Security Weekly Podcast Network (Audio) Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316
Feb 4, 2025
In this engaging discussion, Akira Brand, an AppSec leader at PRA Group, teams up with Sandy Carielli, a principal analyst at Forrester. They dive into the nuances of threat modeling, sharing successful strategies and the importance of collaboration among security and development teams. Topics include the impact of AI on security practices, practical documentation for risk quantification, and enhancing application security through effective threat modeling. The conversation also touches on CPU vulnerabilities and the need for sustainable tech practices.
AI Snips
Chapters
Transcript
Episode notes
Integrate Threat Modeling with Development
- Focus on integrating threat modeling with development teams.
- Prioritize making applications secure and addressing auditor requirements efficiently.
Prioritize Business Logic
- Threat modeling should prioritize business logic relevant to the roadmap.
- Generic vulnerabilities like XSS are less important if the features they're in aren't prioritized.
Lightweight Threat Modeling
- Threat modeling frameworks can be too heavy once teams grasp the core concepts.
- Instead, focus on understanding application purpose, potential threats, and their impact for effective prioritization.