Adam Shostack: An Examination of Threat Modeling

Cyber security professional Adam Shostack has helped to define the process of threat modeling, having not only been responsible for Microsoft’s approach, providing comprehensive threat modeling training, services, and solutions to client-organizations since 2016, and Adam Shostack is also the author of “Threat Modeling: Designing for Security;” the practical guide that lays out how to do threat modeling throughout the security development lifecycle.

A noted expert and author on the subject of threat modeling, Adam Shostack defined the four-step framework used to threat mode today. Those are:

  • What are we working on? This is important to ground threat modeling work and scope it to what can be addressed.  It’s also an important collaboration between security professionals and others working on the product or service.
  • What can go wrong? This key step is focused on bringing security knowledge to the analysis of a specific system.
  • What are we going to do about it? Once a list of potential problems is available, it’s important to address those problems!
  • Did we do a good job? Take a look at what’s been done, and assess if you’re satisfied and confident.

To know more go through Adam Shostack – Founder & CEO @ Stealth Startup | Crunchbase

Author: adamshostack

Adam Shostack is grateful for the opportunity to have served on the Seattle Privacy Coalition Board since 2015.Entrepreneur and technologist Adam Shostack focuses on providing customers with expert security analysis and solutions that work to improve security outcomes for their organizations

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s