Thank you for making the third ThreatModCon in the world – the first of its kind in the San Francisco Bay Area – a huge success! From insightful talks to networking with like-minded threat modeling pros, the event was packed with valuable moments. Check out the highlights below and relive the best moments!

Catch the recap

Relive the energy and key insights of the event.

Dive into the highlights and summary of each session.

Read the blog post.

Explore Event Photos
Browse through the event photo gallery to relive the action.
Download the Slides
Download the insights from our expert speakers and explore the key points at your own pace.
Stay Tuned for ThreatModCon 2025
Stay in the loop about future events, meetups, and news by joining the Threat Modeling Connect community!

Become a Sponsor

Join the ThreatModCon sponsor network to feature your brand with our community.

New to ThreatModCon?

Watch highlights from our last event in Lisbon and get a taste of ThreatModCon.

Agenda

Friday

Spetember 27

Time
Session
Speaker
Stage
Type
6:00pm
Welcome Reception
Networking

Saturday

September 28

Click on a session name to find out more...

Time
Session
Speaker
Stage
Type
8:00am
Registration & Coffee
9:00am
Brook Shoenfield
Seacliff A/B/C/D
9:05am
Matthew Coles
Adam Shostack
Caroline Wong
Izar Tarandach
Jonathan Marcil
A special guest
Seacliff A/B/C/D
Un-keynote keynote
10:00am
Brenna Leath
Seacliff A/B/C/D
Expert Talk
10:35am
AM Coffee Break & "Find My Tribe 👋" Meetup
11:10am
Joern Freydank
Seacliff A/B
Expert Talk
11:10am
Laurent Bouchard
Léandre Forget-Besnard
Seacliff C/D
Expert Talk
12:25pm
Lunch: Birds of a Feather Discussion
1:35pm
Robert Hurlbut
Seacliff A/B
Hands-on workshop
1:35pm
Jamil Ahmed, Ph.D
Seacliff C/D
Hands-on workshop
3:00pm
Audrey Long
Seacliff A/B
Expert Talk
3:00pm
John Krautheim
Seacliff C/D
Expert Talk
3:30pm
Coffee Break
4:20pm
Brook Shoenfield
Seacliff A/B/C/D

Speakers

Gain invaluable insights from top industry experts, seasoned practitioners, and thought leaders in threat modeling across technology, security consulting, academia, and beyond. Explore cutting-edge trends, delve into real-world case studies, and discover how these experts have empowered organizations to advance their threat modeling capabilities.

Jonathan Marcil
Consultant, JM International

Jonathan is from Montreal, Canada and is passionate about Application Security. He enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering and has 20 years of experience in IT and Security.

John Krautheim
Principal Engineer, Broadcom

John Krautheim has over 30 years experience in cyber security and engineering. He has a PhD in Computer Engineering and has taught cyber security at Augusta University and Naval Postgraduate School. John currently leads threat modeling and penetration testing at Broadcom Mainframe Software.

Larry England
Distinguished Software Engineer, Broadcom

Larry England is a Distinguished Software Engineer having experience in a wide range of technical areas including large-scale systems (z/OS), language runtimes, application development tools, database management systems, text search and retrieval, security, and operating systems.

Joern Freydank
Principal Product Security Engineer, Splunk

Principal Product Security Engineer and Security Architect with more than 20+ years of experience, OWASP Conference Speaker and security podcast participant covering topics of Threat Modeling and Security Design Patterns. Currently working at Splunk securing the Company's Products and Services.

Ron E. Thompson
PhD Candidate, Tufts Security & Privacy Lab

Ron is a doctoral student with Tufts Security & Privacy Lab, where he focuses on threat modeling and vulnerability management for medical systems.

Jason Nelson
Principal Consultant & Owner, Necessary Security LLC

Jason Nelson works in the Financial Industry currently and has over 20 years of security industry experiences. He has worked in multiple countries and across several industries. He has built teams for threat modeling programs that have taken the journey from new to highly mature and globally scaled.

Cristiano Corradini
Manager, Security Engineering, AWS

A top-performing technical leader with extensive experience in delivering threat modeling both as a consultant and in-house. Formerly the Threat Modeling Practice Lead at NCC Group, responsible for technical delivery, service line expansion, training, and business development.

Léandre Forget-Besnard
Team Lead, AppSec & Threat Modeling, Desjardins

Léandre Forget-Besnard is a security engineer and team lead specializing in offensive security ( pentesting and red teaming). Over the past six years, Léandre has integrated threat modeling into offensive practices, enhancing security assessments.

Jamil Ahmed, Ph.D
Sr. AppSec Engineer, Fortis Games

"Jamil Ahmed holds a PhD in Computer Science from Western University, London, ON in 2014 with years of experience in Threat Modeling. Most recently, he works as a Senior Application Security Engineer at Fortis Games. He also holds CSSLP from ISC2. "

Brenna Leath
Software Security Principal, Navy Federal Credit Union

Brenna Leath is a Software Security Principal based in Raleigh, NC. As a former Head of Product Security and practitioner, Brenna has implemented scalable solutions for enterprise challenges including security champions, vulnerability management, software supply chain security, and threat modeling.

Zoe Braitermen
Chief Information Officer, Mutual Knowledge Systems

Zoe Braiterman is an information security consultant and researcher. She is passionate about open source. Her contributions include involvement with OWASP and co-authoring the Threat Modeling Manifesto.

Izar Tarandach
Sr. Principal Security Architect, SiriusXM

Izar is a Sr Pr Sec Architect at SXM. He held security-related positions at DDOG, SQSP, and many others. Author and presenter,co-author of "Threat Modeling: A Practical Guide for Development Teams" by O'Reilly, member of the Threat Modeling Manifesto Group, and maintainer of the OWASP pytm tool.

Audrey Long
Sr. Security Software Engineer, Microsoft

Audrey Long is a Senior Security Software Engineer at Microsoft, holding a Master of Science degree in Cybersecurity from John Hopkins University. Her expertise includes creating coding solutions, performing threat modeling activities, and creating secure architecture.

Matthew Coles
Sr. Principal Product Security Engineer, Dell Technologies

Matt is an experienced security architect and security program leader. He has deep expertise across the product lifecycle enabling security, privacy, and safety of complex systems with practices such as threat modeling and architecture analysis, code analysis, security testing, secure supply chain and manufacturing, and vulnerability and incident response.

Caroline Wong
CSO, Cobalt

Caroline Wong is the Chief Strategy Officer at Cobalt. She has 15+ years of cybersecurity leadership, including practitioner, product, and consulting roles. Caroline authored the popular textbook, Security Metrics: A Beginner's Guide. She teachers cybersecurity courses on LinkedIn Learning and hosts the Humans of InfoSec podcast.

Brook Shoenfield

Brook is the Author of Secrets Of A Cyber Security Architect (Auerbach, 2019) and Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015), co-author of Building In Security At Agile Speed (Auerbach, 2021) and contributing author to Core Software Security (CRC Press, 2014). Brook is a passionate security architect with decades of technical leadership experience. He currently provides security architecture leadership for three security consultancies, as well as being an advisor to True Positives, LLC and Resilient Software Security, LLC. providing both technical leadership and strategy to the consultancies as well as contributing to our clients’ holistic software security programmes and secure design/threat modeling efforts.

Robert Hurlbut
Principal Application Security Architect / Threat Modeling Lead, Aquia Inc

Robert Hurlbut is a Principal Application Security Architect and Threat Modeling Lead, Aquia. Robert is co-author of the Threat Modeling Manifesto, Threat Modeling Capabilities Model, and co-host of the Application Security Podcast.

Adam Shostack
President, Shostack Associates

Adam is the author of Threat Modeling: Designing for Security, and Threats: What Every Engineer Should Learn from Star Wars, and the first recipient of the Adam Shostack Award for Threat Modeling.

Laurent Bouchard
Offensive Security Threat Modeler, Desjardins

Laurent Bouchard is an Offensive Security Threat Modeler at Desjardins. He likes to explore how and why systems works the way they do and has been spending the last few years doing so with computer systems.

Join the Conversation

Looking to deepen your understanding of threat modeling? Engage with fellow practitioners, share your experiences, and ask questions in the Threat Modeling Connect forum! It’s a vibrant space where you can collaborate, learn, and grow alongside industry experts and peers.