IriusRisk - Leading from the Beginning

Stephen is our co-founder and CEO. He started his career as a C, C++ and Java developer, before moving into software security. He’s an active contributor to a number of OWASP projects and has helped FTSE 100 companies to build security into their development processes through threat modeling and integrated security testing. 

After studying several masters in Near Eastern Studies, Cristina forged her career in technology startups between Barcelona and the City of London before co-founding IriusRisk. Cristina currently co-manages the R&D department, with a growing team of developers and security analysts. Cristina is an advocate for open platforms and leads the community edition of IriusRisk to offer users a free and collaborative platform to share threat models of system architectures. 

Paul has been working in security for more than 15 years in both defensive and offensive roles.  His experience ranges from working in security research at the Nisu Security Research Group, building an innovation department at a startup and working as a Security Architect at big corporations. As CTO Paul’s  main responsibility is managing the engineering teams as well as supporting the introduction and scale out of new technologies that help the company growth and operation .His passionate about working on effective and pragmatic approaches to Security and Security applied to modern development methodologies, Software Engineering and Networking.

Bas Nijjer is the Senior Vice President, International at IriusRisk and is responsible for the International markets, our GTM strategy, and driving our customers' success. Bas is experienced in developing and leading modern go-to-market teams and strategies. His previous experience ranges from technology start-ups, scale-ups, and earlier in his career, at established multinational organizations. He has led growth teams in Europe, the USA, and other international geographies.

Fraser is a threat modeling product manager and evangelist. As a cyber postmodernist coming from a background of DevOps and Cloud Security, he believes that threat modeling offers a pragmatic toolkit for navigating the complex and ever-evolving intersection between software, value, and risk. He has created several experimental opensource projects including ThreatSpec and the OWASP Cloud Security project.

As VP Product, Fraser is responsible for ensuring that IriusRisk gives our customers the threat modeling solutions they need to build awesome products that are secure by design.

Sarah is IriusRisk’s Chief People Officer.  Sarah is passionate about driving business success through the lens of people.  Ensuring that we can build and retain an exceptional team of professionals to solve our customers’ evolving needs, and making IriusRisk a great place to work.

Sarah joined IruisRisk in 2023, bringing over 20 years' HR experience in a diverse range of commercial environments from banking to content marketing to technology.

Sarah is MCIPD qualified with a Masters in Human Resources and a BSc in Business and Psychology.

Naresh is a proven international B2B & B2C marketing leader who is analytically-driven and digitally savvy and focused on revenue growth marketing and new customer acquisition.

Naresh has a proven track record in building, restructuring and leading teams in both start-up and corporate environments and has strong core capabilities in developing and executing complete integrated marketing programs from initial market entry and go-to-market strategy, value proposition development through to the execution of complete demand generation. 

Dr. Gary McGraw is co-founder of the Berryville Institute of Machine Learning. He is a globally recognised authority on software security and the author of eight best selling books on this topic. Gary produced the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine for thirteen years. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics, Computing, and Engineering.

Adam is a leading expert on threat modeling and has been on our Technical Advisory board since its inception. He currently helps organisations improve their security via Shostack & Associates and offers industry-leading threat modeling training. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.