About Cristina & IriusRisk
Cristina Bentue is the co-founder and COO of IriusRisk, an automated threat modelling platform established in 2014 that helps organisations integrate security at the very start of the application development process, empowering developers.
Over 50% of cybersecurity flaws and vulnerabilities are created during application design. To make apps more secure and resilient, security must be included in the design and development process from the offset, a practice known as threat modelling. Threat modelling is a process of shifting security left in the software development lifecycle and is hugely valuable to ensure solutions are not launched with critical vulnerabilities that would be difficult and costly to identify and fix once in post-production.
Despite the many benefits that threat modelling brings to the table, it is seen as a slow and static process that is difficult to implement at scale or beyond security teams because organisations have traditionally conducted threat modelling manually on whiteboards or electronic documents. Insecure design is recognised as one of OWASP’s top ten web application security risks, but organisations and businesses are still reluctant to introduce threat modelling and truly “shift left” as an industry.
The IriusRisk Threat Modelling Platform is a game-changing solution because it means that organisations can finally scale threat modelling across all of their critical apps and across their entire software portfolio to deliver a consistent standard of more secure, resilient software at scale.
Through the IriusRisk platform, organisations gain visibility into potential threats in their software, which automatically provides developers and security teams with detailed countermeasures to fix the vulnerabilities from the start of the design phase. This automation relieves the burden of security workload for both security architects and engineers and means that companies are better able to keep pace with the cadence of iterative rollouts and updates, as the platform suggests security mitigations to take as an application evolves.
Identifying potential security risks earlier also speeds up the time to deploy software. The bottleneck created by security testing is removed by gathering and providing requirements prior to development so that risk is mitigated before a line of code is written and rework is reduced to a minimum.
Organisations benefit from IriusRisk’s extensive security standards libraries which include existing threat models for known components, comprehensive security standards and compliance libraries, which helps teams to build secure software first and automatically address regulatory requirements. This helps companies to standardise their threat modelling processes but also makes it easier for engineers to deploy threat models without the oversight of security professionals, putting security into their hands and helping to create a culture of secure design.
In the last 12 months, IriusRisk introduced a four day week for it’s tech team, as part of the company’s effort to retain and attract talent. A few days after this change was made public, IriusRisk had received several dozen CVs interested in joining their tech team.