Threat modeling as a team sport with security champions & AI
November 8, 2025
3:50PM
Beverly Snow
About this session
This is the story of how our organization reimagined Threat Models as living, machine‑readable code embedded in our Secure SDLC. By co‑locating YAML‑based threat models in code repos, automating adversarial test cases for every threat identified, and streamlining repo onboarding via self-serve tooling, we empowered 750+ Security Champions to drive developer‑led security at scale. Finally, we’ll show how AI agents accelerate our process while preserving human expertise.
About the speaker
Damian is obsessed with scaling security across agile development teams. He was a founding member of Workday’s product security champions program and, weirdly, seems to be happiest when helping teams to threat model their systems. Damian is a Sr. Principal Cybersecurity Engineer at Workday.
.png){kind=logo}
