Exploring Threat Modeling: A Deep Dive with MITRE's Tiffany Bergeron
The Shostack + Friends Blog recently featured an engaging and informative series titled Threat Informed Defense, which focuses on the critical topic of threat modeling utilizing the renowned ATT&CK framework from MITRE. This insightful series was led by Tiffany Bergeron, the Chief Architect at MITREs Mappings Program, and consists of four in-depth segments that dissect the nuances of threat modeling in current cybersecurity practices.
In this series, Tiffany Bergeron and her colleagues, including Kyle Wallace, shared their extensive knowledge and experience gathered from a recent virtual seminar at the RSA Conference, titled Building Resilient Systems. The discussions provide a valuable opportunity for cybersecurity professionals to gain a deeper understanding of threat modeling, an essential component in safeguarding systems against potential attacks. The introductory video sets the stage for an engaging exploration of various approaches to threat modeling, highlighting where the experts align in their views and where they diverge.
One of the standout aspects of this series is the recognition that many organizations find themselves in the early stages of threat modeling, often described as the 'crawl phase.' During this phase, organizations are eager to implement threat modeling strategies but frequently encounter challenges such as coordination difficulties and the complexities of advancing their threat models. As they navigate these hurdles, many organizations can struggle to maintain momentum, leading to setbacks after an initial surge of enthusiasm.
The series emphasizes the importance of having deep, meaningful conversations around threat modeling. Such discussions are crucial to developing a comprehensive understanding of how to effectively implement these strategies within an organization. These dialogues are taking place at the Center for Threat Informed Defense, an initiative dedicated to advancing the field of threat-informed defense through collaboration and knowledge sharing.
For those interested in viewing the series, its worth noting that finding the other three videos may require some navigation skills. Viewers should look for the menu located at the upper right corner of the first video, which features a small triangle icon that allows access to the subsequent segments.
