Software Engineering Radio - the podcast for professional software developers

SE Radio 648: Matthew Adams on AI Threat Modeling and Stride GPT

Dec 27, 2024

Matthew Adams, Head of Security Enablement at Citi, dives into the revolutionary role of large language models like Stride GPT in threat modeling. He shares insights on the STRIDE methodology and the historical context of security frameworks. The conversation explores practical applications in web development, the need for contextual judgment in security measures, and overcoming challenges like AI hallucinations. Adams also discusses empowering small businesses through open-source tools and highlights the transformative potential of AI in incident response.

46:56

Creator website

Episode guests

Matthew Adams

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Threat modeling is essential for proactively identifying security risks early in the design phase to minimize costs and disruptions.

The use of large language models like Stride GPT significantly streamlines the threat modeling process, enhancing collaboration and efficiency in security assessments.

Deep dives

Understanding Threat Modeling

Threat modeling is a structured process aimed at identifying potential security risks and vulnerabilities within systems. It involves evaluating what could go wrong and how to address these issues to minimize their impact. The analogy of locking car doors when entering a dangerous area illustrates that threat modeling is a practice we often employ in everyday life, which can also be applied when developing systems. This approach encourages security professionals to balance risks with appropriate mitigations throughout the design process.

Intro

2min

Understanding Threat Modeling

10min

Evolving Threat Modeling: Stride and StrideGPT

10min

Navigating Security Recommendations with Contextual Judgment

2min

Mitigating Hallucinations in Generative AI Models

2min

Specificity and Security in Streamlit Applications

7min

Transforming Incident Response with AI

6min

Bridging Cybersecurity Gaps for SMBs

8min

Matthew Adams, Head of Security Enablement at Citi, joins SE Radio host Priyanka Raghavan to explore the use of large language models in threat modeling, with a special focus on Matthew's work, Stride GPT. The episode kicks off with an overview of threat modeling, its applications, and the stages of the development life cycle where it fits in. They then discuss the STRIDE methodology and strideGPT, highlighting practical examples, the technology stack behind the application, and the tool's inputs and outputs. The show concludes with tips and tricks for optimizing tool outputs and advice on other open source projects that utilize generative AI to bolster cybersecurity defenses. Brought to you by IEEE Computer Society and IEEE Software magazine.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Software Engineering Radio - the podcast for professional software developers

SE Radio 648: Matthew Adams on AI Threat Modeling and Stride GPT

Episode guests