Resilient Cyber
Resilient Cyber Podcast
S3E7: Robert Hurlbut - All Things Threat Modeling
0:00
-34:02

S3E7: Robert Hurlbut - All Things Threat Modeling

- For those not familiar with Threat Modeling, what is it? Also, to clear up potential confusion, what is it not? (e.g. Threat Hunting)

- You were part of an effort to create the Threat Modeling Manifesto, can you tell us a bit about that project?

- We recently saw NIST both define critical software as part of the Cyber EO and also list Threat Modeling as a key activity for critical software. What are your thoughts on that occurring and if you think that will impact the Threat Modeling community?

- Some folks have made comments about Threat Modeling being too cumbersome for methodologies/cultures such as DevOps/DevSecOps. Why do you think that is an opinion among some and is it true? 

- Can Threat Modeling be applied to any sort of architecture or system? Are there any major differences for same on-prem vs cloud systems?

- For organizations looking to get started with Threat Modeling, where do you recommend they start? 

- Moving on from getting started, have you seen large organizations with successful, or unsuccessful Threat Modeling programs, and what were some major themes either way?

Discussion about this episode

User's avatar