Submit to your local DSC chapter CFPSubmit now!


The North Star: Risk-driven security

with Jonny Tyers


In this session Jonny shows you how to get ahead of the curve on security. He shows our audience how to find risks and vulnerabilities in the code they write and the architectures they build. Jonny will introduce risk-first threat modelling, using business risk as the north star to drive out the threats that really matter. The end result? A clear understanding of your most important weaknesses and where to focus on next, and a model that you can take to anyone in the business to get buy-in, funding, and support for your risk-reduction efforts. Threat modelling is quick, easy to pick up, and provides lasting security benefits for your team and your systems, and is practical to introduce at any point in the lifecycle of a system. At the end of this session the audience will be equipped with a modern, flexible and simple method for finding and reducing security risks, connected to the business and easily explainable to other teams, and they’ll know how they can get started.

Join the Community!

If you haven’t joined the Discord community, please do so! You can find us on Discord at:


Jonny Tyers

Pragmatic cloud security for tech businesses

About Jonny Tyers

As a former teenage hacker, Jonny has always had a keen interest in security. He’s worked in software since the 2000s, as engineer, project lead, security architect and advisor to CISOs and CTOs.

He has worked with major UK brands including banking, e-commerce, internet-of-things, medical research and UK Defence. The data in his care has spanned from national secrets to the nation’s payment plumbing and his clients’ most sensitive intellectual property assets.

Jonny works with tech businesses who prize pragmatic security. A fan of keeping things “as simple as possible, but as complex as necessary,” Jonny applies simplicity to all his work to aid teaching and communicating.

He’s also no stranger to detail, keeping his hands dirty with his own coding daily and can speak authoritatively on the technical nitty-gritty of security as well as the high-level business view.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy