In episode one of the Threat Modeling podcast, host Chris Romeo explores various definitions of threat modeling gathered from industry experts. The podcast discusses whether risk assessment and threat modeling are the same, the essence of threat modeling, collaboration and documentation, identifying and mitigating threats early, the Five W's and an H approach, structured brainstorming, and proactive security. The Threat Modeling Manifesto's definition is favored by Chris, which states that threat modeling is "analyzing representations of a system to highlight concerns about security and privacy characteristics." In addition, the podcast highlights that threat modeling involves art, science, collaboration, and brainstorming, aiming to improve security and privacy in systems.
Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.
Episode Transcript
Welcome to episode one of the Threat Modeling podcast.
I'm your host, Chris Romeo.
In case you forgot, I'm on ajourney to understand threat
modeling more deeply.
In case you didn't know, I'm anapplication security
practitioner.
I'm a podcast host and also aself-described threat modeler to
the stars.
(00:29):
So let's start with definingwhat the heck threat modeling
is.
I went to where everyone goeswhen they need an eternal source
of knowledge.
The internet.
I asked a simple question onTwitter and LinkedIn.
What is threat modeling?
I decided to keep it simple toavoid leading the witnesses.
I received 15 responses to thequestion from many folks that I
(00:49):
respect from across ourindustry.
These definitions provide manydifferent angles and
perspectives on threat.
However they all work togetherto explore further and describe
the essence of threat modeling.
We'll start with the idea thatrisk assessment and threat
modeling are the same.
Doug Landal is a cybersecurityrisk and compliance expert.
(01:12):
Doug focuses on application riskassessment as a critical
component in cybersecurity.
He suggests that the term threatmodeling can be misleading.
It implies the process islimited to modeling threats
while it encompasses much more.
From Doug's viewpoint, threatmodeling is a security risk
assessment and applicationanalysis.
(01:33):
While I understand what Dougsays, I would separate threat
modeling from risk assessmentInstead.
Risk assessment carries baggagein my mind.
This could be because of myhistory and security for the
past 25 years.
When I think risk assessment, Ithink compliance activity that
measures what we've built.
So something that's focused onmore of the past tense, while
(01:56):
threat modeling for me is aboutchanging what we're making now
and what we're making into thefuture.
The following two definitionshelp to capture the essence of
threat modeling.
First, Jeff Williams, theco-founder and CTO at Contrast
defines threat modeling as theart and science of figuring out
whether your defenses aresufficient to counter the
(02:19):
threats you care about.
I like that Jeff uses the termsart and science.
Threat modeling contains artthrough creativity and science
by using a defined process thatprovides some regularity to each
model.
Nigel Hansen, a CISSP, globalAppSec and hardware security
expert describes threat modelingas people working through four
(02:41):
main questions to identifypotential issues that no tool
will likely find.
These questions help inidentifying what could go wrong.
Adam Shostack's now famous FourQuestions define the essence of
threat modeling, and we'llexplore them in more depth in a
later episode.
Ken Toller, an applicationblockchain and cloud security
(03:03):
professional, sees threatmodeling as an exercise in
formalizing informationdiscovery through collaboration.
This collaboration helps todocument and prioritize risks
and determine expected controlseffectively.
Collaboration with threatmodeling is a crucial principle.
When a person threat models in avacuum, the resulting model will
(03:23):
never be as good as whencollaborating with others to
expand the universe ofapplicable threats.
Jayanthi Manikandan emphasizesthe importance of proactively
identifying threats early in thesoftware development lifecycle
to mitigate them appropriatelyresulting in a safer and more
secure system.
(03:45):
Mitigating threats early is acrucial property of threat
modeling.
We want to consider the issuesbefore a feature reaches
production.
According to RG Williams threatmodeling is about answering the
who, what, when, where, why,how, and most importantly, to
what.
By identifying the assets andunderstanding the potential
(04:06):
risks, teams can create a planto prevent harm from attackers
or circumstances.
I like this approach to thinkingabout threat modeling.
It encompasses a process withinand guidance on how to consider
specific threats.
Avi Douglen and Kim Wuyts bothagree that threat modeling is a
(04:26):
structured approach to thinkingabout security and a focused
brainstorming session toconsider what could potentially
go wrong.
Tanya Jenka also views it as abrainstorming session about what
might go wrong and what to doabout it.
I like the inclusion ofbrainstorming in the essence of
threat modeling.
Brainstorming is a piece of asuccessful approach because
(04:48):
brainstorming pushes us beyondthe threats that we can
understand via variousmethodologies.
All these previous definitionshave helped me to expand my
understanding of threatmodeling.
It's powerful to take a conceptthat I consider nebulous and
think about each facet broughtinto view by various experts.
Powerful stuff.
(05:09):
My favorite definition of threatmodeling comes from the threat
modeling manifesto.
Side note, I was lucky enough tobe a contributor to the
manifesto.
As we created the document, weextensively discussed and
debated the definition of threatmodeling.
As a result, all of us authorscame from different backgrounds
and perspectives, and thisdefinition is what we could all
live with.
(05:30):
The manifesto says threatmodeling is analyzing
representations of a system tohighlight concerns about
security and privacycharacteristics.
The first part of the definitionuses the term representations.
Representation is any way ofdescribing the subject to the
threat model.
A representation can exist inmany different forms.
It could be a picture, it couldbe a verbal description of how
(05:53):
something works.
A person could even scribble arepresentation on the back of a
napkin.
The point is that therepresentation is what we
analyze.
Analyzing, uses a systematicprocess to iterate across the
representation, looking forpotential issues to mitigate.
The definition focuses on bothsecurity and privacy
characteristics.
(06:14):
Both are crucial to the successof a new feature or system.
If we bring words from each ofthe definitions for threat
modeling together, it will helpus to understand the essence of
threat modeling, art, science,collaboration, early who, what,
(06:37):
when, where, why, and how, andbrainstorming.
All of these are pieces thatcontribute to successful threat
modeling.
I still favor the threatmodeling manifesto definition
because I can simplify it evenmore to say analyzing
representations to highlightsecurity and privacy issues.
(06:58):
Now that we have a workingdefinition of threat modeling,
we can continue, and explore,Adam Shostack's four questions.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!