Threat-Driven Software Development: Defending online services from modern threat actors

Seasoned security leaders from Microsoft unveil a groundbreaking guide to threat-driven software development for defending online services from modern threat actors

Threat-Driven Software Development: Defending online services from modern threat actors is a practical, field-tested guide authored by Microsoft security leaders Michael Howard, Lee Holmes, Sherrod DeGrippo and Shawn Hernan. Drawing on decades of experience in threat intelligence, red teaming, and secure architecture at scale, the authors describe how to defend against what real adversaries actually do in the field and maps that knowledge through concrete engineering. Grounded in the Microsoft Secure Future Initiative (SFI), and threat intelligence, the book maps attacker behaviors to secure-by-design and secure-by-default principles, identity and secret protection, supply chain and engineering system hardening, isolation, monitoring and detection, and effective red team/response workflows. The book also shows how AI can be applied defensively; augmenting threat modeling, code review, threat detection and response, while helping software teams use AI to ship faster without compromising security. With concise, accessible chapters; each infused with real-world stories and threat intel, readers learn how to prioritize work against nation-state and criminal tradecraft, shape the defensive battlefield, and strengthen the human element. The result is a hands-on playbook that empowers developers and IT professionals to build resilient online services, measurably reduce risk, and stay ahead of modern threat actors.

About This Book

• For software developers, security engineers, and technical leaders seeking a concise, threat-driven playbook to design, build, and operate online services that withstand modern threat actors
• For DevOps and cloud platform teams, architects, and IT professionals looking to prioritize fixes based on risk, harden supply chains and engineering systems, protect identities and secrets, deploy isolation and monitoring, and leverage AI safely

By reading this book, you will:

• Learn how to adapt your systems to support Post Quantum Cryptography
• Learn how adversaries operate to drive concrete defensive decisions across design, coding, testing, deployment, and operations
• Harden your software supply chain and engineering systems, and improve open-source dependency hygiene
• Protect identities and secrets end to end, adopting phishing-resistant multifactor authentication, robust key management, and least-privilege access patterns
• Implement isolation and network guardrails that limit blast radius, contain lateral movement, and keep critical workloads protected
• Establish practical red teaming, incident response, and remediation workflows that create fast feedback loops and measurable risk reduction
• Understand how AI systems are attacked, how adversaries operationalize AI in real campaigns; including how to design, deploy, and defend AI-assisted software safely, as well as how to leverage AI defensively