Technical Advisory Board

Helping to shape the threat modeling future

IriusRisk’s Technical Advisory Board (TAB) helps the IriusRisk management team in tackling strategic and tactical problems related to the business, and provides insight into how developers can best use the platform.

The TAB plays a pivotal role in accelerating the company’s efforts to push Threat Modeling to the forefront of the security agenda and secure our place as the choice solution for global organizations.

IriusRisk’s Technical Advisory Board of eminent cyber security, threat modeling and software development practitioners from around the world advises the company as it aims to empower and enable engineering teams to identify and address security flaws in their designs before development begins. The ability to introduce security right from the beginning of software design through automated threat modeling will allow organizations to speed up time to deployment, while eliminating design flaws from the outset, economically creating better products that are more resilient to attack.

Dr. Gary McGraw (Chair)

Gary McGraw is the co-founder of the Berryville Institute of Machine Learning. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.

Dr. McGraw has also written over 100 peer-reviewed scientific publications. Gary serves on the Advisory Boards of Legit, IriusRisk, Maxmyinterest, Protopia AI, Red Sift, and Secure Code Warrior.  He has also served as a Board member of Cigital and Codiscope (acquired by Synopsys) and as Advisor to CodeDX (acquired by Synopsys), Black Duck (acquired by Synopsys), Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye).

Gary produced the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine for thirteen years. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the Luddy School of Informatics, Computing, and Engineering.

Adam Shostack

Whilst at Microsoft, Adam was the lead designer on the Security Development Lifecycle Threat Modeling Tool. This was the first security tool to facilitate threat modeling for developers & architects. Earlier tools were designed to help security experts record their analysis.

Adam created the “Elevation of Privilege” card game based on Microsoft’s mnemonic STRIDE threat model framework, designed as an easy entry point to threat modeling.

Adam is the author of the seminal book: Threat Modeling: Designing for Security – a comprehensive, actionable, real world framework on integrating threat modeling within the development lifecycle.

Aaron Bedra

Aaron is an expert in modern software development tools and a rare cross-functional developer and software security expert.

Having previously served as a Chief Security Officer, Chief Technology Officer, and Principal Engineer/Architect at a number of well-known companies, he brings a wealth of insights into the latest development trends and tools to IriusRisk.

Dr. Laurie Williams

One of the foremost researchers in agile software development and a Distinguished University Professor of the Computer Science Department of the College of Engineering at North Carolina State University (NCSU).

Laurie is a co-director of the NCSU Science of Security Lablet, the co-director of the Secure Computing Institute, and the chief cybersecurity technologist at the Secure Computing Institute.