Sign up to save your podcasts
Or
Share Product-led threat modeling
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Product-led threat modeling
What is the connection between threat modeling and product development? How can you apply lean product management and focus on understanding the user's needs while still threat modeling? Prepare to explore product-led threat modeling.
The conversation delves into the importance of taking responsibility for security and using the language of the teams being influenced. Michal shares his process for conducting a threat modeling session, including using rapid risk assessment and STRIDE methodologies, building a threat library, and utilizing cookbooks for different technological approaches.
Throughout the episode, Chris and Michal provide valuable insights and best practices for incorporating threat modeling into product development, emphasizing the importance of collaboration and communication between product managers, architects, and technical leaders. Listeners will come away with a deeper understanding of how to approach threat modeling that aligns with the user's needs and the product's goals.
Key takeaways:
1. Threat modeling can be integrated into the product management approach to understand better the needs of the user and design mitigations for security risks
2. The problem space and solution space are terms from lean product management that can be applied to threat modeling
3. Responsibility for security should be taken by the product manager or owner
4. Rapid risk assessment and STRIDE methodology can be used to identify and prioritize threats
5. Cookbooks for different technological approaches can be used as references for solving security problems
6. Smart threat modeling builders use the language of the teams they are trying to influence
7. The product manager must be in the habit of saying it's my problem, not someone else's.
Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.
View all episodes
By Chris Romeo
5
22 ratings
What is the connection between threat modeling and product development? How can you apply lean product management and focus on understanding the user's needs while still threat modeling? Prepare to explore product-led threat modeling.
The conversation delves into the importance of taking responsibility for security and using the language of the teams being influenced. Michal shares his process for conducting a threat modeling session, including using rapid risk assessment and STRIDE methodologies, building a threat library, and utilizing cookbooks for different technological approaches.
Throughout the episode, Chris and Michal provide valuable insights and best practices for incorporating threat modeling into product development, emphasizing the importance of collaboration and communication between product managers, architects, and technical leaders. Listeners will come away with a deeper understanding of how to approach threat modeling that aligns with the user's needs and the product's goals.
Key takeaways:
1. Threat modeling can be integrated into the product management approach to understand better the needs of the user and design mitigations for security risks
2. The problem space and solution space are terms from lean product management that can be applied to threat modeling
3. Responsibility for security should be taken by the product manager or owner
4. Rapid risk assessment and STRIDE methodology can be used to identify and prioritize threats
5. Cookbooks for different technological approaches can be used as references for solving security problems
6. Smart threat modeling builders use the language of the teams they are trying to influence
7. The product manager must be in the habit of saying it's my problem, not someone else's.
Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.
More shows like The Threat Modeling Podcast
View all
Security Now (Audio)
1,963 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
630 Listeners
CyberWire Daily
1,012 Listeners
The Application Security Podcast
36 Listeners
Malicious Life
924 Listeners
Darknet Diaries
7,822 Listeners
Cybersecurity Today
163 Listeners
Hacking Humans
312 Listeners
Practical AI
189 Listeners
Cyber Work
101 Listeners
Cyber Security Headlines
118 Listeners
CISO Tradecraft®
48 Listeners
Risky Bulletin
33 Listeners
CISSP Cyber Training Podcast - CISSP Training Program
26 Listeners