Threat Modeling Insights

Practical guidance on threat modeling, application security, and managing cybersecurity risk — from practitioners who do this every day.

Threat Modeling
7 min read

How Threat Modelling Could Have Saved LastPass

The LastPass breach is a textbook case of underestimated business risk. A proper threat model done up front would have surfaced the exact vulnerabilities that led to one of the most damaging password manager incidents on record.

9 February 2023
Threat Modeling
4 min read

What Are the Benefits of a Threat Model?

Threat modelling solves the problem of knowing where to stop with security, where to invest effort, and how to get engineering and security teams working from the same page.

21 October 2022
Threat Modeling
5 min read

Six Steps to Get Your Threat Model Started

Threat modelling does not need to be complicated. Here are six practical steps to run your first session and produce a model your team will actually use.

6 October 2022
Security Strategy
6 min read

Stop Elevation of Privilege Threats with Defence in Depth

23 February 2023
Threat Modeling
4 min read

How to Draw Out Risk in a Threat Model

9 December 2022
Security Strategy
5 min read

How to Improve Your Company's Security Culture

17 November 2022
Threat Modeling
4 min read

My Guide to STRIDE

3 November 2022
Security Strategy
4 min read

How to Think About Risk

22 September 2022
Security Strategy
4 min read

The Fallacy of Perfection

22 April 2022
Security Strategy
4 min read

What Does Good Security Look Like?

25 March 2022
Security Strategy
5 min read

Risk-Driven Security Is Better Security

16 March 2022