![CISO Tradecraft® artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts124/v4/b2/81/6d/b2816d1c-72d8-d268-25d7-dc134139304f/mza_10521602003510997745.jpg/100x100bb.jpg)
#148 - Threat Modeling (with Adam Shostack)
CISO Tradecraft®
English - September 25, 2023 08:00 - 37 minutes - 34.6 MB - ★★★★★ - 46 ratingsTechnology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: #147 - Betting on MFA
Next Episode: #149 - Board Perspectives
On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask:
What are we working on?
What can go wrong?
What are we going to do about it?
Did we do a good enough job?
Big thanks to our sponsor:
Risk3Sixty - https://risk3sixty.com/whitepaper/
Adam Shostack's LinkedIn Profile - https://www.linkedin.com/in/shostack/
Learn more about threat modeling by checking out Adam's books on threat modeling Threats: What Every Engineer Should Learn From Star Wars https://amzn.to/3PFEv7L
Threat Modeling: Designing for Security https://amzn.to/3ZmfLo7 Also check out the Threat Modeling Manifesto: https://www.threatmodelingmanifesto.org/
Transcripts: https://docs.google.com/document/d/1Tu0Xj9QTbVqbVJNMbNRam-FEUvfda3ZS
Chapters
00:00 Introduction
06:02 The 4 Questions that allow you to measure twice cut once
09:29 How Data Flow Diagrams help teams
16:04 It's more than just looking at threats
19:23 Chasing the most fluid thing or the most worrisome thing
22:00 All models are wrong and some are useful
26:25 Actionable Remediation
31:05 LLMs and Threat Models