Video

Fireside Chat: A Different Way to Threat Model

Join us for an insightful discussion with Adam Shostack (President of Shostack & Associates, author of many threat modeling books), a renowned expert in threat modeling, as he explains the basics and importance of threat modeling in security. Learn about the four fundamental questions of threat modeling, its application in agile and lean environments, and tips for keeping it lightweight and effective. Adam also shares his journey into the field, his teaching experiences, and how to start a threat modeling program.

By
Adam Shostack
Adam Shostack
Jenn Gile
Jenn Gile
Published on
02 October 2025
Adam Shostack

Adam Shostack

President at Shostack & Associates
Jenn Gile

Jenn Gile

Head of Community at Endor Labs

00:00 Introduction and Definition of Threat Modeling

02:12 The Importance of Agile Threat Modeling

02:35 Four Key Questions in Threat Modeling

04:50 Continuous Threat Modeling and Security Debt

05:53 Differentiating Threat Modeling from Secure Design Review

09:44 Adam's Journey into Threat Modeling

11:58 Teaching Threat Modeling: Audience and Impact

14:14 Engaging Developers in Security

19:23 Advice for Starting a Threat Modeling Program

23:10 The Joy of Teaching and Continuous Learning

Summarize with AI

Resources mentioned in the video: https://www.wiley.com/en-us/Threats%3A+What+Every+Engineer+Should+Learn+From+Star+Wars-p-9781119895169

Contents

Table of Contents

More resources

Mythbusters: Are Tech Industry Analysts Worth Listening To?
Video
Mythbusters: Are Tech Industry Analysts Worth Listening To?

Learn how a tech industry analyst could help you research new tools or practices.

The Four Question Framework for Threat Modeling
Video
The Four Question Framework for Threat Modeling

Adam Shostack is one of the best known thought leaders and instructors in threat modeling. At the October 2025 LeanAppSec Live, we invited him to deliver a lightning talk on the four question framework.

Discover how to efficiently incorporate threat modeling into your security processes without extra budget or headcount.

Fireside Chat: Incorporating AI into Security at Adobe
Video
Fireside Chat: Incorporating AI into Security at Adobe

Hear from Ammar Alim (Senior Manager, DevSecOps at Adobe) about how his team is using AI to scale security engineering.