Interview with John Steven

  • 21 March 2023
  • 0 replies

  • Anonymous
  • 0 replies

This is the first in a series of interviews with ThreatModeler employees, founders and community members.  Today we’ll learn more about @John Steven, our CTO:


Tell us a bit about yourself.

I am first and foremost a curious engineer. I enjoy tearing things down, understanding how they work, and improving them. I've rebuilt cars and motorcycles, homes, cocktails, and cocktail bars. Professionally, I've applied this to OSS and production software, hardware, security programs, and security startups. 

Quality and craftspersonship are the things I appreciate most. Studying and appreciating what others have been capable of crafting is a joy and I've devoted particular time to food, beverage, and software design. 

Finally, I'm a father of two boys. More than anything else in my life this is what provides me joy and purpose.

How did you come to work at ThreatModeler?

I have followed what Archie has been building at ThreatModeler since the beginning. At the time my firm was the largest consulting provider of Threat Modeling services. For years, I wasn't interested because I hadn't found that the practice could be effectively facilitated, let alone automated. 

ThreatModeler's ability to ingest and model infrastructure-As-Code, Cloud-configuration, and the other telemetry automatically changes the game. Engineering and security can now rely on a tool to do a reasonable amount of threat modeling busy work for them. This allows practitioners to actually focus on adversarial analysis and secure design. 

For me, and as a company, ThreatModeler is at an exciting stage. Likewise, the capabilities I described mean threat modeling -- as a practice -- is at an inflection point as well. In that context, I was thrilled to jump at this opportunity.      

What projects are you working on at the moment?

For me, it's important to always be learning. I'm writing a fair amount of Infrastructure as code and services. There are plenty of ways IAC expose organizations and the security tooling is in my opinion kludgy; I'm continually looking for better ways to secure this space. If it can be said that I'm focusing on different things, I'm playing with ASOC, DAST, and Supply Chain security tooling in addition to actively working on threat modeling challenges. 

What do you like to do in your spare time?

During COVID my older kid and I started cooking together and finished a cookbook. We did "Infant platings" for my then toddler. Now, he too participates. If I'm not working, coding, or playing with the kids, I'm cooking. 

Favorite quote, saying or motto?

There are so many incredible quotes I refer back to over time. I'll offer Guy de Maupassant's "I have coveted everything and taken pleasure in nothing." -- A quote that, for what it's worth, fits on an iPad as an engraving ;-)


Thanks for taking the time to share more about yourself, John!  If you liked what you read and want to hear more about what John has to say about threat modeling, join us this Thursday for our monthly Threat Modeling Community Office Hours webinar.

Register here.

0 replies

Be the first to reply!
