Originally posted August 13, 2014.
In the fifth edition of the Exploring Information Security (EIS) podcast, I talk with J Wolfgang Goerlich, Vice President of Vio Point, about threat modeling.
Wolfgang has presented at many conference on the topic of threat modeling. He suggests using a much similar method of threat modeling that involves threat paths, instead of other methods such as a threat tree or kill chain. You can find him taking long walks and naps on Twitter (@jwgoerlich) and participating in several MiSec (@MiSec) projects and events.
In this interview Wolfgang covers:
- What is threat modeling?
- What needs to be done to threat model
- Who should perform the threat modeling
- Resources that can be used to build an effective threat model
- The life cycle of a threat model