Welcome to the forum | The Community and Resource Hub for All Things Threat Modeling

Latest posts

Recently active
Help others

DaveLevel 4

General Discussion

(POLL) To DFD or not to DFD?

They say a picture is worth a thousands words and so including some kind of diagram in your threat modelling process likely aids in understanding the system being threat modelled. But some diagrams can end up looking like “spaghetti and meatballs”, depending on the complexity of the system.I thought would be interesting to take the pulse of the community on this topic, so we can better understand what approaches are being used.Note, if your threat modelling approach uses lots of diagrams, perhaps just answer for the scenario where you were forced to choose just one.

14 days ago

LarryLevel 3

General Discussion

Scale Security

I'd like to discuss about how organizations can introduce security in organizations and be adapted to the ever-changing cybersecurity landscape while maintaining seamless operations.What are some of the significant challenges that you faced to 'scale' security, and how did you address them? 🤔

15 days ago

ShuningCommunity Manager

Workshops

Create Your First Threat Model Using a SpreadsheetRecording

About this workshopIn this workshop, you’ll learn the basics of threat modeling and apply the knowledge to create a threat model following six steps right in a spreadsheet. The six-step spreadsheet template is based on the STRIDE framework, one of the most popular security threat modeling methodologies.Agenda Recording Template, Written Guide, Slide Deck About the workshop leaderAgenda Introduction to Threat Modeling What’s threat modeling Threat Modeling classification: STRIDE Threat Modeling elements Threat Modeling process: the four-question framework Applying STIDE to Threat Modeling elements Cloud Threat Modeling Demo: using the six-step spreadsheet template to create a threat model for a two-tier web application Recording Template, Written Guide, Slide DeckTemplate: https://docs.google.com/spreadsheets/d/1AbouySzNorXs7sXwnMkZYkGdWeKESnJtKK_JfiTXBIE/edit?usp=sharing Written guide for how to use this template Slide deck in the attachment About the w

6022

16 days ago

mvidhi2011Level 1

General Discussion

how to join the Continuous Security: Leverage Incremental Threat Modeling

Can you share the link to how to join this meeting ? I only see Continuous Security: Leverage Incremental Threat Modeling this link but it does not show how to join the meeting

22 days ago

ShuningCommunity Manager

Welcome & Announcements

Recap on ThreatModCon 2023: The First Threat Modeling Conference Ever!

About this time last year, Threat Modeling Connect was born. With a mission to bring threat modeling to everyone, we are a community that brings like-minded individuals to learn, share, and collaborate on their threat modeling journeys. It was hard to believe within less than a year, we launched ThreatModCon - the first and only Threat Modeling Conference in the industry.It was an absolute blast seeing our community come together for a day of threat modeling feast. We wanted to give you a quick rundown of all the awesomeness that went down at this event!With a completely sold-out event, we entered the conference with a packed house and over 130 threat modeling practitioners from all over the world. We had two tracks with 12 mind-blowing sessions covering everything from the purpose and scope of threat modeling to the technical nitty-gritty. It was a deep dive into the art and science of threat modeling. But it wasn't just about the sessions. ThreatModCon 2023 was all about building con

1621

27 days ago

cramirezLevel 3

General Discussion

Birds of a Feather sessions at ThreatModCon 2023

Greetings ThreatModelingConnect Community, ThreatModCon 2023 is fast approaching (https://www.threatmodelingconnect.com/events/threatmodcon-2023-38)! As part of the conference, we're planning to host several Birds of a Feather (BoF) sessions during lunch. For those unfamiliar, BoF sessions are informal gatherings of like-minded individuals to discuss topics or common issues encountered without a pre-planned agenda. We wanted to reach out to the community for feedback on what topics/issues you would be interested in discussing at ThreatModCon 2023.

1 month ago

Bill JacobsLevel 1

General Discussion

STRIDE-LM?

9 hours ago

Bill JacobsLevel 1

General Discussion

False positives

2 days ago

DaveLevel 4

General Discussion

(POLL) To DFD or not to DFD?

14 days ago

mvidhi2011Level 1

General Discussion

how to join the Continuous Security: Leverage Incremental Threat Modeling

Can you share the link to how to join this meeting ? I only see Continuous Security: Leverage Incremental Threat Modeling this link but it does not show how to join the meeting

22 days ago

wgildersleeveLevel 5

General Discussion

Best resources for becoming an expert Threat Modeller?

So I know the usual suspects, of course: @Adam Shostack's books, various YouTube channels (including from IriusRisk), the Threat Modelling Manifesto, and this forum..But let's say I want to become an "expert" in Threat Modelling… what can you recommend? Something on LinkedIn Learning, perhaps? Or by O'Reilly? Or is it simply a matter of getting up-to-speed on the primary literature and hands-on learning?

2 months ago

Paresh.keraiLevel 3

General Discussion

OSCAL: the Open Security Controls Assessment Language for IriusRisk

Hi Guys, Has anyone come across of using OSCAL security controls on IriusRisk or have experience? I would love to get some insights on that.Thanks

11 months ago

Categories

New to the community? Start here!

Latest posts

Threat modeling in Industry Standards

STRIDE-LM?

False positives

I want to Threat Model, but I don't know where to start.

(POLL) To DFD or not to DFD?

Scale Security

Create Your First Threat Model Using a SpreadsheetRecording

how to join the Continuous Security: Leverage Incremental Threat Modeling

Recap on ThreatModCon 2023: The First Threat Modeling Conference Ever!

Birds of a Feather sessions at ThreatModCon 2023

STRIDE-LM?

False positives

(POLL) To DFD or not to DFD?

how to join the Continuous Security: Leverage Incremental Threat Modeling

Best resources for becoming an expert Threat Modeller?

OSCAL: the Open Security Controls Assessment Language for IriusRisk

Categories

New to the community? Start here!

Latest posts

Create Your First Threat Model Using a SpreadsheetRecording

Join the community

Log in

Create your account

Scanning file for viruses.

This file cannot be downloaded