- Published 7/9/2026
- 1st Edition
Seasoned security leaders from Microsoft unveil a groundbreaking guide to threat-driven software development for defending online services from modern threat actors
Threat-Driven Software Development: Defending online services from modern threat actors is a practical, field-tested guide authored by Microsoft security leaders Michael Howard, Lee Holmes, Sherrod DeGrippo and Shawn Hernan. Drawing on decades of experience in threat intelligence, red teaming, and secure architecture at scale, the authors describe how to defend against what real adversaries actually do in the field and maps that knowledge through concrete engineering. Grounded in the Microsoft Secure Future Initiative (SFI), and threat intelligence, the book maps attacker behaviors to secure-by-design and secure-by-default principles, identity and secret protection, supply chain and engineering system hardening, isolation, monitoring and detection, and effective red team/response workflows. The book also shows how AI can be applied defensively; augmenting threat modeling, code review, threat detection and response, while helping software teams use AI to ship faster without compromising security. With concise, accessible chapters; each infused with real-world stories and threat intel, readers learn how to prioritize work against nation-state and criminal tradecraft, shape the defensive battlefield, and strengthen the human element. The result is a hands-on playbook that empowers developers and IT professionals to build resilient online services, measurably reduce risk, and stay ahead of modern threat actors.
About This Book
- For software developers, security engineers, and technical leaders seeking a concise, threat-driven playbook to design, build, and operate online services that withstand modern threat actors
- For DevOps and cloud platform teams, architects, and IT professionals looking to prioritize fixes based on risk, harden supply chains and engineering systems, protect identities and secrets, deploy isolation and monitoring, and leverage AI safely
By reading this book, you will:
- Learn how to adapt your systems to support Post Quantum Cryptography
- Learn how adversaries operate to drive concrete defensive decisions across design, coding, testing, deployment, and operations
- Harden your software supply chain and engineering systems, and improve open-source dependency hygiene
- Protect identities and secrets end to end, adopting phishing-resistant multifactor authentication, robust key management, and least-privilege access patterns
- Implement isolation and network guardrails that limit blast radius, contain lateral movement, and keep critical workloads protected
- Establish practical red teaming, incident response, and remediation workflows that create fast feedback loops and measurable risk reduction
- Understand how AI systems are attacked, how adversaries operationalize AI in real campaigns; including how to design, deploy, and defend AI-assisted software safely, as well as how to leverage AI defensively
Table of Contents
Part 1 When Software Meets the Real World
Ch 1 Understanding the Threat Landscape
Ch 2 Security Is More Than One Team
Ch 3 Why Microsoft Adopted SFI
Ch 4 How Operational Security is Different
Ch 5 Understanding the Terrain
Ch 6 Controlling the Terrain
Part 2 The Role of AI in Security
Ch 7 AI Security Backgrounder
Ch 8 How Threat Actors Use AI
Ch 9 Defensive AI
Ch 10 Security Engineering with AI
Part 3 Threats to Systems
Ch 11 Build and Engineering Systems
Ch 12 Identities and Secrets
Ch 13 Production Tenants and Systems
Ch 14 Production Networks
Ch 15 Monitoring, Detecting, and Alerting
Ch 16 Response and Remediation
Ch 17 Product Security
Part 4 Learning from SFI An Implementation Playbook
Ch 18 Crawl, Walk, Run: How to add Security Discipline
Ch 19 Tracking and Quantifying Risk
Ch 20 Reducing Risk
Ch 21 Getting Ahead of Security Vulnerabilities
Part 5 Some Final Thoughts
Ch 22 Rethinking the Role of C and C++
Ch 23 Are We More Secure Today?
