Video

Fireside Chat: A Different Way to Threat Model

Join us for an insightful discussion with Adam Shostack (President of Shostack & Associates, author of many threat modeling books), a renowned expert in threat modeling, as he explains the basics and importance of threat modeling in security. Learn about the four fundamental questions of threat modeling, its application in agile and lean environments, and tips for keeping it lightweight and effective. Adam also shares his journey into the field, his teaching experiences, and how to start a threat modeling program.

By
Adam Shostack
Adam Shostack
Jenn Gile
Jenn Gile
Published on
02 October 2025
Adam Shostack

Adam Shostack

President at Shostack & Associates
Jenn Gile

Jenn Gile

Head of Community at Endor Labs

00:00 Introduction and Definition of Threat Modeling

02:12 The Importance of Agile Threat Modeling

02:35 Four Key Questions in Threat Modeling

04:50 Continuous Threat Modeling and Security Debt

05:53 Differentiating Threat Modeling from Secure Design Review

09:44 Adam's Journey into Threat Modeling

11:58 Teaching Threat Modeling: Audience and Impact

14:14 Engaging Developers in Security

19:23 Advice for Starting a Threat Modeling Program

23:10 The Joy of Teaching and Continuous Learning

Summarize with AI

Resources mentioned in the video: https://www.wiley.com/en-us/Threats%3A+What+Every+Engineer+Should+Learn+From+Star+Wars-p-9781119895169

Contents

Table of Contents

More resources

Advice from a CTO: Secure Code Practices for AI Code Assistants
Blog
Advice from a CTO: Secure Code Practices for AI Code Assistants

What we should know about the security of AI-generated code, and how we can improve it.

Shifting Left, Done Right
Blog
Shifting Left, Done Right

Explore how to successfully shift security left by implementing strategies that make secure coding practices easy for developers, automate non-core engineering tasks (the "outer loop"), and build trust by only prioritizing security findings that are truly important and relevant.

5 Essential Skills for AppSec Engineers
Blog
5 Essential Skills for AppSec Engineers

What does it take to get a security engineering job in today's job market?