Getting Started

Regardless of methodology, all threat modeling revolves around four questions:

1. What are we working on?
2. What can go wrong?
3. What are we going to do about it?
4. Did we do a good enough job?

There is no shortage of excellent resources on how to work through these questions in practice. Rather than repeating what others have already written well, here are some we recommend:

• Threat Modeling Manifesto - A good starting point if you want to understand the values and principles behind threat modeling
• Agile Threat Modelling - If you want a concrete walkthrough of how to run a threat modeling session
• Shostack's Four Question Framework - If you want to go deeper on the four questions and the thinking behind them

When to threat model

The short answer: early and often.

• New systems or services - Before you start building, not after
• Significant changes - New integrations, architecture changes, new data flows
• Regularly - As part of your development lifecycle, not just at project kickoff

Threat modeling does not have to be a big event. Even a short, focused session with the right people can surface critical issues that would otherwise go unnoticed.

Who should be involved?

Threat modeling works best as a team activity. The people who build and operate the system are the ones who understand it best. Involve anyone who can contribute to answering the four questions above.

Need help getting started?

See our Getting Help page for how to get help with threat modeling.