April 4, 2025
Threat Modeling Series
Host: Tiffany Bergeron, Chief Architect, Mappings Program
Guest: Adam Shostack, Threat Modeling Expert, Shostack + Associates
Episode 1: What Are We Working On?
To secure a system effectively, you need to know your systems. In this first episode, Adam and Tiffany Bergeron dive into how defining the scope lays the groundwork for identifying and addressing threats.
How does your team identify systems before starting the threat modeling process?
Episode 2: What Could Go Wrong?
After defining what we’re building, the next step is to identify potential threats. In this episode, Adam and Tiffany Bergeron walk through the ways defenders use both theory and evidence to effectively model potential attackers.
Does your team have a structured approach to identifying threats?
Episode 3: What are we going to do about it?
Once you’ve identified potential threats, how do you respond? In this episode, Adam and Tiffany explore practical strategies for mitigating risks and making informed security decisions that align with business objectives.
What approaches does your team use to prioritize threat mitigations?
Episode 4: Did we do a good job?
After implementing mitigations, how do you measure success? In this episode, Adam and Tiffany discuss how to assess the effectiveness of your threat modeling efforts and continuously improve your security processes.
Does your team conduct reviews or retrospectives on threat modeling outcomes?