So I know the usual suspects, of course:
But let's say I want to become an "expert" in Threat Modelling… what can you recommend? Something on LinkedIn Learning, perhaps? Or by O'Reilly?Â
Or is it simply a matter of getting up-to-speed on the primary literature and hands-on learning?
What’s that joke about how do you get to the Carnegie Hall?
After you go over all the sources - threat model, threat model, threat model some more.Â
+1
Crowd-sourcing is always a good mean to leverage common wisdom, therefore recommending this as a central resource:Â hysnsec/awesome-threat-modelling: A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review. (github.com)
Other than that -practice, practice, practice, ...
Practice, practice, practice! Yes getting hands-on as well as reading the primary literature are the go to activities when it comes to becoming a seasoned Threat modelling professional. Also to add to the mix, collaborate amongst your peers either at work or at topical events as this will invariably provide you with valuable insight into the complexities of this and surrounding areas of Threat modelling.
Crowd-sourcing is always a good mean to leverage common wisdom, therefore recommending this as a central resource:Â hysnsec/awesome-threat-modelling: A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review. (github.com)
Other than that -practice, practice, practice, ...
Good stuff! I wasn't familiar with the repository of info--very useful!
But yeah, practice, practice, practice.
What’s that joke about how do you get to the Carnegie Hall?
After you go over all the sources - threat model, threat model, threat model some more.Â
Agreed, nothing beats experience!
I have the same opinion. Practice, Practice and keep Practicing. I suggest you look to others in your community (local security chapters like OWASP, etc) and ask what they are doing and how they go about it. The key is to network, learn from others and just keep threat modeling.Â
Historical:
https://seclab.cs.ucdavis.edu/projects/history/papers/ande72a.pdf
https://apps.dtic.mil/sti/pdfs/ADA392777.pdf
https://csrc.nist.gov/files/pubs/conference/1991/10/01/proceedings-14th-national-computer-security-confer/final/docs/1991-14th-ncsc-proceedings-vol-2.pdf (pages 572-581)
Â
Related Practices:
Other not specific TM resources:
Not a member yet? Become a member to join forum discussions, participate in community events and apply to write articles.
Create an accountEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
