Watch the stream
As organizations scale, traditional security review models don’t. Centralized security teams become bottlenecks, threat modeling remains expert-only, and DevOps teams ship designs without structured security insight—creating compounding security debt. This talk shares how a security team at Ubisoft transformed threat modeling from a niche exercise into an everyday DevSecOps practice now spreading across multiple software development teams. We’ll walk through the real transformation journey: engaging leadership to recognize the limits of centralized security, designing a shift-left strategy centered on practitioner ownership, and embedding threat modeling from theory into sustained practice. Beyond mechanics, this session explores the human side of scale: driving adoption without mandate fatigue, selling the "what's in it for me?", and enabling managers and teams to own security outcomes. You’ll leave with practical lessons, adoption patterns that worked (and failed), and a realistic roadmap for scaling threat modeling in large software organizations—without scaling your security team.
Kristine Barbará Director, Security Engagement & Awareness, Ubisoft Entertainment
Kristine Barbara is a security transformation leader at Ubisoft, focused on making security part of how software and games are built—not an afterthought. She has led global programs spanning security culture and behavior change at scale, blending change management and community enablement. Known for turning complex risk into actionable practice, Kristine helps teams adopt fundamental security practices across global teams.