Security Weekly Podcast Network (Audio)

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316

Feb 4, 2025

In this engaging discussion, Akira Brand, an AppSec leader at PRA Group, teams up with Sandy Carielli, a principal analyst at Forrester. They dive into the nuances of threat modeling, sharing successful strategies and the importance of collaboration among security and development teams. Topics include the impact of AI on security practices, practical documentation for risk quantification, and enhancing application security through effective threat modeling. The conversation also touches on CPU vulnerabilities and the need for sustainable tech practices.

01:11:39

Creator website

Episode guests

Sandy Carielli

Akira Brand

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Effective threat modeling should prioritize actionable steps and collaboration with development teams to enhance application security.

Integrating threat modeling into agile processes fosters timely security discussions, allowing developers to address risks organically.

Simplified, question-driven threat modeling approaches are recommended to empower developers while ensuring compliance with security standards.

Deep dives

Evolving Threat Modeling Practices

Threat modeling has traditionally relied on a simplistic checklist approach that often renders it ineffective and unengaging for development teams. This podcast discusses the shift towards more dynamic and integrated threat modeling frameworks, emphasizing the importance of actionable steps rather than just completing forms. By focusing on collaboration with development teams and ensuring the threat model aligns with business objectives, organizations can create a more secure application environment. The discussion highlights the transition from a two-question model to a more nuanced four-question framework, promoting better discussions around potential risks and their mitigations.

Intro

4min

Rethinking Threat Modeling

21min

Effective Threat Documentation and Risk Quantification

3min

Navigating Threat Modeling in Development

8min

Enhancing Application Security Through Effective Threat Modeling

3min

Navigating AI and Security Protocols

16min

Unveiling CPU Vulnerabilities and Security Challenges

12min

Enhancing Efficiency and Eco-Friendly Practices in Technology

4min

Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares what she's learned from talking to orgs about what's been successful, and what's failed, when they've approached this practice. Akira Brand joins to talk about her direct experience with building threat models with developers.

Speculative data flow attacks demonstrated against Apple chips with SLAP and FLOP, the design and implementation choices that led to OCSP's demise, an appsec angle on AI, updating the threat model and recommendations for implementing OAuth 2.0, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-316

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Weekly Podcast Network (Audio)

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolving Threat Modeling Practices

Integrating Threat Modeling in Development

Challenges with Current Frameworks

The Importance of Actionable Outcomes

Building Security Awareness Among Developers

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Weekly Podcast Network (Audio)

Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Evolving Threat Modeling Practices

Integrating Threat Modeling in Development

Challenges with Current Frameworks

The Importance of Actionable Outcomes

Building Security Awareness Among Developers

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights