Future of Application Security

EP 3 - Shostack + Associates Adam Shostack: 4 Question Framework For Simple Threat Modeling

Listen Later

Most people think about threat modeling as an extensive, costly and heavyweight exercise. But what if it didn’t have to be? What if threat modeling could be as easy as asking and answering a few simple questions? 

 

In today’s episode, we speak with Adam Shostack about his simple four-question threat modeling framework. Adam’s framework was developed based on 20+ years of threat modeling experience ranging from startups to more than a decade at Microsoft. He believes deeply that organizations must rethink their approach to threat modeling. In this episode, Adam walks through his framework and teaches us how we should all be approaching threat modeling. 

Topics discussed in this episode:

  • Why threat modeling shouldn’t only be for organizations with large teams of application security engineers. 
  • How to bridge the gap between the security team focused on threat modeling and the development/engineering team. 
  • How security engineers can support and train their developers on how to incorporate threat modeling into their day-to-day work. 
  • Where threat modeling should fit into your application security program priorities. 
  • The surprising benefits that threat modeling brings — outside of knowing the risks that exist. 
  • How most organizations let perfect be the enemy of good (and what they should be doing instead). 

    • Resources Mentioned: 

    Shostack white paper — Fast, Cheap, and Good  

    Shostack 1 minute educational clips on Youtube  

    Showstack threat modeling resource 

    ...more
    View all episodesView all episodes
    Download on the App Store
    Future of Application SecurityBy Tromzo
    • 5
    • 5
    • 5
    • 5
    • 5

    5

    4 ratings