DeepSec 2025 Training: Becoming the Godfather of Threat Modeling – Mike van der Bijl
In the world of cybersecurity, there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move, you can take control and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy.
Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately, you won’t only understand threat modeling—you’ll lead it with confidence.
Join Mike in the family business, hone your expertise and become the Godfather of Threat Modeling. In this game only the wise and the prepared will survive.
We asked Mike a few questions about his training.
Please tell us the top 5 facts about your training.
1. Comprehensive Threat Modeling Mastery
This workshop offers a comprehensive understanding of threat modeling fundamentals, equipping participants with the knowledge to identify, assess, and mitigate security risks throughout the software development lifecycle, including in agile environments. It delves into methodologies like STRIDE and PASTA, teaching how to apply them effectively to enhance application security
2. Designed for Cross-Functional Teams
This training emphasizes the importance of collaboration among security, development, and operations teams. This workshop is set up in such a way that any role — whether you’re a developer, architect, or security engineer can actively contribute to the secure system design.
3. Engaging, Story-Driven Approach
By using storytelling, the session keeps the participants engaged and inspired. This storytelling technique helps to make complex ideas more relatable and memorable to apply them in real-life situations.
4. Fits Agile and Modern Dev Environments
The workshop emphasizes how to integrate threat modeling into Agile, DevOps, and CI/CD pipelines. This ensures that participants can embed security without slowing down development velocity.
5. Ready-to-Use Tools, Frameworks, and Tips
Participants will be introduced to practical tools and lightweight frameworks that they can use immediately, even teams with limited security resources. Attention will also be paid to “Threat Modeling as Code” to support automation and scalability.
How did you come up with it? Was there something like an initial spark that set your mind on creating this training?
Threat modeling is my favourite part of my job. It’s where creativity, technical thinking, and imagination come together. What I enjoy the most is getting into the mind of an attacker and figuring out how someone can compromise a system, steal data, or cause disruptions without needing the necessary hacking skills. This makes it so accessible: anyone can do it, not just security experts. Over the years I’ve seen so many teams struggle with threat modeling. They often see it as a burden that slows down their development process instead of adding value. That’s unfortunate, because when it’s done right, threat modeling is not only incredibly valuable but it’s also a lot of fun. The brainstorming, the scenarios, the “what-if” thinking – it can be one of the most engaging parts of building (secure) systems. This inspired me to create this workshop. I want to show teams that threat modeling doesn’t have to be difficult or slow and that it actually can be integrated smoothly into their existing way of working. More importantly, I want to help them to see the value and show them it is not only valuable in terms of security but also improves collaboration, understanding and decision-making across a team. This training is my way of sharing that passion and removing the fear or friction around threat modeling and turning it into a practical and empowering skill for every team.
Why do you think this is an important topic?
Threat modeling is a great way to incorporate security into the earlier phases of SDLC and build things right from the start. When you start developing, you have to make time for security; otherwise, you will never do it. There will always be something more urgent. Taking action at an earlier stage prevents teams from encountering costly problems later on and ensures that security is not an afterthought in projects.
Is there something you want everybody to know – some good advice for our readers maybe?
Security isn’t just a checklist; it’s a mindset. You don’t need to be a security expert to recognize potential risks or ask smart questions. Just take a step back and ask yourself: “What could go wrong?” That simple habit can make an enormous difference in building safer and smarter systems.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / The topic of your training in particular?
AI is playing a role in automating parts of threat modeling. While this is an exciting development, it also carries risks. In my opinion, no AI can replace a good human-led threat modeling session because we currently cannot automate things that require human intelligence. The real power of threat modeling lies in getting teams to think critically, challenge assumptions, question design choices, and understand risks. If we fully automate threat modeling, we risk losing the reflection. Features may be added without asking “should we?” instead of just “can we?”. This could lead to unnecessary complexity and missed risks. AI can support the process, but humans must remain involved to keep systems secure and sane.
My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force.
For me, security resembles solving a 10,000-piece puzzle that’s been turned upside down. You understand the end goal, yet you’re uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, causing me to consistently bridge different disciplines within technology. Whether it’s simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me.
I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.