STRIDE Threat Modeling for Beginners - In 20 Minutes

Happy to help!

It's been a game changer when working with developers and explaining threat modeling to them.

Glad to hear it! That's why I made this. When I first started out with threat modeling, I was in the same situation and noticed how few people actually show their process and instead focus on "tools" that felt ultimately unhelpful. Hope your session goes well.

Thank you!

I don't want to make a whole video on PASTA since I haven't used it enough. PASTA is more geared towards internal teams and has you work with your dev/systems steams more closely. It needs to be more ingrained in the planning process. But it is great!

Glad it was helpful!

This is actually a really great question. Sometimes you can over automate things. I don't like the MS tool because unless you're seasoned and have the tool configured properly, it's overwhelming and ultimately unhelpful. You need to spend so much more time getting the tool set properly to make your threat models useful. I don't recommend it unless you already know what you're doing.

That's a good question! I actually don't know the answer to that. I think I would start by segmenting off the environment like normal, then make sure to include mutual authentication and allow list authorization into my trust requirements. If any component didn't enforce those two things in every part of each segment, then I'd flag that as a new vulnerability to be remediated.
This is why I like standard security patterns that you can enforce internally. That way, there is no guessing. "Doesn't authenticate through our standard process? Vulnerability, remediate it immediately."

That's a good point. It's there, but not labeled as the completed threat model. It's the aivillage link. I will update the description.

We can message on here. What can I help you with?