Sign up to save your podcasts
Or
Share S3E7: Robert Hurlbut - All Things Threat Modeling
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S3E7: Robert Hurlbut - All Things Threat Modeling
- For those not familiar with Threat Modeling, what is it? Also, to clear up potential confusion, what is it not? (e.g. Threat Hunting)
- You were part of an effort to create the Threat Modeling Manifesto, can you tell us a bit about that project?
- We recently saw NIST both define critical software as part of the Cyber EO and also list Threat Modeling as a key activity for critical software. What are your thoughts on that occurring and if you think that will impact the Threat Modeling community?
- Some folks have made comments about Threat Modeling being too cumbersome for methodologies/cultures such as DevOps/DevSecOps. Why do you think that is an opinion among some and is it true?
- Can Threat Modeling be applied to any sort of architecture or system? Are there any major differences for same on-prem vs cloud systems?
- For organizations looking to get started with Threat Modeling, where do you recommend they start?
- Moving on from getting started, have you seen large organizations with successful, or unsuccessful Threat Modeling programs, and what were some major themes either way?
View all episodes
By Chris Hughes
4.9
1616 ratings
- For those not familiar with Threat Modeling, what is it? Also, to clear up potential confusion, what is it not? (e.g. Threat Hunting)
- You were part of an effort to create the Threat Modeling Manifesto, can you tell us a bit about that project?
- We recently saw NIST both define critical software as part of the Cyber EO and also list Threat Modeling as a key activity for critical software. What are your thoughts on that occurring and if you think that will impact the Threat Modeling community?
- Some folks have made comments about Threat Modeling being too cumbersome for methodologies/cultures such as DevOps/DevSecOps. Why do you think that is an opinion among some and is it true?
- Can Threat Modeling be applied to any sort of architecture or system? Are there any major differences for same on-prem vs cloud systems?
- For organizations looking to get started with Threat Modeling, where do you recommend they start?
- Moving on from getting started, have you seen large organizations with successful, or unsuccessful Threat Modeling programs, and what were some major themes either way?
More shows like Resilient Cyber
View all
Hacked
184 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,016 Listeners
The Application Security Podcast
36 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
188 Listeners
Defense in Depth
73 Listeners
Cloud Security Podcast
57 Listeners
All-In with Chamath, Jason, Sacks Friedberg
9,833 Listeners
Cyber Security Headlines
134 Listeners
CISO Tradecraft®
48 Listeners
AI Security Podcast
4 Listeners