The idea of building security into new hardware and software products from the outset has gained ground over the last few years.
And the move to "shift left" and introduce security by design has gained ground, following growing concerns about supply chain attacks.
One way to achieve this is through threat modelling. Threat modelling is not, itself, new: Microsoft did pioneering work on it in the Nineties. But it is now being adopted by bodies such as NIST, with the goal of reducing zero-day vulnerabilities.
In this episode of the Security Insights podcast, Stephen de Vries, Co-founder and CEO of IriusRisk, has worked on threat modelling for over a decade. He explains why organisations should add it to their security toolkit.

Stephen de Vries
Stephen is our co-founder and CEO, and leads our team in building the IriusRisk Threat Modeling platform. He has a strong background in web application and particularly Java security, with an emphasis on automated security testing and risk assessment. He has published numerous original research papers and presented at leading conferences such as Blackhat USA/Europe, DevOps Connect, and OWASP, a founding leader of the OWASP Java Project, and contributor to OWASP ASVS and Testing projects. Despite being CEO, Stephen is very much involved in all operations and functions across the company and loves to share his experience with delegates at our hosted events, and external conferences.