Threat Modeling Quick Start Guide from Shostack + Associates


What is Threat Modeling?

Threat modeling is how we bring strategic, systematic, and comprehensive analysis to engineering. Discover what can go wrong in a system, even before you've built it. Threat modeling is a broad term, and includes engineering skills and practices. The depth and structure of threat modeling ranges from dialog at a whiteboard through large complex analyses. It is one of the most important, and misunderstood, parts of a security development lifecycle.

The very easiest way to get started threat modeling is by asking the Four Questions:

If you simply ask those Four Questions, you're threat modeling. Adam has a 60 second video on the subject, along with a 20 minute series, The World's Shortest Threat Modeling course.

Getting Started with Threat Modeling

While you can — and should — ask the Four Questions, many people want more. These resources are each a few pages long and designed to help.

Sometimes people conflate threat intelligence and threat modeling. Adam addressed the difference in Threat Modeling: What, Why, and How, above. (Both that and "Rolling Out" were originally published at the MISTI Training Institute.)


We have a wide variety of innovative physical threat modeling tools available from Agile Stationery. They include whiteboard notebooks, stencils, Elevation of Privilege card decks, and the threat modeling manifesto posters.


When we were planning onsite training, we used to ask "are there lots of whiteboards?" Now, we ask "are the walls completely covered in whiteboards?" If not, we ship rolls of static cling whiteboards, and people always want to know how to get more.