¡Desconecta con la aplicación Player FM !
#148 - Threat Modeling (with Adam Shostack)
Manage episode 377863150 series 2849492
On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good enough job?
Big thanks to our sponsor:
Risk3Sixty - https://risk3sixty.com/whitepaper/
Adam Shostack's LinkedIn Profile - https://www.linkedin.com/in/shostack/
Learn more about threat modeling by checking out Adam's books on threat modeling Threats: What Every Engineer Should Learn From Star Wars https://amzn.to/3PFEv7L
Threat Modeling: Designing for Security https://amzn.to/3ZmfLo7 Also check out the Threat Modeling Manifesto: https://www.threatmodelingmanifesto.org/
Transcripts: https://docs.google.com/document/d/1Tu0Xj9QTbVqbVJNMbNRam-FEUvfda3ZS
Chapters
- 00:00 Introduction
- 06:02 The 4 Questions that allow you to measure twice cut once
- 09:29 How Data Flow Diagrams help teams
- 16:04 It's more than just looking at threats
- 19:23 Chasing the most fluid thing or the most worrisome thing
- 22:00 All models are wrong and some are useful
- 26:25 Actionable Remediation
- 31:05 LLMs and Threat Models
181 episodios
Manage episode 377863150 series 2849492
On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good enough job?
Big thanks to our sponsor:
Risk3Sixty - https://risk3sixty.com/whitepaper/
Adam Shostack's LinkedIn Profile - https://www.linkedin.com/in/shostack/
Learn more about threat modeling by checking out Adam's books on threat modeling Threats: What Every Engineer Should Learn From Star Wars https://amzn.to/3PFEv7L
Threat Modeling: Designing for Security https://amzn.to/3ZmfLo7 Also check out the Threat Modeling Manifesto: https://www.threatmodelingmanifesto.org/
Transcripts: https://docs.google.com/document/d/1Tu0Xj9QTbVqbVJNMbNRam-FEUvfda3ZS
Chapters
- 00:00 Introduction
- 06:02 The 4 Questions that allow you to measure twice cut once
- 09:29 How Data Flow Diagrams help teams
- 16:04 It's more than just looking at threats
- 19:23 Chasing the most fluid thing or the most worrisome thing
- 22:00 All models are wrong and some are useful
- 26:25 Actionable Remediation
- 31:05 LLMs and Threat Models
181 episodios
Todos los episodios
×Bienvenido a Player FM!
Player FM está escaneando la web en busca de podcasts de alta calidad para que los disfrutes en este momento. Es la mejor aplicación de podcast y funciona en Android, iPhone y la web. Regístrate para sincronizar suscripciones a través de dispositivos.