Coaching
Scaling threat modeling can be a challenge!Scaling threat modeling can be a challenge. Threat modeling at scale requires culture change, and only a few security leaders have the skill to drive culture change.
The changes include:
- Developers and operations take on more security responsibility
- Security needs software development skills
- Security needs to transfer control and quality risk
- Engineering and operations leadership take on security decisions
- Escalations change from confrontation to clarification
The coaching process starts with assessing the landscape, identifying challenges and goals, and developing a plan, all of which lead to buy-in and signoff.
Shostack + Associates coaches leaders as they manage this change, and today, we’re excited that IriusRisk customers can now take advantage of an integrated coaching program where we combine the strengths of our team, their IriusRisk customer success team, and IriusRisk’s Automated Threat Modeling product. You can read the awesome press release, or visit their website at iriusrisk.com/shostack-associates-coaching, reach out to your IriusRisk salesperson or customer success team, or contact us. (We’re here to help, not make you jump through extra hoops.)
In a video about this post, I mention think like an attacker -- those posts are in the adversaries category, most recently, Think like Alph-V.