Sign up to save your podcasts
Or
Share S3E7: Robert Hurlbut - All Things Threat Modeling
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S3E7: Robert Hurlbut - All Things Threat Modeling
- For those not familiar with Threat Modeling, what is it? Also, to clear up potential confusion, what is it not? (e.g. Threat Hunting)
- You were part of an effort to create the Threat Modeling Manifesto, can you tell us a bit about that project?
- We recently saw NIST both define critical software as part of the Cyber EO and also list Threat Modeling as a key activity for critical software. What are your thoughts on that occurring and if you think that will impact the Threat Modeling community?
- Some folks have made comments about Threat Modeling being too cumbersome for methodologies/cultures such as DevOps/DevSecOps. Why do you think that is an opinion among some and is it true?
- Can Threat Modeling be applied to any sort of architecture or system? Are there any major differences for same on-prem vs cloud systems?
- For organizations looking to get started with Threat Modeling, where do you recommend they start?
- Moving on from getting started, have you seen large organizations with successful, or unsuccessful Threat Modeling programs, and what were some major themes either way?
View all episodes
By Chris Hughes
4.9
1515 ratings
- For those not familiar with Threat Modeling, what is it? Also, to clear up potential confusion, what is it not? (e.g. Threat Hunting)
- You were part of an effort to create the Threat Modeling Manifesto, can you tell us a bit about that project?
- We recently saw NIST both define critical software as part of the Cyber EO and also list Threat Modeling as a key activity for critical software. What are your thoughts on that occurring and if you think that will impact the Threat Modeling community?
- Some folks have made comments about Threat Modeling being too cumbersome for methodologies/cultures such as DevOps/DevSecOps. Why do you think that is an opinion among some and is it true?
- Can Threat Modeling be applied to any sort of architecture or system? Are there any major differences for same on-prem vs cloud systems?
- For organizations looking to get started with Threat Modeling, where do you recommend they start?
- Moving on from getting started, have you seen large organizations with successful, or unsuccessful Threat Modeling programs, and what were some major themes either way?
More shows like Resilient Cyber
View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
627 Listeners
The Cloudcast
152 Listeners
CyberWire Daily
1,003 Listeners
AWS Podcast
203 Listeners
Darknet Diaries
7,875 Listeners
Cybersecurity Today
167 Listeners
CISO Series Podcast
187 Listeners
Cloud Security Podcast
57 Listeners
Cyber Security Headlines
129 Listeners
CISO Tradecraft®
48 Listeners
The Ezra Klein Show
15,306 Listeners
Risky Bulletin
33 Listeners
No Priors: Artificial Intelligence | Technology | Startups
122 Listeners
AI Security Podcast
4 Listeners
Threat Vector by Palo Alto Networks
34 Listeners