Monday Sep 25, 2023

#148 - Threat Modeling (with Adam Shostack)

On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask:

  1. What are we working on?
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good enough job?

Big thanks to our sponsor:

Risk3Sixty -

Adam Shostack's LinkedIn Profile -

Learn more about threat modeling by checking out Adam's books on threat modeling Threats: What Every Engineer Should Learn From Star Wars

Threat Modeling: Designing for Security Also check out the Threat Modeling Manifesto:



  • 00:00 Introduction
  • 06:02 The 4 Questions that allow you to measure twice cut once
  • 09:29 How Data Flow Diagrams help teams
  • 16:04 It's more than just looking at threats
  • 19:23 Chasing the most fluid thing or the most worrisome thing
  • 22:00 All models are wrong and some are useful
  • 26:25 Actionable Remediation
  • 31:05 LLMs and Threat Models

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2024 All rights reserved.

Podcast Powered By Podbean

Version: 20240320