Shostack + Friends Blog


Future of Appsec podcast

A really fun episode with Adam joining Harshill Parikh of Tromzo's Future of Appsec podcast. Podcast episode billboard

Most people think about threat modeling as an extensive, costly and heavyweight exercise. But what if it didn’t have to be? What if threat modeling could be as easy as asking and answering a few simple questions?

Topics discussed in this episode:

  • Why threat modeling shouldn’t only be for organizations with large teams of application security engineers.
  • How to bridge the gap between the security team focused on threat modeling and the development/engineering team.
  • How security engineers can support and train their developers on how to incorporate threat modeling into their day-to-day work.
  • Where threat modeling should fit into your application security program priorities.
  • The surprising benefits that threat modeling brings — outside of knowing the risks that exist.
  • How most organizations let perfect be the enemy of good (and what they should be doing instead).

Listen — and subscribe — at: