John discusses some of the foundational principles
of Threat Modeling
We talk about why threat modeling is like your time in high
We discuss why threat modeling is such an incredibly important
tool to the enterprise
John gives us some nuggets of his experience with threat
modeling enterprise applications
John Steven ( @m1splacedsoul ) - John Steven is the
Internal CTO at Cigital with over a decade of hands-on experience
in software security. John’s expertise runs the gamut of software
security from threat modeling and architectural risk analysis,
through static analysis (with an emphasis on automation), to
security testing. As a consultant, John has provided strategic
direction as a trusted advisor to many multi-national corporations.
John’s keen interest in automation keeps Cigital technology at the
cutting edge. He has served as co-editor of the Building Security
In department of IEEE Security & Privacy magazine, speaks with
regularity at conferences and trade shows, and is the leader of the
Northern Virginia OWASP chapter. John holds a B.S. in Computer
Engineering and an M.S. in Computer Science both from Case Western
John is known for his in-depth work in software security, his
expertise in the field of threat modeling, and his snarkcasm. If
you don't follow John on Twitter or haven't attended one of the
talks he's been known to give occasionally - I recommend you do
Take a step outside the echo chamber - gain some perspective and context.
Welcome to one of the longest-running cybersecurity focused podcasts in existence. Here we talk real problems, real solutions, and make real big fun of ridiculous things. This show is part ideation, part "get off my lawn", and always a chuckle.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit