Tuesday Apr 19, 2022
EP 3 - Shostack + Associates Adam Shostack: 4 Question Framework For Simple Threat Modeling
Most people think about threat modeling as an extensive, costly and heavyweight exercise. But what if it didn’t have to be? What if threat modeling could be as easy as asking and answering a few simple questions?
In today’s episode, we speak with Adam Shostack about his simple four-question threat modeling framework. Adam’s framework was developed based on 20+ years of threat modeling experience ranging from startups to more than a decade at Microsoft. He believes deeply that organizations must rethink their approach to threat modeling. In this episode, Adam walks through his framework and teaches us how we should all be approaching threat modeling.
Topics discussed in this episode:
- Why threat modeling shouldn’t only be for organizations with large teams of application security engineers.
- How to bridge the gap between the security team focused on threat modeling and the development/engineering team.
- How security engineers can support and train their developers on how to incorporate threat modeling into their day-to-day work.
- Where threat modeling should fit into your application security program priorities.
- The surprising benefits that threat modeling brings — outside of knowing the risks that exist.
- How most organizations let perfect be the enemy of good (and what they should be doing instead).
Resources Mentioned:
Shostack white paper — Fast, Cheap, and Good
Shostack 1 minute educational clips on Youtube
Showstack threat modeling resource
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.