Shostack + Friends Blog

Threat Informed Defense Series

A great, in depth series on threat modeling with ATTACK

a photograph of a robot, sitting in a library, working on a jigsaw puzzle

Tiffany Bergeron is Chief Architect at MITRE’s Mappings Program. We did a four part series, diving deep into threat modeling using ATT&CK. This is a deeper insight into the set of conversations that Kyle Wallace and I previewed at an RSAC Virtual Seminar: Building Resilient Systems (our video starts here.)

And while I’m always happy to be collaborating with my long-time colleagues from MITRE, I’m especially happy that we had this chance to dive, really deeply, into a specific threat modeling approach and the places we aligned and diverged. This sort of deep dive is still rare because, frankly, most organizations are still in the crawl phase of threat modeling: They’re starting, and they’re finding it to be hard to coordinate, hard to get where they’re going, and they fall down after eagerly standing up.

These deeper conversations are at the Center for Threat Informed Defense.

The other 3 videos can be a little tricky to find, there’s a menu at the top of the first one, on the upper right, with a little triangle in it:

Originally published by Adam on 25 Apr 2025
Categories: podcasts threat modeling videos webinars

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.