Establishing Threat Modeling Practices in your SDLC

In this episode, Peter Maddison and David Sharrock discuss how to integrate threat modeling into the secure development lifecycle (SDLC) at scale. They cover the importance of shifting security practices left, and how to establish communication channels between development teams and security experts.

Key takeaways:

• Threat modeling is a security practice that involves identifying and mitigating potential threats to an organization's assets.
• Threat models should be created and maintained early in the SDLC, but don't need to be updated for every minor change.
• A mechanism for ongoing communication between developers and security professionals is essential for effective threat modeling.

Resources:

• Sooner Safer Happier   by Jonathan Smart - https://www.goodreads.com/en/book/show/50343488
• Larry Maccherone https://www.youtube.com/watch?v=EyS1kmmlA5Y
• Martin Fowler blog  https://martinfowler.com/articles/scaling-architecture-conversationally.html

 Whether you're diving into DevSecOps or just looking to get a handle on threat modeling at scale, this episode is a must-listen. Tune in now as Dave and Peter discuss how to future-proof your organization!