John discusses some of the foundational principles
of Threat Modeling
We talk about why threat modeling is like your time in high
We discuss why threat modeling is such an incredibly important
tool to the enterprise
John gives us some nuggets of his experience with threat
modeling enterprise applications
John Steven ( @m1splacedsoul ) - John Steven is the
Internal CTO at Cigital with over a decade of hands-on experience
in software security. John’s expertise runs the gamut of software
security from threat modeling and architectural risk analysis,
through static analysis (with an emphasis on automation), to
security testing. As a consultant, John has provided strategic
direction as a trusted advisor to many multi-national corporations.
John’s keen interest in automation keeps Cigital technology at the
cutting edge. He has served as co-editor of the Building Security
In department of IEEE Security & Privacy magazine, speaks with
regularity at conferences and trade shows, and is the leader of the
Northern Virginia OWASP chapter. John holds a B.S. in Computer
Engineering and an M.S. in Computer Science both from Case Western
John is known for his in-depth work in software security, his
expertise in the field of threat modeling, and his snarkcasm. If
you don't follow John on Twitter or haven't attended one of the
talks he's been known to give occasionally - I recommend you do
Take a step outside the echo chamber - gain some perspective and context.
Welcome to Cybersecurity: An immature industry where we mandate impossible-to-remember complex passwords that change every 30 days - and call that security. It's an industry where everyone is an expert, but no one's actually solved anything... weird right?
This show is focused on the many aspects of cybersecurity - from professional to leadership, technical to abstract. We look to entertain you while filling your brain with expertise and knowledge from all corners of our industry and beyond. You can expect security experts, policy professionals, and people from outside our own "security bubble" because frankly, our echo chamber needs some perspective.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit