We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the “what could go wrong” discussion with DevOps teams? And what’s a sign that we’re generating useful threat models? Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Threat Modeling Deep Dive

- https://www.threatmodelingmanifesto.org
- https://securityboulevard.com/2020/05/data-security-and-threat-models/
- https://speakerdeck.com/abhaybhargav/agile-threat-modeling-as-code


[caption id="attachment_210" align="alignleft" width="120"]Adrian Sanabria Adrian Sanabria - Senior Research Engineer[/caption] [caption id="attachment_210" align="alignleft" width="120"]John Kinsella John Kinsella - Chief Architect[/caption] [caption id="attachment_210" align="alignleft" width="120"]Mike Shema Mike Shema - Product Security Lead[/caption]


  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

[audio src="http://traffic.libsyn.com/sw-all/ASW_131-_Threat_Modeling_Discussion-0_converted.mp3"]