Threat Modeling Insider

Threat Modeling Insider Newsletter

Delivering the latest Threat Modeling articles and tips straight to your mailbox.

The valuable insights of Threat Modeling experts

Our “Threat Modeling Insider” (TMI) newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox. It will bootstrap and elevate your security knowledge and threat modeling skills.

Previous editions include guest content from Adam Shostack, Tony UV, Fraser ‘zeroXten‘ Scott, Izar Tarandach, Geoff Hill, and many more. We also provide curated articles on topics such as Microsoft’s threat modeling tool, Bruce Schneier on attack trees, and practical tips such as which diagramming tools to use.

We aim to make this a community driven newsletter and welcome your input or feedback. If you have content or pointers for the next edition, please share them with us.

Browse our Threat Modeling Insider catalogue

TMI newsletter 17

“Threat Modeling can be considered as fun as cooking a good PASTA meal.”

  • An interview on Risk-Centric Threat Modeling with Marco Mirko Morana, Executive Director and Head of Security Architecture at JP Morgan Chase Co;
  • Curated resources covering A mapping of STRIDE with OWASP ASVS and a publicly available threat model on SD WAN;
  • A Toreon blog post covering Examining attack trees and tooling;
  • Tip of the month: A tool to support threat modeling in a DevSecOps environment Threagile;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 16

“We need an army of threat modelers”

  • Interview with a specialist in security regulations for medical devices, Seth Carmody;
  • Curated resources covering Plot4ai and Machine Assisted Threat Modeling;
  • A Toreon blog post covering how Threat Modeling improves Pentesting;
  • Tip of the month: User stories and Threat Modeling;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 15

 Threat Modeling Benefits Everyone in the Dev Pipeline

  • A guest article by Ken Van Wyck covering “Threat Modeling Benefits Everyone in the Dev Pipeline”;
  • Curated resources covering Threat Modeling Medical Devices and Mozilla Rapid Risk Assessment;
  • A Toreon blog post covering Threat Modeling vs Pentesting;
  • Tip of the month: Continuous Threat Modeling;

TMI newsletter 14

The Self-Serve Threat Model

  • A guest article by Jeevan Singh covering “Threat Modeling Redefined: The Self-Serve Threat Model”;
  • Curated resources covering new standards from NIST and OWASP including threat modeling, and an ATT&CK-like Common Threat Matrix for CI/CD Pipelines;
  • A Toreon blog post covering 9 benefits of Threat Modeling;
  • Tip of the month: the OWASP Threat Dragon egg is hatching;
  • Our new Threat Modeling Practitioner hybrid learning journey.

TMI newsletter 13

Threat modeling: what are we modeling, exactly?

TMI newsletter 12

Keys to successful privacy threat modeling

  • A guest article by Kim Wuyts, postdoctoral researcher at imec-DistriNet, KU Leuven covering “Keys to successful privacy threat modeling”;
  • We donated our Threat Modeling Playbook to OWASP;
  • Curated resources covering “Wikipedia on Threat Modeling history” and “Threat modeling your CI/CD pipeline”;
  • Tip: Webinar “Ask me Anything on Threat Modeling“;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 11

Threat Modeling definition of done

TMI newsletter 10

Scaling Up Threat Modeling

TMI newsletter 9

How often do living documents need to breathe ?

  • A guest article by Izar “Infosec Curmudgeon” Tarandach covering “How often do living documents need to breathe?” ;
  • Curated resources covering an awesome list of threat modeling resources and a blog on the upcoming ISO 21434 cybersecurity standard  for the automotive industry;
  • A Toreon trainer reports from the Archimedes conference;
  • Tip of the month: creating ‘evil personas’
  • Updates on upcoming Toreon training sessions.

TMI newsletter 8

Threat modeling: better caught than taught

TMI newsletter 7

Threatspec: make security assumptions visible

  • A guest article by Fraser Scott on “threat modeling as code” with the threatspec tool.
  • Curated resources covering “The Evolution of Threat Modeling” by Phil Zimmermann, and Adam Shostack’s talk at AppSecCali 2019 earlier this year.
  • Toreon article: “Setting up efficient threat model meetings.”
  • Tip of the month: New community edition released by IriusRisk.
  • Updates on upcoming Toreon training sessions.

TMI newsletter 6

The OWASP Threat Model project

TMI newsletter 5

Threat Modeling: Do it early, do it often, do it as a team

TMI newsletter 4

Scaling threat modeling with risk patterns

  • A guest article by Stephen de Vries, Continuum Security  “Scaling threat modeling with risk patterns”
  • How to use threat modeling as privacy by design technique?
  • Curated resources covering threat modeling as code, and MITRE ATT&CK
  • Tip of the month: “hi/5 newsletter”
  • Updates on upcoming Toreon training sessions

TMI newsletter 3

Threat models as a blueprint for attacks

  • A guest article by Tony UV, VerSprite “Threat Models as a Blueprint for Attack
  • Toreon presentation: How can you integrate threat modeling in your agile software development?
  • Curated resources covering OAuth 2.0, and the threat modeling toolkit
  • Tip of the month: “How to overcome diagramming writer’s block”
  • Updates on upcoming Toreon training sessions

TMI newsletter 2

Supercharge your threat modeling

  • A guest article by Geoff Hill, Tutamantic “How to supercharge your Threat Modeling
  • Tip of the month: the OWASP threat modeling slack channel
  • Toreon guide “threat modeling done right”
  • Curated resources from Carnegie Mellon University and Microsoft
  • Invitation to the Open Security Summit, featuring a threat modeling track
  • Updates on upcoming Toreon trainings

TMI newsletter 1

Changing the game

  • A guest article by Adam Shostack, “Changing the game on threat modeling
  • Our threat modeling tip of the month
  • A free threat modeling guide
  • Curated articles from Bruce Schneier and Avi Douglen
  • Updates on upcoming Toreon trainings
© 2020 door Toreon | Privacy & Cookie policy

Start typing and press Enter to search

Shopping Cart
Copy link
Powered by Social Snap