Threat Modeling Where do I Start?

Single most common question I get from Developers


In order to run, you need to learn to walk. For an organization / group to understand and use Threat Modeling, they need to know where to start.


  1. What are some guidelines could we provide to help teams get started?
  2. What tools do they need?
  3. What people should be involved?
  4. For starting threat modeling on existing project/codebase - how to start without the need to cover everything (a bit similar to introducing tests to legacy software, but not quite).


  • developers
  • architects
  • security SMEs
  • SCRUM masters
  • security champions

Back to list of all Working Sessions and Tracks

Edit this page here