Threat Modeling Program

Overview

Built a scalable threat modeling program integrated into the product development lifecycle. Developed tooling and processes to support threat modeling as code, enabling engineers to embed models (C4 diagrams, YAML-based risk definitions) directly into Git repositories. Standardized on STRIDE methodologies for feature-level analysis and introduced Threagile to automate risk calculations. Trained engineering teams and created reusable templates for consistent adoption.

Role

Director acting as lead security architect; engineering teams executed threat modeling activities using provided tooling and templates.

Impact

Shifted threat modeling from a security bottleneck to a developer-enabled process. Increased coverage across product features by 200%. Improved accuracy and consistency of security design reviews, and provided executives with quantifiable visibility into systemic risks.

Technologies, Frameworks, and Artifacts

• STRIDE methodology
• Threagile
• Threat modeling-as-code workflows
• C4 modeling
• Git-based automation