Video

Fireside Chat: A Different Way to Threat Model

Join us for an insightful discussion with Adam Shostack (President of Shostack & Associates, author of many threat modeling books), a renowned expert in threat modeling, as he explains the basics and importance of threat modeling in security. Learn about the four fundamental questions of threat modeling, its application in agile and lean environments, and tips for keeping it lightweight and effective. Adam also shares his journey into the field, his teaching experiences, and how to start a threat modeling program.

By
Adam Shostack
Adam Shostack
Jenn Gile
Jenn Gile
Published on
02 October 2025
Adam Shostack

Adam Shostack

President at Shostack & Associates
Jenn Gile

Jenn Gile

Head of Community at Endor Labs

00:00 Introduction and Definition of Threat Modeling

02:12 The Importance of Agile Threat Modeling

02:35 Four Key Questions in Threat Modeling

04:50 Continuous Threat Modeling and Security Debt

05:53 Differentiating Threat Modeling from Secure Design Review

09:44 Adam's Journey into Threat Modeling

11:58 Teaching Threat Modeling: Audience and Impact

14:14 Engaging Developers in Security

19:23 Advice for Starting a Threat Modeling Program

23:10 The Joy of Teaching and Continuous Learning

Summarize with AI

Resources mentioned in the video: https://www.wiley.com/en-us/Threats%3A+What+Every+Engineer+Should+Learn+From+Star+Wars-p-9781119895169

Contents

Table of Contents

More resources

5 Essential Skills for AppSec Engineers
Blog
5 Essential Skills for AppSec Engineers

What does it take to get a security engineering job in today's job market?

4 Ways to Use AI for Security Engineering
Video
4 Ways to Use AI for Security Engineering

Get an inside look at how a DevSecOps team at Adobe is using AI/ML to revolutionize their WAF rule management program. Ammar Alim (Senior Manager, DevSecOps @ Adobe) shares how they’re leveraging existing resources to dynamically create, deploy, and refine WAF rules without requiring new tools or increased budget.

Applying Lean Principles to Application Security
Blog
Applying Lean Principles to Application Security

What is LeanAppSec, and how can you use it?