Security Architect

Helping organizations integrate secure-by-design practices into modern development workflows. With a hands-on experience guiding global teams through threat modeling and AI-assisted DevSecOps, Amir focuses on making security practical, scalable, and built into every stage of the software lifecycle.

Dave is a veteran of the security industry, working across a range of industries and performing a range of security functions. An engineer and developer at heart, his focus has been more toward all aspects of application security, from finding vulnerabilities to designing and architecting solutions

Ian Justiniani has been in the Cybersecurity field for 9 years starting in utilities and now in the financial space specializing in app sec and threat modeling. He lives in Southern California with his wife and. two young boys. In his spare time he is out golfing and playing basketball.

Amir Kavousian is a two-time cybersecurity founder and the CEO of DevArmor, an AI-native platform reinventing threat modeling and security design reviews for the AI era. He also led engineering teams at Capital One and holds a PhD in Engineering from Stanford.

Tony Lombardo is the marketing leader at ThreatModeler, where he brings a deep technical foundation and a growth-focused mindset to advancing the threat modeling. Tony has a background in Computer Science and brings a unique voice to the threat modeling space—one that speaks both code and customer.

John Taylor, Senior Manager at Deloitte Global where he leads a high-impact, globe-spanning application security and design team dedicated to delivering security-ready applications without slowing the pace of business delivery. John has spoken at many industry events and webinars like TMCon2023.

Marisa Fagan is Head of Product at Katilyst, a "security champions as a service" startup that's revolutionizing how organizations scale their security culture initiatives. She's dedicated her career to building security into the SDLC and empowering developers to own secure code. She lives in SF, CA.

Vikramaditya holds a Master’s from Carnegie Mellon and is an Azure-certified AI Engineer. He built the prototype for an AI governance system that secured YC funding. Vikramaditya is now leading work on multi-agent threat modeling, using LLM-driven pre-mortems across layered agentic architectures to uncover emergent risks.

Emily has been threat modeling AI systems since 2018. She led application security for Amazon's Alexa AI and owned data security and privacy at Moveworks. She's now the CEO and co-founder of Clearly AI, a YC-backed startup automating security and privacy reviews.

Spandana Gorantla is a security engineer specializing in application and product security, currently focused on AI threat modeling. With a background spanning cloud and product security in fast-paced environments, she brings a practical and approachable lens to emerging security challenges.

Taraka is a software engineer turned cybersecurity professional. His development background helps him identify software vulnerabilities and create practical security solutions. He specializes in secure SDLC design, automating code reviews, and leveraging AI to solve complex security challenges.

Damian is obsessed with scaling security across agile development teams. He was a founding member of Workday’s product security champions program and, weirdly, seems to be happiest when helping teams to threat model their systems. Damian is a Sr. Principal Cybersecurity Engineer at Workday.

Navneet Keshav is a Senior Threat Modeling Architect at Lenovo, specializing in secure-by-design and AI-assisted threat modeling. He leads Lenovo’s global threat modeling efforts, founded the Raleigh–Durham Threat Modeling Connect chapter, and holds a U.S. patent in technology.

Dustin Lehr is the Application Security Advocate at Security Journey, Co-founder of Katilyst, and an accomplished software engineer and cybersecurity leader. He helps organizations build developer-centric programs that motivate and engage developers by leveraging behavioral science techniques.

Dan has been quoted in CNBC, The Washington Post, WTOP News, The Today Show, and more. His accomplishments include being voted Best Real Estate Agent in DC by the Washington City Paper Readers Poll and being featured on The Nightly News with Brian Williams.

Senior AppSec Consultant at NVISO, Nathan helps teams across Europe embed security from design to delivery. He leads threat modeling workshops, secure design reviews, and lectures. Nathan turns AppSec into real-world impact and help fast-paced teams make threat modeling stick for good with no bullsh*t.

Simone is the W3C Security Lead. He has 20+ years of expertise in red/blue Teaming and Web security. He has spoken at OWASP, TEDx, and other events and authored Attacking and Exploiting Modern Web Applications.

Dr Anthony Phipps is a member of the cyber research centre at London Metropolitan University, conducting research into audio based cyber security applications. He is also currently a Lead Design for Lloyds Banking Group, managing a team of security design consultants.

Kelly Kaoudis is a senior security engineer in the Research practice at Trail of Bits. She is a tech lead for threat modelling engagements, and contributes to Trail’s academic and industry research projects including open source parser and file formats analysis tooling.

Karim is a seasoned and renowned thought leader within cloud security. At O3 Cyber, he conducts research and development and works with our clients, primarily in Financial Industry. Karim has a background in building and operating platform services for security on private and public clouds, developing and executing a cyber security strategy for the world’s largest sovereign wealth fund.

Håkon has extensive knowledge on implementing secure software development practices for modern teams, designing and implementing cloud security architectures, and securely operating cloud infrastructure. Håkon is a Partner at O3 Cyber, a high-end cyber security advisory for securing the cloud.

Dimitri Van Landuyt is Associate Professor in Information Systems Engineering in the Faculty of Economics and Business (FEB) of KU Leuven. Current research focuses on evaluating security and privacy threat modeling methods and tools, and addressing technical, economic risk and legal risk.

AviD is a prominent security architect and developer, with decades of experience building secure products and protecting complex systems. He has been designing, developing, and testing secure applications for over 20 years, and is obsessed with maximizing value output from security efforts, threat modeling in particular.

Stanley is the CEO and Cofounder of Katilyst, where he leads initiatives to build and enhance Security Champion programs. An avid MMORPG player since 1999, Stanley leverages his gaming experiences to apply effective gamification techniques in professional settings.

Developer & Security Engineer at Kantega SSO, engineering digital identity standards for secure authentication to the Atlassian ecosystem while facilitating and promoting secure software development practices. Creator of threat modeling game Elevation of MLsec.

Rob van der Veer has over 33 years of experience in AI and security, from hacker to CEO. He open sourced international standardization of AI security by establishing the OWASP AI Exchange flagship project, feeding right into the AI Act and ISO standards.

Practicing Cybersecurity expert, engineer and manager. Principal Security Community Architect at Red Hat. Roman has experience from security architecture & threat modelling to secure development & tooling to vulnerability management & incident response to security education for engineers & managers.

Jim Manico is the Founder of Manicode Security, a company dedicated to providing expert training in secure coding and security engineering to software developers. In addition to leading Manicode, Jim is actively involved in the tech startup ecosystem as an investor and advisor. Jim is committed to giving back to the community through his volunteer work with the OWASP foundation. He co-leads projects such as the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.

Dinis Cruz is the Chief Scientist of Glasswall and the founder of The Cyber Boardroom startup, who brings a unique blend of Security and Engineering expertise with 20+ years experience in Cyber Security and Software Development. Dinis is focused on creating Gen AI powered teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productisation and commercialisation of advanced technologies.

Robert Hurlbut is a Principal Application Security Architect and Threat Modeling Lead, Aquia. Robert is co-author of the Threat Modeling Manifesto, Threat Modeling Capabilities Model, and co-host of the Application Security Podcast.

Brook is the Author of Secrets Of A Cyber Security Architect (Auerbach, 2019) and Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015), co-author of Building In Security At Agile Speed (Auerbach, 2021) and contributing author to Core Software Security (CRC Press, 2014). Brook is a passionate security architect with decades of technical leadership experience.

Caroline Wong is the Chief Strategy Officer at Cobalt. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner's Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.

Matt is an experienced security architect and security program leader. He has deep expertise across the product lifecycle enabling security, privacy, and safety of complex systems with practices such as threat modeling and architecture analysis, code analysis, security testing, secure supply chain and manufacturing, and vulnerability and incident response.

Audrey Long is a Senior Security Software Engineer at Microsoft, holding a Master of Science degree in Cybersecurity from John Hopkins University. Her expertise includes creating coding solutions, performing threat modeling activities, and creating secure architecture.

Izar is a Sr Pr Sec Architect at SXM. He held security-related positions at DDOG, SQSP, and many others. Author and presenter,co-author of "Threat Modeling: A Practical Guide for Development Teams" by O'Reilly, member of the Threat Modeling Manifesto Group, and maintainer of the OWASP pytm tool.

Zoe Braiterman is an information security consultant and researcher. She is passionate about open source. Her contributions include involvement with OWASP and co-authoring the Threat Modeling Manifesto.

Brenna Leath is a Software Security Principal based in Raleigh, NC. As a former Head of Product Security and practitioner, Brenna has implemented scalable solutions for enterprise challenges including security champions, vulnerability management, software supply chain security, and threat modeling.

"Jamil Ahmed holds a PhD in Computer Science from Western University, London, ON in 2014 with years of experience in Threat Modeling. Most recently, he works as a Senior Application Security Engineer at Fortis Games. He also holds CSSLP from ISC2. "

Léandre Forget-Besnard is a security engineer and team lead specializing in offensive security ( pentesting and red teaming). Over the past six years, Léandre has integrated threat modeling into offensive practices, enhancing security assessments.

Laurent Bouchard is an Offensive Security Threat Modeler at Desjardins. He likes to explore how and why systems works the way they do and has been spending the last few years doing so with computer systems.

A top-performing technical leader with extensive experience in delivering threat modeling both as a consultant and in-house. Formerly the Threat Modeling Practice Lead at NCC Group, responsible for technical delivery, service line expansion, training, and business development.

Sarah-Jane has over 25 years of experience in the technology industry, with a strong background in technical operations and software engineering. She is a passionate advocate for a practical approach to security that aligns with business objectives.

Jason Nelson works in the Financial Industry currently and has over 20 years of security industry experiences. He has worked in multiple countries and across several industries. He has built teams for threat modeling programs that have taken the journey from new to highly mature and globally scaled.

Ron is a doctoral student with Tufts Security & Privacy Lab, where he focuses on threat modeling and vulnerability management for medical systems.

Principal Product Security Engineer and Security Architect with more than 20+ years of experience, OWASP Conference Speaker and security podcast participant covering topics of Threat Modeling and Security Design Patterns. Currently working at Splunk securing the Company's Products and Services.

Larry England is a Distinguished Software Engineer having experience in a wide range of technical areas including large-scale systems (z/OS), language runtimes, application development tools, database management systems, text search and retrieval, security, and operating systems.

John Krautheim has over 30 years experience in cyber security and engineering. He has a PhD in Computer Engineering and has taught cyber security at Augusta University and Naval Postgraduate School. John currently leads threat modeling and penetration testing at Broadcom Mainframe Software.

Kim Wuyts is a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices.

Irene Michlin is an application security lead at Neo4j. Before going into application security, Irene worked as a software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures. After years of AppSec consultancy, she is back to an in-house role, where she can apply all that she’s learned.

Jonathan is from Montreal, Canada and is passionate about Application Security. He enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering and has 20 years of experience in IT and Security.

Growing up in a military family, thinking about threats and security has always been a part of Roos Hubrechtsen’s life. This led her to pursue a career as a cyber security architect where she has had the privilege to work on many projects ranging from hacking cars to rebuilding hacked companies.

14 years in the tech industry working in security and engineering roles with a decade of experience as a threat modeling practitioner. Currently leading the Product Security function at Snyk, a cybersecurity company that builds developer-first security products.

Currently a Staff Application Security engineer at IronClad with the role of building a new AppSec Program. Before that, Mohamed was also an AppSec Engineer at Amazon for ~ 4 years where he collaborated on 500+ AWS services/features/tools.

Isabel Barberá is the author of PLOT4ai. She is also one of the members of ENISA Working Group on Data Protection Engineering and a National Expert at ISO/CEN/CENELEC working on the development of standards related to AI and privacy engineering.

James Rabe is the Head of Global Services at IriusRisk. He is focused on building effective threat modeling programs through pragmatic, lean, and scalable processes. Secure by Design is the outcome and threat modeling is the pathway to get there!

With a strong interest in cyber security matters, ranging from high-level architectural challenges to technical implementations, Michael Boeynaems is the founder of Splynter where he has the opporutnity to prepare organizations end-to-end for future threats that are approaching quickly.

Frank Simorjay is a Principal Program Manager for the Industry Cloud Solutions team at Microsoft. He is a cloud security architect and content developer with an extensive library of security content for Microsoft. He is a CISSP and ISSA Distinguished Fellow.

Dr. Michael Loadenthal is a Professor of Research at the Center for Cyber Strategy & Policy, at the University of Cincinnati. He serves as a SME focused on security, technology, and extremism, advising social movements, journalists, and high-risk individuals to protect themselves off and online.

Adam is the author of Threat Modeling: Designing for Security, and Threats: What Every Engineer Should Learn from Star Wars, and the first recipient of the Adam Shostack Award for Threat Modeling.

Sebastien Deleersnyder, CTO Toreon, has a deep cybersecurity background. He has trained many developers in secure coding practices, started OWASP Belgium, contributed significantly to projects like SAMM. Now, he's focusing on integrating AppSec into DevOps and expanding the reach of threat modeling.