Simone Curzi is a distinguished Holistic Security Architect based in Perugia, Italy, with over two decades of experience in cybersecurity and software architecture. His career at Microsoft has encompassed roles such as Consultant, Delivery Architect, Senior Premier Field Engineer (PFE), and Principal Consultant in Cybersecurity. Throughout these positions, Simone has developed a deep expertise in software architecture, methodologies, and security, with a particular focus on application security and threat modeling.
Simone’s passion for security dates back to the late 1990s, during which he authored a series of articles on cryptography for a prominent Italian developer magazine. This early interest laid the foundation for his future endeavors in application security. Over the years, he has become a recognized expert in threat modeling and the Microsoft Security Development Lifecycle (SDL). His thought leadership in these areas has led to speaking engagements at international conferences, including Microsoft Ready, Microsoft Spark, (ISC)² Security Congress, Carnegie Mellon’s SEI DevOps Days, and Security Compass Equilibrium. Demonstrating his commitment to advancing the field, Simone developed an open-source threat modeling tool known as Threats Manager Studio, which has been well-received within the security community.
Read More
In his role as Principal Consultant in Cybersecurity at Microsoft since September 2018, Simone has focused on creating innovative solutions to address critical customer needs and sharing his extensive knowledge with colleagues and clients. His notable projects include defining and implementing a comprehensive threat modeling program for a major public company in Italy and conducting threat models for various organizations across sectors such as public administration, automotive, transportation, electrical equipment, energy, and sports. Additionally, Simone has performed security code reviews for both internal and external clients, including public sector entities and transportation organizations. He has also developed and implemented customized programs to introduce application security practices to public sector organizations, ensuring that security is integrated into the development lifecycle.
Simone’s contributions extend to thought leadership through co-authoring papers such as “Integrating Threat Modeling with DevOps” and “Evolving Threat Modeling for Agility and Business Value,” which explore the future of threat modeling in modern development practices. He has actively participated in webinars and virtual conferences, sharing his insights on topics like evolving threat modeling for agility and business value, modern best practices to accelerate enterprise security, and the significance of DevSecOps. His engagements have included collaborations with industry experts from organizations such as Security Compass, WhiteSource, and Sonatype, reflecting his commitment to fostering collaboration and knowledge sharing within the cybersecurity community.
Before his current role, Simone served as a Senior Premier Field Engineer specializing in security, where he built a strong foundation in infrastructure security topics like Active Directory, Public Key Infrastructure (PKI), and DirectAccess. He further honed his expertise in the Security Development Lifecycle and threat modeling, developing workshops and application security review offerings that he successfully delivered to various customers. His earlier roles at Microsoft included positions as Senior Consultant and Delivery Architect, where he led projects involving application security, software architecture, and the development of innovative solutions for clients across different industries.
Simone’s educational background includes a Master’s Degree in Electronic Engineering from the Università degli Studi di Perugia, where he completed a thesis on designing and developing a protection system for data banks to be published on the internet. He has been certified by (ISC)² as a Certified Secure Software Lifecycle Professional (CSSLP) since April 2016, underscoring his commitment to maintaining high standards in software security. Throughout his career, Simone has been recognized for his passion for security and technology, continuous learning attitude, structured approach, strong connections with the security community, and innovative vision for threat modeling. His skills encompass threat modeling, application security, infrastructural security, security development lifecycle, security code reviews, enterprise architecture, cloud computing, Microsoft technologies, software development, and proficiency in .NET (C#).
