Welcome to ISAUnited's Security by Design Program
At ISAUnited, we believe security starts at the foundation—during the design phase. Security by Design (SbD) ensures that security isn't an afterthought but a critical part of the creation process from the beginning. Whether you're a software developer, product manager, project manager, or part of upper management, our SbD division is designed to empower you with the knowledge, tools, and strategies to embed security at every step of the development lifecycle.
1
Secure Development Life Cycle
Security by Design practitioners guide the implementation of a Secure Development Life Cycle (SDLC). This involves:
-
Defining security requirements early in the project
-
Conducting threat modeling during the design phase
-
Implementing secure coding practices and performing code reviews
-
Carrying out security testing throughout the development
-
Ensuring secure deployment and ongoing maintenance
2
Threat Modeling and Risk Assessment
A key responsibility is leading threat modeling sessions and risk assessments:
-
Identifying potential threats to the system
-
Analyzing the impact and likelihood of these threats
-
Prioritizing risks based on their potential impact
-
Developing mitigation strategies for identified risks
-
Documenting findings and recommendations for stakeholders
3
Security Culture and Training
Security by Design practitioners play a crucial role in fostering a security-centric culture:
-
Developing and delivering security awareness training for different roles
-
Creating guidelines and best practices for secure development
-
Mentoring team members on security principles and practices
-
Promoting the importance of security in all aspects of product development
-
Facilitating communication between security teams and development teams
About our SbD Division
At ISAUnited’s Security by Design division, we believe that security is not an afterthought—it’s the foundation of innovation. This division is dedicated to embedding security principles into every stage of the design process, ensuring systems are built to be resilient, scalable, and adaptable from the beginning. Whether a product manager, system designer, or engineer, you’ll find resources, frameworks, and a community passionate about creating secure solutions that align with business goals. Explore how you can contribute to a future where security is seamlessly integrated into every layer of innovation.
Meet the Dean of SbD
Introducing Michael Mendez, Master Fellow and Advisory Board Member for 2025.
Michael Mendez is a highly accomplished cybersecurity threat modeler and intelligence expert with over 15 years of experience in cybersecurity, intelligence operations, and adversary analysis. His expertise spans strategic and tactical intelligence, offensive security, and countermeasure development, where he has played a pivotal role in defining adversary tactics, techniques, and procedures (TTPs) and enhancing cyber defense strategies.
Before entering the private sector, Michael honorably served in the United States Air Force for eight years as an Intelligence Analyst within the 497th Operations Support Squadron. He directly supported counterterrorism operations, strategic intelligence missions, and cyberspace operations as a team lead. His role required deep expertise in adversary communications, cyber threat monitoring, and intelligence-driven risk assessments to support tactical units and senior military commanders in conflict zones.
As a Master Fellow and advisory board member of ISAUnited.org, Michael applies his extensive intelligence and cybersecurity expertise to advance security architecture and engineering practices. His contributions include guiding research on adversary-centric threat modeling, strengthening defensible cybersecurity standards, and mentoring professionals to enhance security resilience across industries.
ISAUnited.org proudly advocates for engineering education while recognizing military service as a path to cybersecurity and security engineering excellence. Michael’s military background and intelligence experience exemplify veterans' critical role in shaping modern cybersecurity methodologies and defensive strategies.
Please join us in welcoming Michael Mendez as a valued leader and contributor to the ISAUnited.org community.
Designing Security Into Every Layer of Innovation.
Core Focus:
Embedding security principles into the earliest stages of system design. Ensuring scalable, resilient, and adaptable designs.
Key Initiatives:
Development of the Cybersecurity Design Model (CDM). Guidance on aligning security requirements with business goals.
Engagement:
Join working groups on secure-by-design frameworks. Participate in workshops or contribute case studies.
Future Vision:
Establishment of a Secure-by-Design certification program.
SECURITY FIRST
Ready to Embed Security in Every Step?
No matter your role, Security by Design empowers you to build secure, resilient products from the ground up. Join us at ISAUnited and start embedding security into your workflows, ensuring every project, product, and piece of software is secure by design.
Who is Security by Design for?
If you're a software developer:
-
How to write secure code and implement secure design patterns
-
Threat modeling and secure architecture principles
-
Best practices for ensuring security at every stage of development
If you're in product management:
-
Strategies for incorporating security as a core product feature
-
Prioritization of security requirements alongside functionality
-
Insights on regulatory impacts (e.g., GDPR, HIPAA) and compliance from day one
If you're a project manager:
-
How to integrate security into your project roadmap without slowing down delivery
-
Managing security risks and collaborating effectively with security teams
-
Balancing innovation with secure, responsible delivery timelines
If you're in management:
-
The business case for Security by Design: cost savings, risk reduction, and ROI
-
Guidance on fostering a security-conscious culture across teams
-
Key metrics and tools to track the success of your SbD initiatives
