Threat Modeling Insider

Threat Modeling Insider Newsletter

Delivering the latest Threat Modeling articles and tips straight to your mailbox.

The valuable insights of Threat Modeling experts

Our “Threat Modeling Insider” newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox.
It will bootstrap and elevate your security knowledge and threat modeling skills.

Previous editions include guest content from Adam Shostack, Tony UV, Fraser ‘zeroXten‘ Scott, Izar Tarandach, Geoff Hill, and many more. We provide curated articles on topics such as Microsoft’s threat modeling tool, Bruce Schneier on attack trees, and practical tips such as which diagramming tools to use.

We aim to make this a community driven newsletter and welcome your input or feedback. If you have content or pointers for the next edition, please share them with us.

Join thousands of readers that bootstrap and elevate threat modeling skills every month.
Do not miss our next edition, register to get it in your inbox every time!

Browse our Threat Modeling Insider catalogue

TMI newsletter 26

The AI Attack Surface Map

TMI newsletter 25

Developer-driven threat modeling at OutSystems

  • Developer-driven threat modeling at OutSystems, written by Rui Covelo
  • Book bites: “Threats: What Every Engineer Should Learn From Star Wars” by Adam Shostack
  • Threat Modeling talk by Sarah-Jane Madden: Introducing Threat Modeling to Established Teams
  • Threat Modeling Connect: A browse through the archives
  • Tips & tricks: Threat Modeling as Code with PyTM Written by Georges Bolssens and a new podcast on threat modeling!
  • Updates on upcoming Toreon training sessions

TMI newsletter 24

A deep dive into the 2023 Threat Modeling Connect Hackathon

TMI newsletter 23

Supply-Chain Security: Evaluation of Threats and Mitigations

  • Supply-Chain Security: Evaluation of Threats and Mitigations, a guest article by Hashimoto Waturu
  • Curated content: tips & tricks, Draw.io
  • Toreon blog post: The importance of accurate notes during threat model meetings by Cesar Peeters
  • Updates on upcoming Toreon training sessions

TMI newsletter 22

The Hitchhiker’s Guide for Failing Threat Modeling

TMI newsletter 21

Threat Modeling ICS & OT Landscapes, mind that gap, there’s a sharp EDGE!

TMI newsletter 20

Five tips to improve your threat models

TMI newsletter 19

The Role of Tooling in Threat Modeling

  • The Role of Tooling in Threat Modeling, by our guest blogger, Zoe Braiterman
  • Curated Content. “The Hybrid Approach to Threat Modeling”, a blog post by Chris Romeo, co-founder of Security Journey.
  • Curated content: How we’re creating a threat model framework that works for GitLab, a blog post by Mark Loveless, Security Engineer at GitLab.
  • “Threat Modeling Soft Skills”, a session with Sebastien Deleersnyder.
  • Toreon Tip: Creating Security Decision Trees with Graphviz, by Kelly Shortridge.
  • Updates on upcoming Toreon training sessions.

TMI newsletter 18

“Threat Modeling can be considered as fun as cooking a good PASTA meal. Part 2”

  • The second part of the interview on Risk-Centric Threat Modeling with Marco Mirko Morana, Executive Director and Head of Security Architecture at JP Morgan Chase Co;
  • Curated resources covering Open Security Summit session: “Threat modeling failure modes” and Horoscope as a Service – Using MITRE ATT&CK for threat modeling;
  • A Toreon blog post, Adapting risk calculations to your needs;
  • Tip of the month: Persona Non Grata, a threat generation technique;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 17

“Threat Modeling can be considered as fun as cooking a good PASTA meal.”

  • An interview on Risk-Centric Threat Modeling with Marco Mirko Morana, Executive Director and Head of Security Architecture at JP Morgan Chase Co;
  • Curated resources covering A mapping of STRIDE with OWASP ASVS and a publicly available threat model on SD WAN;
  • A Toreon blog post covering Examining attack trees and tooling;
  • Tip of the month: A tool to support threat modeling in a DevSecOps environment Threagile;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 16

“We need an army of threat modelers”

  • Interview with a specialist in security regulations for medical devices, Seth Carmody;
  • Curated resources covering Plot4ai and Machine Assisted Threat Modeling;
  • A Toreon blog post covering how Threat Modeling improves Pentesting;
  • Tip of the month: User stories and Threat Modeling;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 15

 Threat Modeling Benefits Everyone in the Dev Pipeline

  • A guest article by Ken Van Wyck covering “Threat Modeling Benefits Everyone in the Dev Pipeline”;
  • Curated resources covering Threat Modeling Medical Devices and Mozilla Rapid Risk Assessment;
  • A Toreon blog post covering Threat Modeling vs Pentesting;
  • Tip of the month: Continuous Threat Modeling;

TMI newsletter 14

The Self-Serve Threat Model

  • A guest article by Jeevan Singh covering “Threat Modeling Redefined: The Self-Serve Threat Model”;
  • Curated resources covering new standards from NIST and OWASP including threat modeling, and an ATT&CK-like Common Threat Matrix for CI/CD Pipelines;
  • A Toreon blog post covering 9 benefits of Threat Modeling;
  • Tip of the month: the OWASP Threat Dragon egg is hatching;
  • Our new Threat Modeling Practitioner hybrid learning journey.

TMI newsletter 13

Threat modeling: what are we modeling, exactly?

TMI newsletter 12

Keys to successful privacy threat modeling

  • A guest article by Kim Wuyts, postdoctoral researcher at imec-DistriNet, KU Leuven covering “Keys to successful privacy threat modeling”;
  • We donated our Threat Modeling Playbook to OWASP;
  • Curated resources covering “Wikipedia on Threat Modeling history” and “Threat modeling your CI/CD pipeline”;
  • Tip: Webinar “Ask me Anything on Threat Modeling“;
  • Updates on upcoming Toreon training sessions.

TMI newsletter 11

Threat Modeling definition of done

TMI newsletter 10

Scaling Up Threat Modeling

TMI newsletter 9

How often do living documents need to breathe ?

  • A guest article by Izar “Infosec Curmudgeon” Tarandach covering “How often do living documents need to breathe?” ;
  • Curated resources covering an awesome list of threat modeling resources and a blog on the upcoming ISO 21434 cybersecurity standard  for the automotive industry;
  • A Toreon trainer reports from the Archimedes conference;
  • Tip of the month: creating ‘evil personas’
  • Updates on upcoming Toreon training sessions.

TMI newsletter 8

Threat modeling: better caught than taught

TMI newsletter 7

Threatspec: make security assumptions visible

  • A guest article by Fraser Scott on “threat modeling as code” with the threatspec tool.
  • Curated resources covering “The Evolution of Threat Modeling” by Phil Zimmermann, and Adam Shostack’s talk at AppSecCali 2019 earlier this year.
  • Toreon article: “Setting up efficient threat model meetings.”
  • Tip of the month: New community edition released by IriusRisk.
  • Updates on upcoming Toreon training sessions.

TMI newsletter 6

The OWASP Threat Model project

TMI newsletter 5

Threat Modeling: Do it early, do it often, do it as a team

TMI newsletter 4

Scaling threat modeling with risk patterns

  • A guest article by Stephen de Vries, Continuum Security  “Scaling threat modeling with risk patterns”
  • How to use threat modeling as privacy by design technique?
  • Curated resources covering threat modeling as code, and MITRE ATT&CK
  • Tip of the month: “hi/5 newsletter”
  • Updates on upcoming Toreon training sessions

TMI newsletter 3

Threat models as a blueprint for attacks

  • A guest article by Tony UV, VerSprite “Threat Models as a Blueprint for Attack
  • Toreon presentation: How can you integrate threat modeling in your agile software development?
  • Curated resources covering OAuth 2.0, and the threat modeling toolkit
  • Tip of the month: “How to overcome diagramming writer’s block”
  • Updates on upcoming Toreon training sessions

TMI newsletter 2

Supercharge your threat modeling

  • A guest article by Geoff Hill, Tutamantic “How to supercharge your Threat Modeling
  • Tip of the month: the OWASP threat modeling slack channel
  • Toreon guide “threat modeling done right”
  • Curated resources from Carnegie Mellon University and Microsoft
  • Invitation to the Open Security Summit, featuring a threat modeling track
  • Updates on upcoming Toreon trainings

TMI newsletter 1

Changing the game

  • A guest article by Adam Shostack, “Changing the game on threat modeling
  • Our threat modeling tip of the month
  • A free threat modeling guide
  • Curated articles from Bruce Schneier and Avi Douglen
  • Updates on upcoming Toreon trainings
© 2020 door Toreon | Privacy & Cookie policy

Start typing and press Enter to search

Shopping Cart