In this episode of the Threat Modeling Podcast, host Chris Romeo takes listeners on a journey through the intricate world of threat modeling. Joined by senior security consultant Gavin Klondike, the episode delves into Gavin's experiences and insights into threat modeling, particularly in the context of artificial intelligence and machine learning. Gavin shares a detailed case study, discussing methodologies, strengths, weaknesses, and the importance of holistic threat modeling processes. The conversation also highlights the challenges posed by large language models (LLMs), and Gavin provides a comprehensive threat model for LLM applications, exploring various vulnerabilities and mitigations.

Links for this episode:
The Threat Modeling blog post discussed during the episode.

danielmiessler.com

embracethered.com

aivillage.org

llmtop10.com

Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.

In this podcast episode, Nandita Rao Narla explores the reasons why privacy threat modeling programs often fail, such as being expensive with a lot of friction in the development lifecycle, misalignment with organizational strategies focused on compliance rather than risk, and difficulty demonstrating a clear return on investment. Nandita highlights some successful strategies, including leveraging existing security threat modeling resources, simplifying the approach for better adoption like Adam Shostack's four-question framework, aligning with organizational values and culture, and encouraging a mindset of considering what could go wrong. The role of tooling in privacy threat modeling is discussed, with most organizations currently not using many dedicated tools beyond data mapping and asset discovery, while larger companies with mature programs may utilize more advanced tooling. Ultimately, privacy threat modeling represents the next frontier, with a strong privacy program partnering with security threat modeling being the next generation approach.

Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.

Nandita Rao Narla introduces the basics of privacy in software. She discusses privacy threats, privacy threat modeling, and privacy by design. Suppose you write or handle software that touches user information. In that case, you need to understand privacy, how to assess and mitigate privacy concerns, and know when to implement privacy concerns into a design. This episode of the Threat Modeling Podcast is the perfect primer to raise awareness of the critical role privacy concerns should play in your next project.

Helpful Links:
Daniel J. Solove's "A Taxonomy of Privacy": https://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2074&context=faculty_publications

Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.