Professional Expertise & Experience

As the International Solution Architects Team Lead, David Doughty guides security teams in building and optimizing their threat modeling programs using a systematic, agile approach. His expertise is rooted in the practical application of security design principles and risk management frameworks.

David is a subject matter expert in core threat modeling disciplines:

• Methodology Implementation: He has extensive experience applying and teaching frameworks like STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) to complex architectural diagrams.
• Risk Pattern Development: David works with the IriusRisk team, which has been building and maintaining robust risk libraries for over 7 years. He specializes in documenting and structuring reusable security controls (countermeasures) for modern components like cloud platforms (AWS, Azure, GCP), Docker/Kubernetes, and Industrial Control Systems (ANSI/IEC 62443).

• Mitigation Strategy: He translates common weaknesses (e.g., lack of input validation) into specific, actionable security requirements for engineering teams (e.g., using Prepared Statements to counter SQL injection).

Notable Contributions

David is a public-facing authority on the practical mechanics of risk prioritization and threat modeling automation:

• Expert-Led Webinars: He is a frequent presenter on IriusRisk webinars, offering practical demonstrations on how to use the platform to sharpen the view, prioritize critical threats, and effectively cut through security noise using features like filters and custom views.
• Published Content: He has authored detailed guides on the process of evolving threat modeling, including sections on identifying, mitigating, and prioritizing threats, and interpreting risk calculations.