#Japan #Tokyo #Security Initiative #Secure Modeling #Threat Modeling

New Beginnings in Software Security

In the rapidly evolving field of software and system development, security is now recognized as a fundamental aspect that must be integrated right from the design phase. As organizations move away from traditional reactive approaches to security, which only come into play after a system has been developed, a proactive method—known as "Secure by Design"—is gaining traction. This shift has prompted Security Initiative Co., Ltd. to announce its new subsidiary, Secure Modeling, which is designed to enhance this aspect of development.

Importance of Security from the Ground Up

Security Initiative, headquartered in Japan and led by Takaharu Ogasawawa, has been deeply involved in supporting numerous companies through penetration testing and security consulting. Recognizing the increasing demand for security support during the design phase—especially centered around threat modeling—the company aims to strengthen its capabilities by establishing Secure Modeling. This new subsidiary will primarily focus on integrating security measures throughout the development process.

A Collaborative Approach to Security

Secure Modeling is set to emphasize collaboration among various stakeholders, including developers, designers, and business professionals. By prioritizing a holistic approach to security, the company aims to contribute significantly to elevating the overall security maturity of organizations. The mission extends beyond implementing security as an afterthought, highlighting the crucial role of early integration.

Services Provided by Secure Modeling

Secure Modeling will operate in several key areas, including:

• - Support for Threat Modeling Implementation and Practice: Building a robust threat modeling framework that organizations can adapt and execute effectively, enabling them to identify potential risks during the design phase.
• - Consulting for Secure by Design Practices: Offering expertise to ensure that security considerations are embedded throughout the design process, helping companies to create secure systems from the outset.
• - Security Education and Training: Providing comprehensive training for teams to foster a culture of security awareness and competence among all personnel involved in the development lifecycle.
• - Assistance in Integrating Security into Development Processes: Guiding organizations on how to weave security into their existing processes, ensuring that it becomes a seamless part of their development workflows.

Importantly, Secure Modeling will not take control of threat modeling initiatives but will focus on empowering teams to be self-sufficient in this area, promoting in-house capabilities and knowledge.

Leadership and Expertise

At the helm of Secure Modeling is Takaharu Ogasawawa, a seasoned professional in penetration testing and security consulting with over a decade of experience dedicated to improving security quality within applications. Armed with multiple GIAC certifications—GXPN, GWAPT, GPEN, GCFA—Ogasawawa also spearheads the Threat Modeling Connect Tokyo chapter and is involved with OWASP as a chapter leader.

Additionally, Loren Kohnfelder, Technical Advisor at Secure Modeling, brings invaluable experience as a pioneer in software security and threat modeling. Known for his contributions during his time at Microsoft, including being one of the developers of the threat modeling method "STRIDE," Kohnfelder's expertise is backed by significant contributions to internet security and secure design principles.

Future Aspirations

The future aims of Secure Modeling include striving for practical and actionable threat modeling techniques that involve multiple perspectives from stakeholders. They envision a world where security is not merely a compliance requirement but a cornerstone of software development, creating a safer digital environment for everyone.

In summary, the establishment of Secure Modeling signifies a commitment to advancing the integration of security within the software development lifecycle, making secure design a priority for organizations moving forward.

For more information, visit Secure Modeling's official website.