Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
17 June 2025 - 1 hour 8 minsWhat makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models.
Resources:
https://www.eurekadevsecops.com/agile-devops-and-the-threat-modeling-disconnect-bridging-the-gap-with-developer-insights/ https://www.threatmodelingmanifesto.org https://kellyshortridge.com/blog/posts/security-decision-trees-with-graphviz/ In the news, learning from outage postmortems,...
Series Episodes
Building Trusted Automation as Leaders Struggle with AI Adoption and CISOs Hire - Tim Morris - BSW #437
1 hour 7 mins
4 March Finished
North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More - SWN #560
32 mins
3 March Finished
Modern AppSec that keeps pace with AI development - James Wickett - ASW #372
47 mins
3 March Finished
OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448
1 hour 54 mins
2 March Finished
Brainstorm, SonicWall, Junos, Glienicke Brücke, Burger King, Claude, Josh Marpet... - SWN #559
32 mins
27 February Finished
