Press Release : Methods and IriusRisk partner to deliver automated threat modelling for public sector software

By Methods19 January 2022

Our partnership will drive hybrid cloud transformation in software by enabling security as a continuous service.


19th January 2022: Automated threat modelling company IriusRisk has partnered with Methods , the leading public sector digital transformation consultant to deliver embedded threat modelling to improve the security of public sector services. The partnership has already seen two out of the five top public sector bodies incorporating IriusRisk threat modelling capabilities into their service offerings.

The partnership allows Methods to offer threat modelling and DevOps for UK government and public sector applications. Continuous threat modelling of applications and Cloud Services means that security is upheld as a continuous service, vastly reducing the risk of software vulnerabilities that could be exploited. This includes architectural design, analysis and threat modelling consulting service capabilities based around the IriusRisk Threat Modelling Platform. With IriusRisk, public sector organisations are also able to investigate and quantify inherent legacy risks in existing software through automated threat modelling, driving and informing remedial security programs to update key public sector services.

Methods will also use IriusRisk as a basis for education and awareness programmes on cyber security threats, assisting public sector organisations in building their own threat modelling capabilities – including tools, training and ongoing access to key threat intelligence.

Methods will be making their threat modelling ‘portfolio’ available via the Crown Commercial Service – Tech Services 3 framework – enabling UK public sector organisations to procure through the approved government frameworks – thereby qualifying IriusRisk as a UK Government approved supplier.

Gareth Jones, Chief Information Security Officer at Methods said:

“Threat modelling has become an increasingly important part of our S-SDLC process as it is recognised as one of the most effective approaches to reduce cyberattacks and costly redevelopment. Our approach is tailored to each customer, supported by national and international standards that address systemic risks. The evolution of threat modelling has moved from being a manual time-consuming process to adopting automated tools which speeds up secure application development and release software faster.

Using IriusRisk helps enable the implementation of security into software design, without requiring DevOps engineers to completely re-train as security professionals. In practice, threat modelling has the potential to change the relationship between developers and security professionals and create the ultimate goal of DevSecOps, a truly cross-functional team.”


Commenting on the partnership CEO and co-founder of IriusRisk Stephen De Vries said:

“We are delighted to be partnering with Methods, who are a leader in public sector digital transformation. The public sector is acutely vulnerable to security risks and this partnership with Methods will mean that these organisations are able to feel confident not only in the security of their software products from the offset, but throughout their life cycles. We are excited to see our threat modelling services rolled out throughout the public sector, allowing threat modelling to become embedded in software design from the earliest stages”


About Methods

Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. We are passionate about the work we do and transforming services for citizens. We apply our skills in innovation and collaboration from across the Methods Group, to deliver end-to-end business and technical solutions that are people-centered, safe, and designed for the future.

About IriusRisk

IriusRisk is the industry’s leading threat modelling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start – using its powerful threat modelling platform.

Whether teams are implementing threat modelling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.