In May of 2023, I attended a fantastic talk at OWASP Newcastle by Robin Fewster describing different threat modelling approaches and how to get development team buy-in.
I’d always been interested in the topic and wanted to try it out; this talk was the spark that ignited me to try adopting the practice at One Utility Bill.
One Utility Bill is a fast moving start-up with around 15 engineers, and we were able to apply threat modelling at multiple different stages of our SDLC without it getting in the way of delivery!
I decided to write a pragmatic guide detailing our journey to help any other security conscious start-up or SME wanting to do the same.
At a more meta level, this is a guide on how to roll out any sort of new process change.
Head over to the OUB Engineering Blog to see it in full!
Comments