A Decade With Archie Agarwal: From MyAppSecurity to ThreatModeler Software Inc.

According to Archie Agarwal, CEO of ThreatModeler Software, Inc., when it comes to cybersecurity architecture, it is wise to plan and design with cybersecurity in mind. Taking a proactive approach at the beginning will save a lot of time and effort instead of doing it post-cyberattack. The repercussions for not having an effective information security program in place can put a tremendous strain on an organization’s bottom line and trajectory for success. ThreatModeler is an automated threat modeling platform that provides recommendations for securing against the potential threats along an organization’s attack surface.

Since 2010, Archie’s company has launched innovative threat modeling products that established ThreatModeler as a leading innovator in automation and securing cloud architecture. The Jersey City, New Jersey-based company removes the guesswork, and cost related to time and effort, enabling Fortune 5-1000 businesses to holistically map out an organization’s attack surface. The software is powered by the Threat Intelligence Framework, a library of threats from authoritative resources (OWASP, AWS, et al.) that are tied to the components within IT infrastructure. ThreatModeler further prescribes security requirements to mitigate security threats in real-time. Here, Agarwal details the journey of ThreatModeler over the years.

Cyberattacks Are a Real, Dangerous Threat to Businesses
The digital world is more active than ever as people and enterprises rely on technology to support their everyday lives. Sadly, the digital world is prone to cyberattacks, which can be damaging enough to steal the private, sensitive data of consumers, and take a business down in a split second. “Instead of dealing with it after such an attack, companies can be prepared well in advance,” says Agarwal, who has more than two decades of experience in security risk and threat analysis.

Agarwal’s ThreatModeler is the only automated platform of its kind to provide threat modeling automation and integration with leading cloud providers AWS and Azure. “ThreatModeler helps organizations to scale across an organization and provides a visualization feature that provides complete threat information for full IT stacks,” Archie continues. “It helps security architects, developers, and CISOs to get a full understand of the attack vectors – entry points along the attack surface where unauthorized users can gain entry and take further steps to access and compromise data.” With drag and drop ease, users can build out a simulation of IT architecture, and gain a full list of the threats that contribute to risk. With a list of mitigation steps, project managers can ensure proper steps are taken to address them.

ThreatModeler integrates with CI/CD toolchain solutions such as Jira, which can help to create IT issue tickets and assign them to the right party for fixes. With its bidirectional data flow, teams can keep updated on ticket statuses until they are completed and closed. provides Additionally, the platform provides approval touchpoints each step of the design, build and deployment stages, where users can send completed threat models to stakeholders, including CISOs, for validation and signoff.

Threat Modeling to Secure Business-Critical Workloads
ThreatModeler helps organizations to manage risk for web and mobile applications, IT infrastructure, networks and devices. It automates threat modeling activity for on-premise and cloud infrastructure.

ThreatModeler’s integration with Amazon Web Services (AWS) enables DevSecOps teams to build threat models of actual AWS cloud architectures to understand what is going on and keep abreast of any changes made to the environment. Take, for instance, the ThreatModeler Assist feature. As you add or make changes to the threat model diagram, ThreatModeler will automatically generate new tasks to complete to ensure your threat model accurately and completely represents the AWS architecture. Once the tasks are complete, teams can go in and implement the requirements need to secure the cloud environment.

Another notable ThreatModeler feature is the continuous monitoring for material changes in the Amazon Virtual Private Cloud (VPC). It thoroughly checks for newly placed or modified AWS resources through a drift feature that alerts users of the changes.

ThreatModeler continues to develop innovative ways to secure against threats that are new and emerging. “With ThreatModeler, we can help to address edge cases, such as in the case of IoT-embedded medical devices that rely on local data centers,” says Agarwal, who is a Certified Information Systems Security Professional (CISPP) with SANS GWEB certification. The engineering team has successfully created threat models that address security concerns tied to IoT-embedded medical devices.