Video

Fireside Chat: A Different Way to Threat Model

Join us for an insightful discussion with Adam Shostack (President of Shostack & Associates, author of many threat modeling books), a renowned expert in threat modeling, as he explains the basics and importance of threat modeling in security. Learn about the four fundamental questions of threat modeling, its application in agile and lean environments, and tips for keeping it lightweight and effective. Adam also shares his journey into the field, his teaching experiences, and how to start a threat modeling program.

By
Adam Shostack
Adam Shostack
Jenn Gile
Jenn Gile
Published on
02 October 2025
Adam Shostack

Adam Shostack

President at Shostack & Associates
Jenn Gile

Jenn Gile

Head of Community at Endor Labs

00:00 Introduction and Definition of Threat Modeling

02:12 The Importance of Agile Threat Modeling

02:35 Four Key Questions in Threat Modeling

04:50 Continuous Threat Modeling and Security Debt

05:53 Differentiating Threat Modeling from Secure Design Review

09:44 Adam's Journey into Threat Modeling

11:58 Teaching Threat Modeling: Audience and Impact

14:14 Engaging Developers in Security

19:23 Advice for Starting a Threat Modeling Program

23:10 The Joy of Teaching and Continuous Learning

Summarize with AI

Resources mentioned in the video: https://www.wiley.com/en-us/Threats%3A+What+Every+Engineer+Should+Learn+From+Star+Wars-p-9781119895169

Contents

Table of Contents

More resources

Applying Lean Principles to Application Security
Blog
Applying Lean Principles to Application Security

What is LeanAppSec, and how can you use it?

Shifting Left, Done Right
Blog
Shifting Left, Done Right

Explore how to successfully shift security left by implementing strategies that make secure coding practices easy for developers, automate non-core engineering tasks (the "outer loop"), and build trust by only prioritizing security findings that are truly important and relevant.

Fireside Chat: What to Know About Tech Industry Analysts
Video
Fireside Chat: What to Know About Tech Industry Analysts

In this episode, Katie Norton (Research Manager at IDC) gives a primer on tech industry analysts. The conversation provides insights on how to find the right analyst firm based on company needs and the importance of asking good questions during consultations. Additionally, they address common myths about analysts being 'pay to play' and examine the impact of recent npm supply chain attacks on the industry.