The Threat Modeling Podcast

The Threat Modeling Podcast

Chris Romeo is going on a journey. A journey to understand threat modeling at the deepest levels. He thought he understood threat modeling but realized he could go deeper. Chris shares his findings and talks with some of the best-known experts in the space to experience continuous learning. Join along for the ride -- you will learn something.


September 28, 2023 11 mins

Akira Brand joins Chris to talk about her journey into threat modeling, her early experiences, some lessons learned, and how she knew her threat model was successful. Akira's experiences emphasize the importance of collaboration, understanding the application, and using tools and diagrams to aid the process.

Akira is a visual thinker and draws parallels between surgical checklists and the STRIDE model. Akira emphasize...

Mark as Played

Dr. Michael Loadenthal specializes in threat modeling beyond the conventional realm of technology. Companies today face multifaceted challenges, including political, legal, and technical threats. Solutions to these problems can also be varied. A comprehensive threat model should consider many dimensions, such as political, legal, ethical, and social. Whether advising activist groups or high-profile individuals, Dr. Loadenthal empha...

Mark as Played

The AppSec community agrees that threat modeling is essential, but many struggle to implement it effectively. Using insight from the LinkedIn community, Chris lays out a comprehensive Threat Modeling strategy to guide AppSec teams to success in this critical discipline.

Before starting, consider the organization's culture, tech debt, and current risk posture. Threat modeling will not be successful in an organization t...

Mark as Played
July 11, 2023 8 mins

Engineering-led, developer-focused, or software-centric threat modeling: they all have software in common. Composing software into functions through the user story's lens is important. Farshad Abasi shares his journey from being a software engineer to forming a global AppSec team at HSBC Bank. Farshad expresses the importance of asset-based threat modeling and the need to keep things simple. He emphasizes the importance of foc...

Mark as Played
June 7, 2023 15 mins

What is the connection between threat modeling and product development? How can you apply lean product management and focus on understanding the user's needs while still threat modeling? Prepare to explore product-led threat modeling.

The conversation delves into the importance of taking responsibility for security and using the language of the teams being influenced. Michal shares his process for conducting a threat modeling s...

Mark as Played

In this episode, we discuss the four-question framework for threat modeling with its creator, Adam Shostack. We dive deep into the meaning and purpose of each question and how they simplify the threat modeling process. The four questions are: 1) What are we working on? 2) What can go wrong? 3) What are we going to do about it? 4) Did we do a good job? 

Adam explains that these questions are not a methodology but a foundati...

Mark as Played

In episode one of the Threat Modeling podcast, host Chris Romeo explores various definitions of threat modeling gathered from industry experts. The podcast discusses whether risk assessment and threat modeling are the same, the essence of threat modeling, collaboration and documentation, identifying and mitigating threats early, the Five W's and an H approach, structured brainstorming, and proactive security. The Threat Modeli...

Mark as Played

On this podcast, we'll journey together into the world of threat modeling. On this journey, we'll learn the history of threat modeling, hear from influential folks, explore the available methodologies and tools, and have fun.

 My name is Chris Romeo, and I've been threat modeling my entire 25+ year career in security. In addition, I host other podcasts, including the Application Security Podcast and the Security Table...

Mark as Played

Popular Podcasts

    "McCartney: A Life in Lyrics" offers listeners the opportunity to sit in on conversations between Paul McCartney and poet Paul Muldoon dissecting the people, experiences, and art that inspired McCartney’s songwriting. These conversations were held during the past several years as the two collaborated on the best selling book, “The Lyrics: 1965 to Present.” Over two seasons and 24 episodes of “McCartney: A Life in Lyrics”, you’ll hear a combination master class, memoir, and improvised journey with one of the most beloved figures in popular music. Each episode focuses on one song from McCartney’s iconic catalog – spanning early Beatles through his solo work. Season 1 premieres on October 4th. “McCartney: A Life in Lyrics” is a co-production between iHeart Media, MPL and Pushkin Industries. Cover Portrait © 1967 Paul McCartney / Photographer: Linda McCartney

    Dateline NBC

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

    Crime Junkie

    If you can never get enough true crime... Congratulations, you’ve found your people.

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.


    Unforgettable true crime mysteries, exclusive newsmaker interviews, hard-hitting investigative reports and in-depth coverage of high profile stories.

Advertise With Us
Music, radio and podcasts, all free. Listen online or download the iHeart App.


© 2023 iHeartMedia, Inc.