On 2025-01-23T08:00:00Z, we hosted the January Global Meetup with Caroline Wong. We explored the challenges of measuring success in threat modeling and shared insights on meaningful metrics and effective communications of value.
Replay
Key takeaways
Caroline discussed how to approach threat modeling metrics with practical strategies, including:
- Understanding the narrative behind your metrics to demonstrate impact. There isn’t one single pdf with “perfect metrics” applicable to every organization, unfortunately.
- Leveraging existing powerful frameworks (BISSM, OWASP SAMM) to create meaningful metrics.
- Effectively communicating the results to stakeholders outside of the security team.
View the full slides
Resources
Here are a few resources Caroline referred to during her session:
- BSIMM (Building Security In Maturity Model)
- OWASP SAMM (Software Assurance Maturity Model)
- Free Cybersecurity Course on Communicating Values
Q&A Highlights
After the presentation, Caroline hosted a Q&A session where she addressed questions from our community, such as:
- How do you measure or assess the adoption of Threat Modeling across the Development Lifecycle?
- How do you the output of threat modeling against the actual implemented security controls?
- How do metrics handle the ‘Cobra Effect’?
- What’s the benchmark for setting the success matrix for threat modeling programs?
- How do you promote the qualitative value of threat models in a world that focuses on quantitative measures?
Watch the full Q&A session:
Group Photo 
We had a packed room (or rather, two full screens 
) of members joining us today. Thank you to everyone who participated!
Next Global Meetup
Our next Global Meetup is scheduled for March, where we’ll be hosting a fully virtual GAME SESSION for the first time! Join us to play some of the most popular threat modeling games with fellow community members. Stay tuned for registration details coming in a few weeks.