Threat-Driven Software Development: Defending online services from modern threat actors

— —

Michael Howard Lee Holmes

Threat-Driven Software Development

Name: Threat-Driven Software Development
Price: 156.55 AUD
Availability: PreOrder
ISBN: 9780135567388

Defending online services from modern threat actors

Michael Howard, Lee Holmes, Sherrod DeGrippo , Shawn Hernan

$183.95 $156.55

Paperback

Forthcoming
Pre-Order now

QTY:

English

Addison Wesley
02 July 2026

Computer certification; Network security; Artificial intelligence

Seasoned security leaders from Microsoft unveil a groundbreaking guide to threat-driven software development for defending online services from modern threat actors

Threat-Driven Software Development: Defending online services from modern threat actors is a practical, field-tested guide authored by Microsoft security leaders Michael Howard, Lee Holmes, Sherrod DeGrippo and Shawn Hernan. Drawing on decades of experience in threat intelligence, red teaming, and secure architecture at scale, the authors describe how to defend against what real adversaries actually do in the field and maps that knowledge through concrete engineering. Grounded in the Microsoft Secure Future Initiative (SFI), and threat intelligence, the book maps attacker behaviors to secure-by-design and secure-by-default principles, identity and secret protection, supply chain and engineering system hardening, isolation, monitoring and detection, and effective red team/response workflows. The book also shows how AI can be applied defensively; augmenting threat modeling, code review, threat detection and response, while helping software teams use AI to ship faster without compromising security. With concise, accessible chapters; each infused with real-world stories and threat intel, readers learn how to prioritize work against nation-state and criminal tradecraft, shape the defensive battlefield, and strengthen the human element. The result is a hands-on playbook that empowers developers and IT professionals to build resilient online services, measurably reduce risk, and stay ahead of modern threat actors.

About This Book

For software developers, security engineers, and technical leaders seeking a concise, threat-driven playbook to design, build, and operate online services that withstand modern threat actors For DevOps and cloud platform teams, architects, and IT professionals looking to prioritize fixes based on risk, harden supply chains and engineering systems, protect identities and secrets, deploy isolation and monitoring, and leverage AI safely

By reading this book, you will:

Learn how to adapt your systems to support Post Quantum Cryptography Learn how adversaries operate to drive concrete defensive decisions across design, coding, testing, deployment, and operations Harden your software supply chain and engineering systems, and improve open-source dependency hygiene Protect identities and secrets end to end, adopting phishing-resistant multifactor authentication, robust key management, and least-privilege access patterns Implement isolation and network guardrails that limit blast radius, contain lateral movement, and keep critical workloads protected Establish practical red teaming, incident response, and remediation workflows that create fast feedback loops and measurable risk reduction Understand how AI systems are attacked, how adversaries operationalize AI in real campaigns; including how to design, deploy, and defend AI-assisted software safely, as well as how to leverage AI defensively

By: Michael Howard, Lee Holmes, Sherrod DeGrippo, Shawn Hernan
Imprint: Addison Wesley
Country of Publication: United States
ISBN: 9780135567388
ISBN 10: 0135567386
Pages: 400
Publication Date: 02 July 2026
Audience: Professional and scholarly , Undergraduate
Format: Paperback
Publisher's Status: Forthcoming

Part 1 When Software Meets the Real World Ch 1 Understanding the Threat Landscape Ch 2 Security Is More Than One Team Ch 3 Why Microsoft Adopted SFI Ch 4 How Operational Security is Different Ch 5 Understanding the Terrain Ch 6 Controlling the Terrain Part 2 The Role of AI in Security Ch 7 AI Security Backgrounder Ch 8 How Threat Actors Use AI Ch 9 Defensive AI Ch 10 Security Engineering with AI Part 3 Threats to Systems Ch 11 Build and Engineering Systems Ch 12 Identities and Secrets Ch 13 Production Tenants and Systems Ch 14 Production Networks Ch 15 Monitoring, Detecting, and Alerting Ch 16 Response and Remediation Ch 17 Product Security Part 4 Learning from SFI An Implementation Playbook Ch 18 Crawl, Walk, Run: How to add Security Discipline Ch 19 Tracking and Quantifying Risk Ch 20 Reducing Risk Ch 21 Getting Ahead of Security Vulnerabilities Part 5 Some Final Thoughts Ch 22 Rethinking the Role of C and C++ Ch 23 Are We More Secure Today?

Michael Howard, Lee Holmes, Sherrod DeGrippo and Shawn Hernan, are recognized leaders in cybersecurity, threat intelligence and software assurance at scale, bringing more than 90 years of combined experience to this book. Michael, a Senior Director on the Red Team at Microsoft and coauthor of multiple security books, has spent decades driving vulnerability research and secure development practices, translating real world attacks into concrete improvements in software design and engineering. He is a co-host of the Azure Security Podcast. Lee is a Partner Security Architect within Azure, driving secure design, architecture, and operational practices across both Azure and Microsoft specialized clouds. Sherrod, Partner GM of Global Threat Intelligence at Microsoft, draws on 21 years across government and the private sector and has been honored as Cybersecurity Woman of the Year (2022); she also hosts the Microsoft Threat Intelligence Podcast. Shawn leads Azure security assurance and variant hunting organization and Azure DevSec, with hands-on expertise spanning security assurance and design, threat modeling, penetration testing, and vulnerability analysis. Together, they distill frontline experience into clear, actionable guidance for defenders and builders alike.