Threat Modeling by Design
As the year drew to a close, the TMC Toronto Chapter organized one of its most valuable knowledge-sharing events to mark the final gathering of the year. Held on November 19, 2025, the event brought together attendees, speakers, and organizers in a setting that felt less formal and more conversational, encouraging open dialogue and participation. During the Q&A session, many audience members shared their thoughts and experiences freely, adding even more richness to the discussion.
Opening Remarks
Owen Tang opened the event by introducing the TMC Toronto Chapter and the broader TMC community. He then invited the speakers to take the stage, one by one.
Talk 1: Intelligent DevSecOps with AI
Sumit Giri, PhD kicked things off by presenting a practical use case on leveraging large language models (LLMs) to translate security scan findings into language understandable to non-technical stakeholders. He walked through an implementation where a SAST scan report is generated during an AWS build pipeline, stored in an S3 bucket, and then sent to LLMs (GPT and Claude) for summarization into layman-friendly language. The final output is then delivered directly to a Slack channel. This end-to-end demonstration clearly showed how AI can help bridge the gap between technical security findings and business understanding.
TMC - Intelligent DevSecOps AI Pipeline.pdf (5.0 MB)
Talk 2: Threat Modeling Tools Comparison
Rabia Bajwa followed with a detailed, side-by-side comparison of three threat modeling tools: (1) IriusRisk, (2) OWASP Threat Dragon, and (3) ThreatModeler. This topic has been highly requested by attendees of past events, and the TMC platform proved to be an ideal space to explore it in depth. Rabia delivered a comprehensive comparison, highlighting key features along with the pros and cons of each tool. She did full justice to this much-anticipated topic. Many in the audience were pleasantly surprised to learn that some threat modeling tools can integrate directly with major cloud providers, automatically ingest application architecture, and generate an initial threat model. It was one of the most informative and insightful talks of the evening.
TMC Chapter Events - Rabia_19Nov05.pdf (3.7 MB)
Quiz Competition & Prizes
Following the presentations, it was time for a well-planned quiz competition. The TMC Toronto Chapter had pre-announced that there would be a quiz at the end of the talks, with prizes for the top five winners. Special thanks go to Sam Bhagwat for generously providing copies of his book, Principles of Building AI Agents, as gifts for the winners.
Nour Mousa led the quiz session, which saw enthusiastic participation from attendees. The quiz flow was smooth, and participants had sufficient time to respond to each question in the slide-based quiz. At the end, Nour presented the books to the top five winners.
Closing Remarks
Jamil Ahmed, TMC Toronto Chapter Leader, then shared a few closing thoughts. He emphasized that the TMC Toronto Chapter is committed not just to organizing events, but to building a well-connected cybersecurity community that stays engaged long after each event concludes. Jamil also announced that the next event will take place on January 21, 2026.
Networking & Refreshments
The evening wrapped up with a networking and refreshments session, where attendees continued their conversations, exchanged ideas, and strengthened connections within the local cybersecurity community.
