Shostack + Friends Blog

Coaching

Scaling threat modeling can be a challenge. Threat modeling at scale requires culture change, and only a few security leaders have the skill to drive culture change.

The changes include:

Developers and operations take on more security responsibility
Security needs software development skills
Security needs to transfer control and quality risk
Engineering and operations leadership take on security decisions
Escalations change from confrontation to clarification

The coaching process starts with assessing the landscape, identifying challenges and goals, and developing a plan, all of which lead to buy-in and signoff.

Shostack + Associates coaches leaders as they manage this change, and today, we’re excited that IriusRisk customers can now take advantage of an integrated coaching program where we combine the strengths of our team, their IriusRisk customer success team, and IriusRisk’s Automated Threat Modeling product. You can read the awesome press release, or visit their website at iriusrisk.com/shostack-associates-coaching, reach out to your IriusRisk salesperson or customer success team, or contact us. (We’re here to help, not make you jump through extra hoops.)

Originally published by Adam on 10 Oct 2024
Categories: threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.