Security Development Lifecycle (SDL) and Threat Modeling: more specifically, he has developed for Microsoft a new Workshop on Threat Modeling and an Application Security Review offering, that he has delivered to some Customers with great success.

2008Apr 2015

Senior Consultant and Delivery Architect

Microsoft
  • Delivery of Workshops on Application Security, SDL and Threat Modeling to various Customers and to Microsoft employees.
  • Contribution to a Council about the introduction of SOA concepts within INPS. Other organizations involved were IBM, Accenture and Avanade.
  • Contributed as Architect to a project about the re-engineering of the Teller Application for Banca delle Marche (a minor Italian Bank).
  • Architecture and Team Leading for various projects based on SharePoint 2010 for the Unicredit Group.
  • Design and implementation of a Visio AddIn for a Unicredit Group internal project, for the HR Organization. The project has won an award from Unicredit and another award from the Microsoft Communities.
  • Migration of a BPM-like infrastructure built by an Italian Bank, from SharePoint 2007 and SharePoint 2013. The activity has included the execution of a Security Code Review.
20052008

Experienced Consultant

Microsoft

Various collaborations with Monte dei Paschi di Siena Bank Group, including leading a project on “High-Performance Computing” (HPC), the developmnet of an Enterprise Service Bus, and various other projects of various sizes.

20022005

Consultant

Microsoft

Design and development of a Teller Application for Deutsche Bank Italy, a Software Factory for Winthertur and of a Client-Server application for small Investment Management Firms for Financial Tradeware.

20002002

Assistant Consultant I & II

Microsoft

In this period Simone has made the first steps in Microsoft Consulting Services. He has started very fast to play much greater roles than those implied by his formal role, like those of Analyst and Architect. The most important activities in this period, have been the development of an Application Server for Il Sole 24 Ore-Radiocor and the design and implementation of a Web Single Sign-On adopted by Intesa SanPaolo-IMI Group, RAI, Telecom Italia, Winterthur and Finsiel.

19981999

Freelance Developer

Development of various solutions for local Customers.

Education

1998

Master's Degree on Electronic Engineer

Università degli Studi di Perugia
Electronic Engineer Degree with Thesis on "Design and Development of a Protection System for Data Banks to be Published on Internet".