Application Security PodCast

Chris Romeo and Robert Hurlbut

Chris and Robert deconstruct world-class Application Security experts, digging deep to find the tools, tactics, projects, and tricks that make them successful. Each episode begins with the guest's security origin story or how they got started in Application Security. Topics range from DevOps+security, secure coding, OWASP, threat modeling, security culture, and anything else they can think of regarding application security. Chris Romeo (@edgeroute) is the CEO of Security Journey, and Robert Hurlbut (@roberthurlbut) is a Threat Modeling Architect.

The Threat Modeling Manifesto – Part 1
Nov 17 2020
The Threat Modeling Manifesto – Part 1
This is part one of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. Our intention is to share a distilled version  of our collective threat modeling knowledge in a way that should inform, educate, and inspire other practitioners to adopt threat modeling as well as improve security and privacy during development.We developed this Manifesto after years of experience thinking about, performing, teaching, and developing the practice of, Threat Modeling. We have diverse backgrounds as industry professionals, academics, authors, hands-on experts, and presenters. We bring together varied perspectives on threat modeling. Our ongoing conversations, which focus on the conditions and approaches that lead to the best results in threat modeling, as well as how to correct when we fail, continue to shape our ideas.The working group of the Threat Modeling Manifesto consists of individuals with years of experience in threat modeling for security or privacy.Zoe BraitermanAdam ShostackJonathan MarcilStephen de VriesIrene MichlinKim WuytsRobert HurlbutBrook S.E. SchoenfieldFraser ScottMatthew ColesChris RomeoAlyssa MillerIzar TarandachAvi DouglenMarc FrenchOther episodes on threat modeling:Adam Shostack — Remote Threat ModelingKim Wuyts — Privacy Threat ModelingIzar Tarandach — Command line threat modeling with pytmStephen de Vries — Threat Modeling with a bit of #Startup