IriusRisk - Experts & Thought Leaders

IriusRisk, the Open Threat Modeling platform, has announced a partnership with Shostack + Associates to help customers build and sustain a security-first culture through effective threat modeling. As part of the partnership, Adam Shostack, the pioneer, consultant, and author on threat modeling, and his team at Shostack + Associates will deliver coaching sessions to help users understand threat modeling to improve secure design, which will complement existing training courses on how to use IriusRisk’s automated threat modeling platform.  Coaching sessions The coaching will offer either 1-3 live instruction sessions over a week, or self-paced, virtual sessions The coaching will offer either 1-3 live instruction sessions over a week, or self-paced, virtual sessions, focused on ensuring every member of a team has the technical skills to understand and deploy threat modeling and secure by design principles. When delivered to an entire team, the coaching is designed to create a consistent baseline between those who are new to threat modeling and those who’ve learned via apprenticeship, other courses, or perhaps self-taught approaches. Threat modeling The coaching will help customers overcome the stumbling blocks sometimes encountered while rolling out threat modeling, such as aligning programmes with corporate goals, defining roles and responsibilities within the threat modeling programmes, and embedding threat modeling into existing engineering culture.  Adam’s team will work closely with customers to determine the metrics, people, culture, and processes that need to be in place to successfully integrate threat modeling into their company. By equipping leadership with the right materials, processes, and information, they can then communicate their mission back to internal stakeholders in a way that aligns with those stakeholders’ needs.  Shift left on security IriusRisk empowers developers, architects, and security engineers to build secure software at every stage IriusRisk empowers developers, architects, and security engineers to build secure software at every stage of the Software Development Lifecycle (SDLC). By integrating security from the initial design phase and tracking its implementation through the development toolchain, IriusRisk’s platform addresses the critical need for developers to ‘shift left’ on security, minimising design flaws and cutting associated costs. Essential customer skills “We’re excited to partner with Adam to deliver this new coaching programme,” said Stephen de Vries, Co-Founder, and CEO of IriusRisk. “As threat modeling rapidly becomes a must-have strategy for security and development teams, this coaching equips our customers with the essential skills to implement successful threat modeling programmes and effectively champion its value across their organisation.”  Tackling issues “Threat modeling, in a lot of ways, isn’t just technical steps for security and developer teams - it’s a cultural shift in how they operate. To master it, you need to have the right information and tools,” added Adam Shostack. “That’s why we’re proud to partner with IriusRisk to help its customers tackle teething issues around implementing threat modeling and deliver a successful programme that can scale.” The coaching is aimed specifically at the leadership owning a threat modeling programme in both the North American and international markets.

IriusRisk, the industry-renowned platform for automated threat modeling, grew by more than 50% in 2023, in large part as a result of the company’s expansion into Artificial Intelligence (AI). The company reported a 51% Annual Recurring Revenue (ARR) growth from December 2022 to December 2023, driven by strategic moves into AI and impressive customer retention and expansion rates.  AI expansion The expansion into AI is part of the company's wider plans to power the development of advanced AI-driven threat modeling solutions, transforming how the company can help its customers design secure software and systems. In particular, IriusRisk’s ability to threat model machine learning and AI systems, as well as embedding Gen AI into its product has enabled the company to solve one of the key points of friction with threat modeling - the time it takes for data flow diagrams to be drawn.  Cyber security National Cyber Security Centre warned that new AI tools will lead to an increase in cyberattacks The implications of the rapid development of AI on cyber security are a significant cause for concern. Earlier in 2024, the National Cyber Security Centre (NCSC, part of GCHQ) warned that new AI tools will lead to an increase in cyberattacks and lower the barrier of entry for less sophisticated hackers to do digital harm.  As such, the appointments of a new Head of AI - Jose Lopez - in February 2024, alongside Chief Commercial Strategy Officer - Mark Watson in August 2023, were particularly well timed and both have strengthened the company’s growth capabilities. AI & ML Security Library In October, IriusRisk also published its AI & ML Security Library, which allows organisations to model their planned ML software, and quickly understand what the security risks are, as well as understand what they need to do to mitigate each of those risks before they build AI systems.  This security-by-design approach means that engineering teams can quickly understand what the security requirements for building an AI system that meets their organisations security and data privacy policies. Other highlights from 2023 Strong customer retention and expansion rates - In 2023, 55% of existing customers expanded their engagements with IriusRisk, highlighting the company's ability to deliver tangible value and foster long-term partnerships. Increased headcount - By December 2023, the IriusRisk team had expanded to 161 members, a notable 34% increase on December 2022. A diverse and inclusive culture - IriusRisk employs three times more women than the average for tech companies. It scored 83% for employee engagement via the Employee Net Promoter Score (ENPS), 12% higher than the industry average. Expansion of Threat Modeling Connect - Since its launch in November 2022, IriusRisk’s Threat Modeling Connect platform - a global community to facilitate collaboration and sharing between threat modeling practitioners - has reached 1,500 members. Threat modeling Threat modeling as an activity - for SaaS and the free-to-use Community Edition is on the rise, with more clients Overall, threat modeling as an activity - for SaaS and the free-to-use Community Edition is on the rise, with more clients meaning more businesses using it as a tool for cyber defence. The IriusRisk platform saw a two-thirds (67%) increase in the number of active users, while the number of threat models created increased by more than a third (35%).  AI enhancements Stephen de Vries, CEO of IriusRisk, commented, "It’s been another strong year of growth for IriusRisk. I’m particularly pleased with the enhancements made to our AI capabilities - by doing so, we have strengthened IriusRisk’s capacity to deliver cutting-edge security solutions for our clients that adapt to the continuously evolving cyber challenge." Stephen de Vries adds, "Our expansion into AI, coupled with several strategic hires, underscores our commitment to staying ahead of technological advancements, bolstering defences against emerging cyber threats."

IriusRisk, the industry-pioneering platform for automated threat modelling, has announced the appointment of Jose López Muñoz as its new Head of AI. The appointment represents another key milestone in IriusRisk’s plans to power the development of advanced AI-driven threat modelling solutions, transforming how the company can help its customers design secure software and systems. Prior roles of Jose López Muñoz Jose López Muñoz’s immediate priorities will be helping IriusRisk’s customers take a proactive approach against the threats posed by AI. This will include encouraging the adoption of a security-by-design approach, and threat modelling processes when systems are designed, to make companies more resilient to a cyber threat. Jose joins IriusRisk from retail tech startup DTEK.ai, where he was also the Head of AI. Prior to this, he spent six years at IT security company Mimecast, including three years as their Principle Machine Learning Engineer. Here, his work focused on building network-based systems for email security, identification of threats using natural language processing (NLP) and brand protection. Rapid development of AI The appointment follows the publication of IriusRisk’s AI & ML Security Library in October, which allows organisations to model their planned ML software, and quickly understand what the security risks are, as well as understand what they need to do to mitigate each of those risks. The implications of the rapid development of AI on cyber security is a significant cause for concern The implications of the rapid development of AI on cyber security is a significant cause for concern – earlier this year, the National Cyber Security Centre (NCSC, part of GCHQ) warned that new AI tools will lead to an increase in cyberattacks and lower the barrier of entry for less sophisticated hackers to do digital harm.  Protection against the AI threat is therefore a top priority both for cyber professionals and at board level. Strengthening IriusRisk’s capacity  Stephen de Vries, CEO of IriusRisk says: “We are delighted to welcome Jose as IriusRisk’s new Head of AI - his appointment signifies a pivotal step in our mission to combat evolving threats and enhance our threat modelling capabilities to ensure our clients stay ahead of emerging dangers."  Stephen de Vries adds, "By enhancing our AI capability, we're strengthening IriusRisk’s capacity to deliver cutting-edge security solutions that adapt to the continuously evolving cyber challenge. This strategic addition underscores our commitment to staying ahead of technological advancements, bolstering defences against emerging AI-driven cyber threats.” IriusRisk’s new Head of AI Jose López Muñoz, Head of AI at IriusRisk, said: “I’m very excited to join IriusRisk, particularly at such an important moment for the cybersecurity sector. The evolving nature of AI presents both challenges and opportunities for threat modelling - by harnessing its full potential, we can enhance our ability to anticipate and mitigate emerging cyber threats." Jose López Muñoz adds, "Together with our talented team, I’m looking forward to pioneering new frontiers in threat modelling, ensuring our clients remain prepared against the ever-changing digital risks."