.jpg)
The Threat Modeling Podcast
Chris Romeo is going on a journey. A journey to understand threat modeling at the deepest levels. He thought he understood threat modeling but realized he could go deeper. Chris shares his findings and talks with some of the best-known experts in the space to experience continuous learning. Join along for the ride -- you will learn something.
Chris Romeo is the CEO of Devici (THE Threat Modeling Company) and a General Partner at Kerr Ventures.
The Threat Modeling Podcast
Nandita Rao Narla -- Privacy Threat Modeling Wins, Losses, and Tools
In this podcast episode, Nandita Rao Narla explores the reasons why privacy threat modeling programs often fail, such as being expensive with a lot of friction in the development lifecycle, misalignment with organizational strategies focused on compliance rather than risk, and difficulty demonstrating a clear return on investment. Nandita highlights some successful strategies, including leveraging existing security threat modeling resources, simplifying the approach for better adoption like Adam Shostack's four-question framework, aligning with organizational values and culture, and encouraging a mindset of considering what could go wrong. The role of tooling in privacy threat modeling is discussed, with most organizations currently not using many dedicated tools beyond data mapping and asset discovery, while larger companies with mature programs may utilize more advanced tooling. Ultimately, privacy threat modeling represents the next frontier, with a strong privacy program partnering with security threat modeling being the next generation approach.
Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.
