Threat Modeling Intro
An overview of Threat Modeling, with an example to get started.
Senior AppSec Product Manager × AI
Joel Holmes is a Senior AppSec Product Manager at Scotiabank, working at the intersection of product development, AI, and application security. He's spent a decade building solutions — first at Rocket Mortgage, now at Scotiabank — and writes here about what actually works in practice.
Joel uses his AppSec experience to apply AI to threat modeling, risk prioritization, key metrics, and vendor evaluations. He capably translates between security engineers and business stakeholders to find common ground, and he's been doing it long enough to understand where the pitfalls are on each side.
In 2023, Rocket Mortgage named him an "Innovator and Disruptor" for how he built a culture of learning on his teams.
Experience
Over a decade across security, product, engineering, and support.
Product Management - Senior AppSec Product Manager
Scotiabank
Nov 2024 - Present
Created clear product requirements, captured process workflows, designed user interfaces, and managed 3 vendor relationships to expand 2 AppSec programs across Scotiabank. Defined security policies, processes, and metrics to satisfy internal audit and regulatory requirements.
Product Management - Senior Product Owner/Product Manager
Rocket Mortgage
Feb 2019 - Aug 2023
Managed 3 products over 4 years that provided visibility into AppSec/CloudSec risks for software engineers and technology leaders. Managed a custom OAuth management portal to enable authorization/authentication best practices. Migrated products from on-premise to Cloud/Kubernetes infrastructure. Helped define and implement secure software development lifecycle standards.
Engineering Team Leadership - Team Lead, Systems Intelligence
Rocket Mortgage
Apr 2017 - Feb 2019
Formed a new team, led 7 engineers, and launched a new observability platform within 1 year that provided visibility into critical infrastructure and services. Used open-source components (Telegraf, InfluxDB, Grafana) which provided faster feedback during incidents and saved over $1m annually.
Support Team Leadership - Team Lead, Internal Helpdesk
Rocket Mortgage
May 2014 - Apr 2017
Led and mentored a team of 13 tech support specialists supporting 10,000+ internal users for 3 years. Developed career plans that led to 11 promotions. Participated in tabletop exercises and refined processes as part of the IT Emergency Response team. Coordinated incident response, mitigated impact, and performed root cause analysis to prevent future incidents.
Customer Support - Senior Technical Support Specialist
Rocket Mortgage
Sep 2013 - May 2014
On-boarded and trained 10 new team members. Updated internal documentation, provided advanced support and coached new team members to work independently and gain confidence.
Skills
Adaptability
Comfortable in fast-moving environments. Stays steady when things go sideways. Open to being wrong.
Collaboration
Listens more than talks. Builds trust across teams that don't always agree on priorities.
Communication
Writes clearly, talks clearly. Can explain a CVE to a CISO or a product vision to an engineer without losing either.
Continuous Improvement
Rarely satisfied with how things are. Seeks feedback, makes changes, measures whether they worked.
Strategic thinking
Thinks in systems and timelines. Builds roadmaps that tie security work to business outcomes.
Engineering expertise
Has built and run systems, not just managed them. Comfortable architecting, deploying, and securing applications in cloud environments.
Certifications
Credentials earned along the way.
Certified Information Systems Security Professional (CISSP)
ISC2
Oct 2023
Confirms technical knowledge and experience to design, engineer, implement, and manage the overall security posture of an organization.
Certified Kubernetes Administrator (CKA)
The Linux Foundation
Nov 2020
Demonstrated the skills, knowledge and competencies to perform the responsibilities of a Kubernetes Administrator.
Demonstrated proficiency in Application Lifecycle Management, Installation, Configuration & Validation, Networking, Scheduling, Security, Cluster Maintenance, Logging / Monitoring, Storage, and Troubleshooting.
AWS Certified Solutions Architect - Associate
Amazon Web Services
May 2018
Demonstrated the ability to build secure and robust solutions using architectural design principles based on customer requirements.
Certified SAFe 4 Scrum Master
Scaled Agile, Inc.
May 2018
Demonstrated competency for integrating Scrum practices into an organization, including using Scrum and Kanban to facilitate team events, support program execution, and coach Agile teams.
ITIL Foundation in Service Management v3
PeopleCert
Feb 2016
Demonstrated a foundational understanding of service management for IT and digital service delivery, including the key ITIL concepts, principles, and terminology.
Bachelor of Commerce Degree, BCom (Honours)
University of Windsor
June 2008
Demonstrated competence in a wide range of managerial skills with an advanced specialization in business marketing.
Awards
Innovators and Disruptors
Rocket Mortgage
2023
Recognized leaders who set a consistently high bar for cross-team collaboration and innovation at Rocket Mortgage.
Explore blog posts
View all posts »Practical writing on using AI for AppSec PM work, scaling security programs, and security fundamentals for engineers.
Merry Hack-mas!
A post about Christmas and the TryHackMe Advent of Cyber 2023 competition.
hello, world
Discover the classic computer program 'hello, world' and by extension, 'hello, internet' for this website.
Resources for New Leaders
Top resources I've found as a leader that I recommend to new leaders.