Sustainable Secure Design - Building a Continuous Threat Modeling Process (Virtual)

Threat modeling is an incredibly powerful approach to building secure products, but equally hard to get right consistently. In fact, your organization has likely attempted to roll out a threat modeling initiative, but fallen into any of a dozen common traps. "We tried it a few years ago, and it was great, but we couldn't get anyone to do it a second time" is one of the more familiar stories we hear. Threat Modeling, a structured methodology for security analysis of complex systems, can help you effectively identify and prioritize potential threats and attack vectors, and understand appropriate mitigations. But to maximize its effect, this must be an ongoing practice, not just a one-time activity. To consistently deliver, and iteratively improve a secure product, we must be intentional about how we include and encourage everyone to contribute and improve the product's security – even when the security team is not there.