Introducing the Devici Technical Advisory Board

We're All Passionate About Threat Modeling

We're thrilled to announce the formation of the Devici Technical Advisory Board (TAB) to guide the direction and innovation of Devici and our threat modeling platform.

We assembled the board for their keen knowledge of application security, privacy, and threat modeling. But, most importantly, they all share a passion for making the practice of threat modeling accessible to developers, engineers, security personnel, DevOps, and product managers.

As we approach our public release, input from industry leaders is critical to guide us through changes and advancements in the industry. Their advice is critical in determining what's necessary for those involved in product development, security, and data privacy. Without this input, introducing a product that fails to meet requirements or hinders the creation of threat models is risky. As I often say, dev and security teams should threat model almost every user story to avoid as many design flaws as possible.

Our advisory board members:

• Act as a friend, mentor, and teacher to help us grow and thrive as an organization.

• Provide a rich understanding of the threat modeling industry, including security and privacy by design practices.

• Bring insight and support to help us bring a product to market that makes financial and functional sense for our customers.

Members of the Devici Technical Advisory Board are:

Dr. Kim Wuyts, Manager Cyber & Privacy

A security and privacy engineering expert with more than 15 years of experience, Kim led the development and extension of LINDDUN, a popular privacy threat modeling framework, during her tenure as a senior researcher at KU Leuven. Her mission is to raise privacy awareness and get organizations to embrace privacy and security best practices. Kim is a guest lecturer and a public speaker at international privacy and security conferences. She is also a co-author of the Threat Modeling Manifesto, program co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA's working group on Data Protection Engineering.

Izar Tarandach, Threat Modeling Author & Sr. Principal Security Architect

With more than 25 years of security experience, Izar Tarandach is the co-author of Threat Modeling: A Practical Guide for Development Teams and a member of the Threat Modeling Manifesto group of authors. He has extensive experience exploring both the hard and soft skills of application security. He is currently a Sr. Principal Security Architect.

Sarah-Jane Madden, CISO

Sarah-Jane has over 25 years of experience in the technology industry, with a strong background in technical operations and software engineering. Over the years, she has honed her skills in cybersecurity and has become a passionate advocate for a practical approach to security. In her opinion, it is crucial to adopt a pragmatic mindset when building a security program that aligns with business objectives.

Sarah-Jane holds an MSc in Secure Computing and Forensics from Dublin City University. She is a Certified Information Systems Security Professional (CISSP), reflecting her commitment to cybersecurity. Currently, she serves as the Chief Information Security Officer (CISO) for a Fortune 500 subsidiary group of technology companies. In this role, she plays a critical role in enhancing and maintaining the security of these organizations.

Matthew Coles, Threat Modeling Author & Distinguished Member of Technical Staff, Product & Application Security

Matthew Coles is a product security architect and secure systems engineering leader for connected devices and the ecosystems and processes that create, enable, and support them. He co-authored a helpful guide to threat modeling for developers, is among the team of experts who developed the Threat Modeling Manifesto and is active in initiatives including OWASP, OpenSSF, and MITRE's CWE/CAPEC community initiatives. Matt holds a CSSLP certification from ISC2 and is a frequent conference presenter on threat modeling and other security lifecycle topics.