When Wiley asked me about a technical editor for Threat Modeling: Designing for Security, I had a long list of requirements. I wanted someone who could consider the various scenarios where threat modeling is important, including software development and operations. I wanted someone who understood the topic deeply, and had the experience of teaching threat modeling to those whose focus isn’t security.
More, I wanted someone who I respected for their depth of experience, where I wouldn’t be tempted to ignore comments which were tough to address or required me to rewrite a chapter late in the process.
And Chris Wysopal was the perfect guy for that. His background includes time at the L0pht, so he knows how to think like an attacker. While he was at @Stake, he delivered threat modeling as a consultant, and helped companies (including Microsoft) learn to threat model. And at his most venture, Veracode, he’s bringing secure development technology and services to a wide range of companies.
So I’m thrilled that we were able to work together on this book.