Hello everyone! I am Gagan Rajput. I’ve been involved in threat modeling for about 6 years now. I got started when I started working as an application security engineer for enterprise applications. Over time the scope has increased/changed to include complex products and infrastructures (cloud, on-premise) while I’ve transitioned into a security architect role. The proudest moment for me in threat modeling was while working with a mature product team they themselves floated the idea of including the process of threat modeling into their code (threat modeling as code) while it was still in its nascent stage in the industry.
These days my challenges with threat modeling have evolved from how to threat model a specific system to designing different tiers of threat modeling processes for different tiers of teams (based on developer maturity, security hygiene, etc.), figuring out how to scale our processes and how to spread education/awareness about threatmodeling in more efficient ways.
4 Likes