by threatmodeler | Dec 2, 2022 | Blog
Threat modeling is an effective process for identifying and prioritizing threats and recommending mitigations for software-based systems. In a world with so many cyber threats, that’s not a bad thing. So, why hasn’t threat modeling been more widely adopted? And is a...
by threatmodeler | Apr 11, 2022 | Blog
There’s little disagreement that security should be baked into every step of the DevOps lifecycle. In fact, there’s even a name for it: DevSecOps. So, why isn’t its adoption more widespread? Well, as things turn out, there are quite a few challenges to DevOps...
by threatmodeler | Oct 8, 2020 | Attack Surface Analysis, AWS, CISO, Cloud security, security controls
The move to cloud poses unique challenges as organizations adapt to securing infrastructure as code for all applications, while being prepared to secure brave new features such as containers, microservices and automatic scaling. Threat modeling, traditionally a manual...
by threatmodeler | Jun 2, 2020 | Attack Surface Analysis, AWS, AWS Security Epics Automated, CISO, DevOps, DevSecOps
By Michael Vizard The best cybersecurity defense is always applied in layers. If one line of defense fails, the next should be able to thwart an attack and so on. That same, tried and true, security in depth concept applies to DevOps as responsibility for...
by threatmodeler | May 21, 2020 | Attack Surface Analysis, AWS, CISO, Cloud security, DevSecOps
There is a consensus emerging demanding developers to assume more responsibility for security as more organizations embrace best DevSecOps practices and move to the cloud. The trouble is, most organizations aren’t providing the guidance and tools developers need to...
