Tuesday Apr 19, 2022

EP 3 - Shostack + Associates Adam Shostack: 4 Question Framework For Simple Threat Modeling

Most people think about threat modeling as an extensive, costly and heavyweight exercise. But what if it didn’t have to be? What if threat modeling could be as easy as asking and answering a few simple questions? 

 

In today’s episode, we speak with Adam Shostack about his simple four-question threat modeling framework. Adam’s framework was developed based on 20+ years of threat modeling experience ranging from startups to more than a decade at Microsoft. He believes deeply that organizations must rethink their approach to threat modeling. In this episode, Adam walks through his framework and teaches us how we should all be approaching threat modeling. 

Topics discussed in this episode:

  • Why threat modeling shouldn’t only be for organizations with large teams of application security engineers. 
  • How to bridge the gap between the security team focused on threat modeling and the development/engineering team. 
  • How security engineers can support and train their developers on how to incorporate threat modeling into their day-to-day work. 
  • Where threat modeling should fit into your application security program priorities. 
  • The surprising benefits that threat modeling brings — outside of knowing the risks that exist. 
  • How most organizations let perfect be the enemy of good (and what they should be doing instead). 

Resources Mentioned: 

Shostack white paper — Fast, Cheap, and Good  

Shostack 1 minute educational clips on Youtube  

Showstack threat modeling resource 

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2022 All rights reserved.

Podcast Powered By Podbean

Version: 20241125