IriusRisk is a cybersecurity company that uses automation to evolve threat modeling from a slow and manual security process, often still done on whiteboards, to an easy-to-implement practice that can be applied consistently across an organization’s product portfolio and security -by design creates , on a scale.
Simply put, threat modeling helps companies visualize the risks in their product early in the design phase of the software development lifecycle. It provides security and engineering teams with a list of threats and detailed countermeasures to address the vulnerabilities they may encounter before and during development. This results in time and cost savings by freeing security architects from pre-emptive threats and speeding deployment for technicians. With a more iterative approach to development and security, IriusRisk is able to remove all communication and process barriers between security and engineering teams that often bottleneck security testing and costly re-development work.
Typically, 50% of security vulnerabilities are caused by product design flaws. We help companies ensure products aren’t distributed with these high-risk threats that would require post-production fixes and, crucially, catch the bugs that application scanning tools just can’t find. As a result, our customers are able to design safer, more resilient products that protect their assets, their reputations and their customers.
How did you come up with the idea for the company?
Stephen de Vries – with whom I co-founded IriusRisk – and I worked together at a cyber consultancy. The focus was on penetration testing – also known as ethical hacking – an exercise aimed at cracking companies’ cybersecurity defenses and reporting what vulnerabilities we found in the process.
Something changed for me when we got a call from a company that wanted to conduct penetration tests on three applications that they would be developing in the near future. We were very busy at the time and we knew we’d be even busier when the applications were fully completed in six months, so we thought it would be useful to talk to the developers before they even start coding . Stephen and his team knew before they even wrote a line of code what potential threats they would unknowingly introduce! Given that developers aren’t typically trained in security, this is perfectly normal.
Six months later, when the pentest applications were sent to us, there were 50% fewer vulnerabilities than usual. And so the idea for IriusRisk was born: we would create a platform that would automate security into the design process.
How has the company performed during the pandemic?
During the pandemic, as the world turned to the internet, we saw more organizations and businesses pay more attention to their cybersecurity practices, and we onboarded clients from around the world. Currently, our customers are mainly from the US and UK, but we also serve the Middle East and Australia.
As a result, we’ve been busier than ever and our team has grown, hiring 25 new employees. Many employers will know that it’s very difficult to hire talent right now, and we recognize that like most scale-ups, IriusRisk can’t pay as much as big tech companies, so we spoke to our tech team to hear , what you want. The conversation led to a major restructuring with the creation of a four-day workweek for the development team, a policy so popular that we received ten CVs within 48 hours of its announcement – and have received many more wonderful CVs since .
What can we expect from IriusRisk in the future?
We want our threat modeling platform to be the resource hub for developers worldwide. Threat modeling is now relatively new in terms of widespread adoption, but will no doubt become mainstream in a few years as the benefits of shifting security in the product development lifecycle become more apparent. As we continue to improve our product, we want to focus more on developers and make sure our work fits into the development process as easily as possible.
We’ve started embedding regulatory and industry-specific standards into our platform, making it a comprehensive one-stop shop that developers can integrate into their development process without thinking that what they’re doing conforms to existing regulations and standards.
IriusRisk is still growing and showing no signs of slowing down. We are opening offices in Australia and Germany in the next few months and our next target region is APAC where there is a high demand for a solution like ours.
https://techround.co.uk/interviews/cristina-bentue-iriusrisk/?utm_source=rss&utm_medium=rss&utm_campaign=cristina-bentue-iriusrisk Meet Cristina Bentué, COO and Co-Founder of Cybersecurity Company: IriusRisk