I have directly involved in application security since 2003 when I enhanced the Microsoft SDL to use with my customers' growing Agile projects. I also started using the Microsoft Threat Modeling process actively at this point and have been building my process over many years to adapt to new software development workflows.