Today we are joined by Ayhan Tek, VP of Information Security at Cyber Electra, to talk about how a security practitioner can help support compliance related security activities in software development. In order to make threat modeling scalable, the cross-functional nature of software development needs to extend beyond data flow diagrams into the business realm. Once in the business domain, the discussion turns toward risk. The long-term value of threat modeling, therefore, is in its ability to contribute toward risk assessments that will enable non-technical stakeholders to make informed decisions about security investments.