SecAppDev 2025 Faculty
Izar Tarandach
Sr. Principal Security Architect
Izar Tarandach is a seasoned security expert with deep experience in application and cloud security, threat modeling, and secure software development. He is co-author of Threat Modeling: A Practical Guide for Development Teams and a frequent speaker on integrating security practices into modern software lifecycles. Izar is known for his pragmatic approach to scaling security in agile and DevOps environments. He is a co-creator of the Threat Modeling Manifesto and a podcaster at The Security Table podcast.
Don't miss out on SecAppDev!
Grab your seat nowContinuous Threat Modeling: Let Developers Figure It Out
Deep-dive lecture by Izar Tarandach in room West Wing
Monday June 2rd, 14:00 - 15:30
Continuous Threat Modeling for Developers. They're creating the problems, let them create the solution! No, really - enable them to see the security value of the stories they work on, what could go wrong, and what to do about them.
Key takeaway: Threat Modeling should not be a one-shot-and-done activity by security experts. It needs to be continuous, at the developer level.
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk..Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.