The AppSec community agrees that threat modeling is essential, but many struggle to implement it effectively. Using insight from the LinkedIn community, Chris lays out a comprehensive Threat Modeling strategy to guide AppSec teams to success in this critical discipline.
Before starting, consider the organization's culture, tech debt, and current risk posture. Threat modeling will not be successful in an organization that doesn't prioritize security!
Tie threat modeling to the success of the business. See it as an enabler for the company, and define its success metrics clearly.
Integrate threat modeling into the development process in an agile and incremental manner. It's not about where you start but where you end up. It's essential to begin with critical applications and expand the scope over time.
Keep the Threat Model Up to Date. Threat modeling is a continuous process that adapts to new threats and system changes.
Make threat modeling holistic and straightforward. Start after the high-level design phase, and revisit the model continuously throughout a product's lifecycle.
Concentrate on domain-specific problems, which threat modeling is good at identifying. However, when identifying domain-agnostic issues, use automated approaches.
Special Thanks to the following individuals who provided feedback for this episode: Iswarya Subramanian Balachandar, Kuldeep Kumar, Abdoulkader (Abdo) Dirieh, Rob van der Veer, and Tony Turner.
Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.