Devici Launch

I’m excited to announce the emergence of my new company, Devici. Today, I publicly take the reins as CEO and co-founder. Here’s why now is the time for secure and privacy-by-design.

I’ve been a proponent of threat modeling my entire security career (twenty-six years). Initially, I didn’t even realize I was doing threat modeling. I considered the security properties of a system design, made a list of what could go wrong, and then proposed mitigations to fix the problems. I worked on teams with industry giants who conformed to a robust set of security requirements and taught me to appreciate the beauty of a system designed securely from the start.

As my career progressed, I taught and implemented threat modeling at Cisco Systems, refining my unique approach through experience. I scoped models and narrowed feature sets to focus on essential security and privacy conditions of significant technology products – which grew and matured my philosophy. My method of asking questions matured, unlocking hidden security and privacy conditions.

As a threat modeling expert, I've spoken at conferences and was invited to co-author the "Threat Modeling Manifesto." I chair ThreatModCon 2023, the first-ever threat modeling conference, and have conducted workshops at the RSA Conference. I also produce the "Threat Modeling Podcast" to learn more about this discipline that’s both an art and a science.

Threat modeling is a subject I’ve been passionate about my entire career. Devici was born because we can and must get better at threat modeling as an industry. I saw a gap as I examined the tools and technologies available for threat modeling. I don’t see one that enables what I call threat modeling. I don’t see an option that embeds threat modeling within a company like Cisco. So, I’ve set out to change that.

Devici is in its infancy, but it will grow and adapt. We’re giving developers and architects a tool to embrace secure by design and default. We exist to make this process of secure design seamless and easy. We do it in a way that lets the developers and architects be experts in their field and augments the security and privacy pieces into their designs.

Devici exists to unlock the threats that exist in all the code that has been deployed for decades. In our first release, you can import the knowledge and structure of all that code, both from the code itself and runtime observability. It’s the best of both worlds in one realistic design that pinpoints the most dangerous threats that require mitigation.

I’m not doing this alone. I’m partnering with my wife, Deb Romeo (Chief Financial Officer), and Laura McAliley (Chief Marketing Officer). Both were instrumental to the success of Security Journey, the company that Deb and I founded in 2016 and that we all exited from in 2022. We’re taking the lessons we learned in building a company from the ground up to exit and applying them to Devici.

We have much more to share as we grow. We’re signing folks up now for a beta beginning in late October / early November. We’re excited to partner with early adopters that will help us shape and grow the product. We’ll also be announcing our technical advisory board of threat modeling experts. Stay tuned – we are about to take this industry segment by storm.

Follow Devici on LinkedIn