ATLANTA — Open threat modeling platform IriusRisk has announced a partnership with Shostack + Associates to “help customers build and sustain a security-first culture through effective threat modeling.”
As part of the partnership, threat modeling consultant Adam Shostack and his team at Shostack + Associates will deliver coaching sessions to “help users understand threat modeling to improve secure design,” according to the announcement. These session “will complement existing training courses on how to use IriusRisk’s automated threat modeling platform,” the announcement says.
The coaching will offer one to three live instruction sessions over the course of a week or self-paced virtual sessions, “focused on ensuring every member of a team has technical skills to understand and deploy threat modeling and secure by design principles,” according to the announcement.
When delivered to an entire team, the coaching is “designed to create a consistent baseline between those who are new to threat modeling and those who’ve learned via apprenticeship, other courses or perhaps self-taught approaches,” the announcement says.
The Importance of Threat Modeling Coaching
The threat modeling coaching “will help customers overcome the stumbling blocks sometimes encountered while rolling out threat modeling, such as aligning programs with corporate goals, defining roles and responsibilities within the threat modeling programs and embedding threat modeling into existing engineering culture,” according to the announcement.
Shostack’s team “will work with customers to determine the metrics, people, culture and processes that need to be in place to successfully integrate threat modeling into their company,” the announcement says.
By integrating security from the initial design phase and tracking its implementation through the development toolchain, IriusRisk’s platform “addresses the critical need for developers to ‘shift left’ on security, minimizing design flaws and cutting associated costs,” according to the announcement.
“We’re excited to partner with Adam to deliver this new coaching program,” says Stephen de Vries, co-founder and CEO of IriusRisk, in the announcement.
“As threat modeling rapidly becomes a must-have strategy for security and development teams, this coaching equips our customers with the essential skills to implement successful threat modeling programs and effectively champion its value across their organization,” he says.
“Threat modeling, in a lot of ways, isn’t just technical steps for security and developer teams. It’s a cultural shift in how they operate. To master it, you need to have the right information and tools,” says Shostack. “That’s why we’re proud to partner with IriusRisk to help its customers tackle teething issues around implementing threat modeling and deliver a successful program that can scale.”
