Threat Modeling Insider

Threat Modeling Insider

Threat Modeling Newsletter

Articles and tips in your mailbox

Our “Threat Modeling Insider” (TMI) newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox. It will bootstrap and elevate your security knowledge and threat modeling skills.

Previous editions include guest content from Adam Shostack, Tony UV, Fraser ‘zeroXten‘ Scott, Izar Tarandach, Geoff Hill, and many more. We also provide curated articles on topics such as Microsoft’s threat modeling tool, Bruce Schneier on attack trees, and practical tips such as which diagramming tools to use.

We aim to make this a community driven newsletter and welcome your input or feedback. If you have content or pointers for the next edition, please share them with us.

Enjoy our threat modeling newsletter archive below!

Threat modeling in 4 steps

TMI newsletter 14

The Self-Serve Threat Model

  • A guest article by Jeevan Singh covering “Threat Modeling Redefined: The Self-Serve Threat Model”;
  • Curated resources covering new standards from NIST and OWASP including threat modeling, and an ATT&CK-like Common Threat Matrix for CI/CD Pipelines;
  • A Toreon blog post covering 9 benefits of Threat Modeling;
  • Tip of the month: the OWASP Threat Dragon egg is hatching;
  • Our new Threat Modeling Practitioner hybrid learning journey.

TMI newsletter 13

Threat modeling: what are we modeling, exactly?

TMI newsletter 12

Keys to successful privacy threat modeling

  • A guest article by Kim Wuyts, postdoctoral researcher at imec-DistriNet, KU Leuven covering “Keys to successful privacy threat modeling”;
  • We donated our Threat Modeling Playbook to OWASP;
  • Curated resources covering “Wikipedia on Threat Modeling history” and “Threat modeling your CI/CD pipeline”;
  • Tip: Webinar “Ask me Anything on Threat Modeling“;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 11

Threat Modeling definition of done

TMI newsletter 10

Scaling Up Threat Modeling

TMI newsletter 9

How often do living documents need to breathe ?

  • A guest article by Izar “Infosec Curmudgeon” Tarandach covering “How often do living documents need to breathe?” ;
  • Curated resources covering an awesome list of threat modeling resources and a blog on the upcoming ISO 21434 cybersecurity standard  for the automotive industry;
  • A Toreon trainer reports from the Archimedes conference;
  • Tip of the month: creating ‘evil personas’
  • Updates on upcoming Toreon training sessions.

TMI newsletter 8

Threat modeling: better caught than taught

TMI newsletter 7

Threatspec: make security assumptions visible

  • A guest article by Fraser Scott on “threat modeling as code” with the threatspec tool.
  • Curated resources covering “The Evolution of Threat Modeling” by Phil Zimmermann, and Adam Shostack’s talk at AppSecCali 2019 earlier this year.
  • Toreon article: “Setting up efficient threat model meetings.”
  • Tip of the month: New community edition released by IriusRisk.
  • Updates on upcoming Toreon training sessions.

TMI newsletter 6

The OWASP Threat Model project

TMI newsletter 5

Threat Modeling: Do it early, do it often, do it as a team

TMI newsletter 4

Scaling threat modeling with risk patterns

  • A guest article by Stephen de Vries, Continuum Security  “Scaling threat modeling with risk patterns”
  • How to use threat modeling as privacy by design technique?
  • Curated resources covering threat modeling as code, and MITRE ATT&CK
  • Tip of the month: “hi/5 newsletter”
  • Updates on upcoming Toreon training sessions

TMI newsletter 3

Threat models as a blueprint for attacks

  • A guest article by Tony UV, VerSprite “Threat Models as a Blueprint for Attack
  • Toreon presentation: How can you integrate threat modeling in your agile software development?
  • Curated resources covering OAuth 2.0, and the threat modeling toolkit
  • Tip of the month: “How to overcome diagramming writer’s block”
  • Updates on upcoming Toreon training sessions

TMI newsletter 2

Supercharge your threat modeling

  • A guest article by Geoff Hill, Tutamantic “How to supercharge your Threat Modeling
  • Tip of the month: the OWASP threat modeling slack channel
  • Toreon guide “threat modeling done right”
  • Curated resources from Carnegie Mellon University and Microsoft
  • Invitation to the Open Security Summit, featuring a threat modeling track
  • Updates on upcoming Toreon trainings

TMI newsletter 1

Changing the game

  • A guest article by Adam Shostack, “Changing the game on threat modeling
  • Our threat modeling tip of the month
  • A free threat modeling guide
  • Curated articles from Bruce Schneier and Avi Douglen
  • Updates on upcoming Toreon trainings
© 2020 door Toreon | Privacy & Cookie policy

Start typing and press Enter to search

Shopping Cart
Copy link
Powered by Social Snap