Video

Fireside Chat: A Different Way to Threat Model

Join us for an insightful discussion with Adam Shostack (President of Shostack & Associates, author of many threat modeling books), a renowned expert in threat modeling, as he explains the basics and importance of threat modeling in security. Learn about the four fundamental questions of threat modeling, its application in agile and lean environments, and tips for keeping it lightweight and effective. Adam also shares his journey into the field, his teaching experiences, and how to start a threat modeling program.

By
Adam Shostack
Adam Shostack
Jenn Gile
Jenn Gile
Published on
02 October 2025
Adam Shostack

Adam Shostack

President at Shostack & Associates
Jenn Gile

Jenn Gile

Head of Community at Endor Labs

00:00 Introduction and Definition of Threat Modeling

02:12 The Importance of Agile Threat Modeling

02:35 Four Key Questions in Threat Modeling

04:50 Continuous Threat Modeling and Security Debt

05:53 Differentiating Threat Modeling from Secure Design Review

09:44 Adam's Journey into Threat Modeling

11:58 Teaching Threat Modeling: Audience and Impact

14:14 Engaging Developers in Security

19:23 Advice for Starting a Threat Modeling Program

23:10 The Joy of Teaching and Continuous Learning

Summarize with AI

Resources mentioned in the video: https://www.wiley.com/en-us/Threats%3A+What+Every+Engineer+Should+Learn+From+Star+Wars-p-9781119895169

Contents

Table of Contents

More resources

What are the Best AppSec KPIs? It Depends.
Blog
What are the Best AppSec KPIs? It Depends.

Pick the metrics right for your program based on what's most important to your organization.

Mythbusters: Are Tech Industry Analysts Worth Listening To?
Video
Mythbusters: Are Tech Industry Analysts Worth Listening To?

Learn how a tech industry analyst could help you research new tools or practices.

5 Essential Skills for AppSec Engineers
Blog
5 Essential Skills for AppSec Engineers

What does it take to get a security engineering job in today's job market?