Lessons From the Threat Modeling Trenches

Explore lessons learned from building threat modeling practices across multiple organizations in this 52-minute conference talk by Brook Schoenfield, Principal Architect Product Security at McAfee. Gain insights from hundreds of students, years of coaching, numerous formal trainings, and thousands of threat models. Discover how threat modeling can reduce design errors and challenge conventional wisdom in application security. Learn about the importance of inclusivity, team collaboration, and allowing threat modeling to evolve within organizations. Examine the progression of threat modeling through different stages and its impact on prioritization, trust, architecture, and governance. Acquire valuable takeaways for implementing effective threat modeling practices and access resources for further learning in this OWASP Foundation presentation.

Introduction
Threat Modeling
My Experience
I Built
Threat Modeling Definition
Why is Threat Modeling Important
Design Misses
The Old Guard
Security becomes synonymous with no
Can you be different
Threat modeling becomes part of the woodwork
Its a team sport
Make it inclusive
Let it breathe and grow
Meltdown
Bronze Age
Iron Age
Crystal Ball
Prioritize
Trust
Architecture
Governance
Decentralization
Design Problem
Takeaways
Selfpromotion
Threat Modeling Library
Resources
CBS
Impacts