The 90DaysOfDevOps community invited Jonny Tyers to present as part of their 2024 programme. His session — Day 42 — covered risk-driven security: how to find the threats that actually matter and build security work around those rather than working backwards from a compliance checklist.
About the session
90DaysOfDevOps is a community learning initiative where practitioners from across the industry contribute sessions over 90 consecutive days, covering the breadth of modern DevOps and DevSecOps practice. Jonny's slot sat in the security track, tackling one of the most common failure modes in developer security programmes: doing a lot of security work without a clear sense of what risk it's actually reducing.
What it covered
The session walked through how to identify real risks in the code you write and the systems you build — using threat modelling as the practical mechanism for deciding where to focus. The core argument: getting ahead of the curve on security is less about tool coverage and more about understanding your actual attack surface.
Jonny showed the audience how to move from "here is everything that could theoretically go wrong" to "here is what we should fix first and why" — a shift that makes security work both more effective and easier to justify to the rest of the business.
The full recording is available on YouTube.
About 90DaysOfDevOps
90DaysOfDevOps is a community-driven project that publishes 90 days of content from practitioners across DevOps, platform engineering, and security. It has become one of the most widely followed learning resources in the space.
Jonny founded Threatplane in 2017. With a background in offensive security, he has spent 15+ years helping organisations across defence, financial services, healthcare, and manufacturing understand and manage their technology risks.
Full bio →