Brook Schoenfield Discusses Threat Modeling and Secure Design


Inner Circle Podcast Episode 028

Brook Schoenfield, Master Security Architect and Director of Advisory Services for IOActive, joins me for this week’s episode of the Inner Circle podcast.

We talk about the focus of the cybersecurity industry on vulnerability management and incident response, and why that reactive approach may not be the most effective way to address security issues. Brook talks about the importance of threat modeling and secure design to build better, more secure, more resilient software in the first place.

Understanding that–even with threat modeling and secure design–there is no such thing as invulnerable software, we also talk about the importance of the feedback loop and the ability to refine the threat model over time.

The concept of threat modeling and the idea that the software development lifecycle (SDLC) should be built around secure design are not new. Since developers started writing code, there have been cybersecurity experts pointing out that it would be better if security were considered and woven in from the start rather than tacked on after an application is developed.

Listen to this episode of the Inner Circle podcast and please share your thoughts and questions in the comments below.


About Author

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 1 rabbit, 2 ferrets, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

Comments are closed.