Sign up to save your podcasts
Or
Share The Untold Benefits of Continuous Threat Modeling You Didn’t Know About ⎜Izar Tarandach
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Untold Benefits of Continuous Threat Modeling You Didn’t Know About ⎜Izar Tarandach
Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m joined by Izar Tarandach, a Senior Product Security Architect with extensive security experience at Datadog, Squarespace, and several other companies. Izar is also a renowned speaker and the co-author of Threat Modeling: A Practical Guide for Development Teams by O'Reilly. He’s a member of the Threat Modeling Manifesto Group and the leader behind the OWASP pytm Pythonic framework for threat modeling tool.
Izar is also a fellow podcaster, and I hope we get to flip roles one day!
In this episode, we discuss why perfectionism can hinder effective threat modeling and how Izar believes we need to strike the right balance between automation in threat modeling tools and human insight. We also explore the challenges of measuring the effectiveness of threat modeling and why metrics should focus on qualitative insights rather than just quantitative data.
If you agree with Izar’s perspective that a dev-centric approach to threat modeling can enhance security practices and want to learn how to implement security reflexes in your engineering teams—this episode is for you!
With that, get ready to hear Izar’s opinions.
Dive right in!
Connect with Izar: https://www.linkedin.com/in/izartarandach
Connect with Alexandra: https://fr.linkedin.com/in/alexandra-charikova
Mentioned in the video:
Escape: https://escape.tech
Threat Modeling: A Practical Guide for Development Teams https://www.amazon.com/Threat-Modeling-Identification-Avoidance-Secure/dp/1492056553
Threat Modeling Manifesto Group: https://www.threatmodelingmanifesto.org/OWASP pytm: https://owasp.org/www-project-pytm/
Security Table podcast: https://securitytable.buzzsprout.com/
Tanya Janca's Mentorship Monday, follow Tanya on X: https://x.com/shehackspurpleOWASP
Meet the Mentor https://sf.globalappsec.org/mentor-mentee/Threat Modeling: Designing for Security : Shostack, Adam: https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998
Brook Schoenfield’s Threat Modeling Methods: https://brookschoenfield.com/?page_id=341
View all episodes
By The Elephant in AppSecWelcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, I’m joined by Izar Tarandach, a Senior Product Security Architect with extensive security experience at Datadog, Squarespace, and several other companies. Izar is also a renowned speaker and the co-author of Threat Modeling: A Practical Guide for Development Teams by O'Reilly. He’s a member of the Threat Modeling Manifesto Group and the leader behind the OWASP pytm Pythonic framework for threat modeling tool.
Izar is also a fellow podcaster, and I hope we get to flip roles one day!
In this episode, we discuss why perfectionism can hinder effective threat modeling and how Izar believes we need to strike the right balance between automation in threat modeling tools and human insight. We also explore the challenges of measuring the effectiveness of threat modeling and why metrics should focus on qualitative insights rather than just quantitative data.
If you agree with Izar’s perspective that a dev-centric approach to threat modeling can enhance security practices and want to learn how to implement security reflexes in your engineering teams—this episode is for you!
With that, get ready to hear Izar’s opinions.
Dive right in!
Connect with Izar: https://www.linkedin.com/in/izartarandach
Connect with Alexandra: https://fr.linkedin.com/in/alexandra-charikova
Mentioned in the video:
Escape: https://escape.tech
Threat Modeling: A Practical Guide for Development Teams https://www.amazon.com/Threat-Modeling-Identification-Avoidance-Secure/dp/1492056553
Threat Modeling Manifesto Group: https://www.threatmodelingmanifesto.org/OWASP pytm: https://owasp.org/www-project-pytm/
Security Table podcast: https://securitytable.buzzsprout.com/
Tanya Janca's Mentorship Monday, follow Tanya on X: https://x.com/shehackspurpleOWASP
Meet the Mentor https://sf.globalappsec.org/mentor-mentee/Threat Modeling: Designing for Security : Shostack, Adam: https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998
Brook Schoenfield’s Threat Modeling Methods: https://brookschoenfield.com/?page_id=341