November 7-8, 2025

Threat modeling journeys - from 0-1, from good to great. Join us for two action-packed days of practitioner-led talks, peer discussions & networking.

Call for Papers open now!

This year’s theme is Threat Modeling Journeys. We’re inviting stories of how you started, scaled, or sharpened your threat modeling practices. Whether it was a leap from 0 to 1 or a step from good to great, we want to hear what you’ve learned and how others can apply it.

Submission deadline: August 8, 2025

Why speak at ThreatModCon?
  • Share your voice in a global community
  • Engage with a passionate, practitioner-led audience
  • Get professional development support and speaker mentoring
  • Join a growing movement advancing threat modeling and secure-by-design practices 
What we’re looking for

As a practice-oriented conference, we welcome proposals that explore real-world experience, hands-on techniques, and community-proof across all maturity levels. 

  • 30-minute presentation
  • 70-minute iInteractive workshops
  • 70-minute threat modeling game session
  • New: 5-minute threat modeling story/mini case-study (for the un-keynote)*
  • New: Poster sessions **
*Threat modeling story/mini case-study (for the un-keynote) 

The Un-Keynote is back—a community-led session featuring five-minute flashbacks from real threat modeling journeys. Share a defining moment: how you got started, a tough lesson, a breakthrough, or what you’d do differently if starting today. These bite-sized stories highlight the human side of threat modeling and inspire others through honest, relatable experiences.

**Poster session

New this year, poster sessions offer a visual, conversational way to share your work. Great for early-stage ideas, research, or prototypes, this format lets you engage one-on-one with attendees and spark informal, thoughtful discussions.

Topics you could cover...

Frameworks, Tools & Technical Practices
Frameworks, methods, and tools (including open source)
Integration with DevSecOps and Agile development
Metrics and risk prioritization – measuring value, impact, and maturity
Security design patterns and standards
Implementation & Organizational Scale
Case studies and implementation lessons
Scaling threat modeling in teams and organizations
Threat modeling culture and team dynamics
Educational strategies and training programs
Innovation & Emerging Domains
Threat modeling in emerging areas (AI, machine learning, hardware, etc.)
Privacy, data protection, and regulatory alignment
Academic or industry research in threat modeling
Wild Cards & New Ideas
Got your own idea? Go for it!

First-time conference speakers? We’ve got you!

All accepted speakers will be paired with a mentor through our well-received Speaker Mentorship Program. Mentors are experienced threat modeling professionals and seasoned speakers who will support you with feedback, preparation tips, and coaching to help you succeed.

Meet our 2025 sponsors

Diamond
Gold
Silver

Interested in being a sponsor?

Connect with potential clients and build your community at the world’s only conference dedicated to threat modeling and secure by design.

Only a few tickets remain... Grab yours now!

Got you feeling inspired? Stoked your curiosity? Lit the threat modeling fire in your belly?!

Limited tickets are left so get yours now before they're gone (and they will go!).

Speakers

Gain invaluable insights from top industry experts, seasoned practitioners, and thought leaders in threat modeling across technology, security consulting, academia, and beyond. Explore cutting-edge trends, delve into real-world case studies, and discover how these experts have empowered organizations to advance their threat modeling capabilities.

Keynote Speakers
Dinis Cruz
Founder & CEO, The Cyber Boardroom

Dinis Cruz is the Chief Scientist of Glasswall and the founder of The Cyber Boardroom startup, who brings a unique blend of Security and Engineering expertise with 20+ years experience in Cyber Security and Software Development. Dinis is focused on creating Gen AI powered teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productisation and commercialisation of advanced technologies.

Jim Manico
Founder & CEO, Manicode Security

Jim Manico is the Founder of Manicode Security, a company dedicated to providing expert training in secure coding and security engineering to software developers. In addition to leading Manicode, Jim is actively involved in the tech startup ecosystem as an investor and advisor. Jim is committed to giving back to the community through his volunteer work with the OWASP foundation. He co-leads projects such as the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.

Speakers
Isabel Barberá
AI Advisor, Privacy Engineer & Co-founder, Rhite

Isabel Barberá is the author of PLOT4ai. She is also one of the members of ENISA Working Group on Data Protection Engineering and a National Expert at ISO/CEN/CENELEC working on the development of standards related to AI and privacy engineering.

Sebastien Deleersnyder
Co-founder and CTO, Toreon

Sebastien Deleersnyder, CTO and co-founder of Toreon, has a deep cybersecurity background. He has trained many developers in secure coding practices, founded the Belgian OWASP chapter, and contributed significantly to OWASP projects like SAMM. Now, he’s focusing on integrating application security into DevOps and expanding the reach of threat modeling.

Avi Douglen
CEO, Bounce Security/OWASP Board of Directors

AviD is a prominent security architect and developer, with decades of experience building secure products and protecting complex systems. He has been designing, developing, and testing secure applications for over 20 years, and is obsessed with maximizing value output from security efforts, threat modeling in particular.

Karim El-Melhaoui
Principal Security Architect, O3 Cyber / Microsoft Security MVP

Karim is a seasoned and renowned thought leader within cloud security. At O3 Cyber, he conducts research and development and works with our clients, primarily in Financial Industry. Karim has a background in building and operating platform services for security on private and public clouds, developing and executing a cyber security strategy for the world’s largest sovereign wealth fund.

Stanley Harris
CEO and Cofounder, Katilyst

Stanley is the CEO and Cofounder of Katilyst, where he leads initiatives to build and enhance Security Champion programs. An avid MMORPG player since 1999, Stanley leverages his gaming experiences to apply effective gamification techniques in professional settings.

Kelly Kaoudis
Sr Security Engineer - Research, Trail of Bits

Kelly Kaoudis is a senior security engineer in the Research practice at Trail of Bits. She is a tech lead for threat modelling engagements, and contributes to Trail’s academic and industry research projects including open source parser and file formats analysis tooling.

Anthony Phipps
Lead Security Design Consultant, Lloyds Banking Group

Dr Anthony Phipps is a member of the cyber research centre at London Metropolitan University, conducting research into audio based cyber security applications. He is also currently a Lead Design for Lloyds Banking Group, managing a team of security design consultants.

James Rabe
Head of Global Services, IriusRisk

James Rabe is the Head of Global Services at IriusRisk. He is focused on building effective threat modeling programs through pragmatic, lean, and scalable processes. Secure by Design is the outcome and threat modeling is the pathway to get there!

Adam Shostack
President, Shostack Associates

Adam is the author of Threat Modeling: Designing for Security, and Threats: What Every Engineer Should Learn from Star Wars, and the first recipient of the Adam Shostack Award for Threat Modeling.

Elias Brattli Sørensen
Developer & Security Engineer, Kantega SSO

Developer & Security Engineer at Kantega SSO, engineering digital identity standards for secure authentication to the Atlassian ecosystem while facilitating and promoting secure software development practices. Creator of threat modeling game Elevation of MLsec.

Håkon Nikolai Stange Sørum
Principal Security Architect and Partner, O3 Cyber

Håkon has extensive knowledge on implementing secure software development practices for modern teams, designing and implementing cloud security architectures, and securely operating cloud infrastructure. Håkon is a Partner at O3 Cyber, a high-end cyber security advisory for securing the cloud.

Rob van der Veer
Chief AI Officer, Software Improvement Group (SIG)

Rob van der Veer has over 33 years of experience in AI and security, from hacker to CEO. He open sourced international standardization of AI security by establishing the OWASP AI Exchange flagship project, feeding right into the AI Act and ISO standards.

Dimitri Van Landuyt
Associate Professor in Information Systems Engineering, KU Leuven

Dimitri Van Landuyt is Associate Professor in Information Systems Engineering in the Faculty of Economics and Business (FEB) of KU Leuven. Current research focuses on evaluating security and privacy threat modeling methods and tools, and addressing technical, economic risk and legal risk.

Kim Wuyts
Manager, Cyber & Privacy, PwC Belgium

Kim Wuyts is a leading privacy engineering expert with over 15 years of experience in security and privacy. Before joining PwC as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices.

Simone Onofri
Security Lead, W3C

Simone is the W3C Security Lead. He has 20+ years of expertise in red/blue Teaming and Web security. He has spoken at OWASP, TEDx, and other events and authored Attacking and Exploiting Modern Web Applications.

Ready to share your journey?

Submit your proposal by August 8, 2025.

We can’t wait to hear your ideas–and welcome you to D.C.!