Security Architect | Threat Modeler | Thinkerer
I work at the intersection of engineering, security, and pragmatism — helping teams design, build, and maintain systems that can stand up to the real world.
My specialty is Continuous Threat Modeling (CTM) — weaving threat modeling into everyday development rather than making it a quarterly ritual.
“Threat Model Every Story.”
- Author and advocate of Threat Modeling as Code and CTM
- project leader, OWASP pytm
- Co-author of Threat Modeling: A Practical Guide for Development Teams with Matt Coles
- Speaker and contributor in the OWASP community and many other conferences worldwide
- Builder of tools and checklists to make security repeatable, not bureaucratic
- Exploring AI + secure SDLC, local LLMs (Ollama, Gemma-3), FAISS, LangChain
- Occasional Consultant
- co-host of "The Security Table" podcast with Chris Romeo and Matt Coles
| Repo | Description |
|---|---|
| continuous-threat-modeling | Reference implementation of CTM — lightweight, iterative TM-as-practice |
| OWASP pytm | A pragmatic checklist for shipping securely from the first commit |
| TM Skills | Bringing together CTM and OWASP pytm as an agent-led solution for threat modeling |
- LinkedIn: linkedin.com/in/izartarandach
- GitHub Discussions: open to CTM, threat modeling, and security automation chats