What is the connection between threat modeling and product development? How can you apply lean product management and focus on understanding the user's needs while still threat modeling? Prepare to explore product-led threat modeling.

The conversation delves into the importance of taking responsibility for security and using the language of the teams being influenced. Michal shares his process for conducting a threat modeling session, including using rapid risk assessment and STRIDE methodologies, building a threat library, and utilizing cookbooks for different technological approaches.

Throughout the episode, Chris and Michal provide valuable insights and best practices for incorporating threat modeling into product development, emphasizing the importance of collaboration and communication between product managers, architects, and technical leaders. Listeners will come away with a deeper understanding of how to approach threat modeling that aligns with the user's needs and the product's goals.

Key takeaways:

1. Threat modeling can be integrated into the product management approach to understand better the needs of the user and design mitigations for security risks

2. The problem space and solution space are terms from lean product management that can be applied to threat modeling

3. Responsibility for security should be taken by the product manager or owner

4. Rapid risk assessment and STRIDE methodology can be used to identify and prioritize threats

5. Cookbooks for different technological approaches can be used as references for solving security problems

6. Smart threat modeling builders use the language of the teams they are trying to influence

7. The product manager must be in the habit of saying it's my problem, not someone else's.

Welcome to Smart Threat Modeling. Devici makes threat modeling simple, actionable, and scalable. Identify and deal with threats faster than ever. Build three free models and collaborate with up to ten people in our Free Forever plan. Get started at devici.com and threat model for free! Smart threat modeling for development teams.