Meet Stephen de Vries, Co-Founder & CEO of Threat Modelling Platform: IriusRisk

Tell us about IriusRisk

IriusRisk is the industry’s leading threat modeling and secure design solution that allows engineering teams to design secure software from the start. Every sector of the global economy is being transformed by software, yet software vulnerabilities are frequently exposed by cyber attacks. More than half of these vulnerabilities are flaws in the design of the system. IriusRisk helps non-security experts identify these software security design flaws before they write a line of code.

IriusRisk works with clients that include four of the top 10 Globally Systemically Important Banks (G-SIBs) to automate the process of threat modeling and enable organisations to design secure software, at scale.


What do you think makes this company unique?

Cyber attacks on businesses, organisations and individuals have been growing exponentially for years and have directly impacted people’s livelihoods, data security and in some cases even physical safety and health. A great many of these attacks succeed because hackers are able to find vulnerabilities in software.

As an ethical hacker myself, I have long been aware of these software vulnerabilities and the need to do more to make software more secure. The problem is that, for many software developers, security is an afterthought. Something done at the end of the development process once the software is already deployed.

What makes IriusRisk unique is that it allows developers and solution architects to identify architectural and design-time security flaws in their systems without having to engage with a security expert. This means that they have a much faster self-service route to producing software that is secure by design.


How has the company evolved over the last couple of years?

Governments across the world are starting to bring forward legislation designed to make software more secure. The United States is taking a lead here and plans to make software vendors liable for the security of their products. The European Union, the UK and a number of other countries are also working on similar legislation.

As a result, companies are also recognising the need to prioritise secure design and this is spurring our growth. We have grown from two employees to 155, and at the end of last year we raised a $28.7m Series B funding round to meet a growing demand for our threat modeling software after doubling our customer base in 2021. Up until recently it’s been the larger regulated organisations, such as banks, financial institutions, medical device manufacturers and critical infrastructure companies, who have been first to adopt automated threat modeling, but we expect this to rapidly extend to other software vendors as the pressure from governments and regulators grows.

What can we hope to see from IriusRisk in the future?

We are at the forefront of threat modeling and have been helping mature organisations scale this activity in their security and engineering teams. If we can do our job then we will be able to have a positive impact on people’s lives and that is really exciting.

However, automated threat modeling is still in its relative infancy in a really dynamic sector. We’re continually working on improving our platform, while also having to adapt to new regulations and standards. It’s an exciting challenge and the long-term goal is for all software to be secure by design and, of course, for IriusRisk to play a big part in achieving it.