This Lunch-and-Learn series provides an essential introduction to threat modelling, equipping participants with tools to identify vulnerabilities early, ensuring cost-effectiveness and regulatory compliance. We delve into Adam Shostack’s Four Questions framework and other methodologies to establish common language and consistent risk reporting across teams. Through the course, we underscore the importance of focusing on outcomes, rather than documentation, and we highlight that threat modelling is an ongoing process. Practical tips on initiating threat modelling, stakeholder involvement, scope definition, and use of Data Flow Diagrams are also provided.
Threat Modelling & the Four Questions Framework
Threat Modelling Methodologies
Best Practices in Threat Modelling
Conclusion
Cole is a renowned figure in the Australian Application Security scene. An active OWASP contributor and sought-after speaker, Cole has spearheaded significant AppSec programs globally. In addition to leading Galah, he hosts the Secured podcast and authors influential security-focused articles.