Enhancing Cybersecurity Competencies of Software Engineers Through Threat Modeling Automation: A Micro Case Study

Abstract

The key human competence in the AI era is the ability to accurately interpret and effectively utilize uncertain outcomes generated by intelligent information systems. This often requires a shift from manual to automated approaches to task-solving. The work addresses the challenge of demonstrating the effectiveness of new technologies through comparative analysis within a small focus group. Cybersecurity is used as an example, in particular, the automation of threat modeling of cloud-based computer systems performed by software engineers in the early stages of system development. The micro case study demonstrates that the employed threat modeling framework significantly improves efficiency compared to the manual approach (on average, 89% of automatically generated threats were accepted and modeling time was reduced sevenfold). The results facilitate early adoption of new technologies, which may be a competitive advantage for businesses.