Inner Circle podcast hosted by Tony Bradley TechSpective

Brook Schoenfield Discusses Threat Modeling and Secure Design

Inner Circle Podcast Episode 028

Brook Schoenfield, Master Security Architect and Director of Advisory Services for IOActive, joins me for this week’s episode of the Inner Circle podcast.

We talk about the focus of the cybersecurity industry on vulnerability management and incident response, and why that reactive approach may not be the most effective way to address security issues. Brook talks about the importance of threat modeling and secure design to build better, more secure, more resilient software in the first place.

Understanding that–even with threat modeling and secure design–there is no such thing as invulnerable software, we also talk about the importance of the feedback loop and the ability to refine the threat model over time.

The concept of threat modeling and the idea that the software development lifecycle (SDLC) should be built around secure design are not new. Since developers started writing code, there have been cybersecurity experts pointing out that it would be better if security were considered and woven in from the start rather than tacked on after an application is developed.

Listen to this episode of the Inner Circle podcast and please share your thoughts and questions in the comments below.

Scroll to Top