Professional Expertise & Experience

As the co-founder and CEO of IriusRisk, Stephen de Vries has dedicated over 20 years to the discipline of secure code design and application security. He is the principal force behind IriusRisk’s mission to automate threat modeling and scale the practice of secure design across global enterprises.

His expertise is derived from years spent in the trenches as a security consultant, where he worked directly with some of the world's largest organizations, including FTSE100 and Fortune 500 companies. In these roles, Stephen specialized in integrating security design and testing processes directly into the development lifecycle, championing the "shift-left" philosophy long before it became a mainstream industry term. This hands-on experience underpins the core functionality and real-world applicability of the IriusRisk platform.

Notable Contributions

Stephen is recognized as a leader and influential voice in the global threat modeling community:

• Threat Modeling Manifesto: He is a contributing author of this foundational document that guides the principles of modern threat modeling.

• Threat Modeling Connect: He is a founding member of this community, reinforcing his position at the forefront of the practice.

• Industry Collaboration: Stephen works closely with top security minds, including on IriusRisk’s advisory board, which features respected authorities in the field such as Adam Shostack.

• Thought Leadership: As CEO, he drives IriusRisk’s strategic direction, focusing on how technologies like AI can transform security from a reactive bottleneck into a scalable, integrated part of the DevSecOps pipeline.