IriusRisk collaborates with Adam Shostack for Threat Modeling Coaching

IriusRisk, a global Open Threat Modeling platform, has announced a partnership with Shostack + Associates to support the development of a security-focused culture through threat modeling. As part of this collaboration, Adam Shostack, a consultant and author on threat modeling, and his team will provide coaching sessions to help users understand and apply threat modeling principles to improve the secure design. These coaching sessions will complement existing training on IriusRisk’s automated threat modeling platform.

The coaching will be available either as live instruction sessions over one to three sessions per week or as self-paced virtual sessions. The goal is to ensure that every member of a team gains the technical skills needed to understand and apply threat modeling and secure design principles. When offered to an entire team, the coaching aims to create a consistent understanding among team members, regardless of their prior experience with threat modeling.

The coaching will also help users address challenges that can arise during the implementation of threat modeling programs. These challenges include aligning threat modeling with corporate goals, defining roles and responsibilities within the program, and embedding threat modeling into the existing engineering culture. Adam Shostack’s team will work with customers to identify the necessary metrics, processes, and people to successfully integrate threat modeling into their organization. By providing leadership with the appropriate tools and information, they can communicate the program’s objectives effectively to internal stakeholders.

IriusRisk’s platform is designed to support developers, architects, and security engineers in building secure software at every stage of the Software Development Lifecycle (SDLC). By integrating security from the initial design phase and tracking its implementation throughout the development process, the platform addresses the need to shift security measures to earlier stages, helping reduce design flaws and associated costs.

“We’re excited to partner with Adam to deliver this new coaching program,” said Stephen de Vries, Co-Founder and CEO of IriusRisk. “As threat modeling rapidly becomes a must-have strategy for security and development teams, this coaching equips our customers with the essential skills to implement successful threat modeling programs and effectively champion its value across their organization.” 

“Threat modeling, in a lot of ways, isn’t just technical steps for security and developer teams - it’s a cultural shift in how they operate. To master it, you need to have the right information and tools,” added Adam Shostack. “That’s why we’re proud to partner with IriusRisk to help its customers tackle teething issues around implementing threat modeling and deliver a successful program that can scale.”

Read More:

Cybersecurity with Zero Trust Architecture for Indian SMB and Startups