John discusses some of the foundational principles
of Threat Modeling
We talk about why threat modeling is like your time in high
We discuss why threat modeling is such an incredibly important
tool to the enterprise
John gives us some nuggets of his experience with threat
modeling enterprise applications
John Steven ( @m1splacedsoul ) - John Steven is the
Internal CTO at Cigital with over a decade of hands-on experience
in software security. John’s expertise runs the gamut of software
security from threat modeling and architectural risk analysis,
through static analysis (with an emphasis on automation), to
security testing. As a consultant, John has provided strategic
direction as a trusted advisor to many multi-national corporations.
John’s keen interest in automation keeps Cigital technology at the
cutting edge. He has served as co-editor of the Building Security
In department of IEEE Security & Privacy magazine, speaks with
regularity at conferences and trade shows, and is the leader of the
Northern Virginia OWASP chapter. John holds a B.S. in Computer
Engineering and an M.S. in Computer Science both from Case Western
John is known for his in-depth work in software security, his
expertise in the field of threat modeling, and his snarkcasm. If
you don't follow John on Twitter or haven't attended one of the
talks he's been known to give occasionally - I recommend you do
Security. Some assembly required.
Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.
This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los