The book includes insights from the following experts:

  • Dan Bowden, Global CISO, Marsh
  • William Dougherty, Chief Information Security Officer, Omada Health
  • Hemanta Swain, Global Head of Security and Compliance (CISO), Lucid Motors
  • Derek Fisher, VP Application Security, Envestnet

  • Spencer Koch, Security Wizard, Reddit

  • Brandon Olekas, Security Architect, Applied Systems

  • Trevor Young, CPO, Security Compass

Developer-Centric Software Threat Modeling Powered by Automation was generously sponsored by Security Compass.

Legacy software threat modeling, as an exclusive security design activity, isn’t scaling well for today’s organizations. Among a myriad of reasons, it doesn’t offer enough cross-functional analysis, provide enough prescriptive countermeasures, or even include enough of the system to truly identify and resolve threats. Legacy threat modeling misses critical areas relevant to the business, like risk, privacy, and compliance, and focuses too much on solving technical problems without understanding the context—so teams struggle to prevent the same issues in the future. Today’s businesses, and those of tomorrow, require an evolved, developer-centric threat modeling process, powered by automation for real-time results. This type of threat modeling offers a holistic approach—from analysis to operational mitigation—educating teams throughout the organization on potential threats, resolving those threats, and preventing those threats in the future. In this eBook, we focus on the current challenges with legacy threat modeling and why developer-centric threat modeling is critical for today’s businesses.