This talk was recorded at NDC Manchester in Manchester, England. 
#ndcmanchester #ndcconferences #developer #softwaredeveloper    

Attend the next NDC conference near you: 
https://ndcconferences.com
https://ndcmanchester.com/

Subscribe to our YouTube channel and learn every day:   
/            @NDC 

Follow our Social Media!

https://www.facebook.com/ndcconferences
https://twitter.com/NDC_Conferences
https://www.instagram.com/ndc_conferences/

#applicationsecurity 

Threat modeling is often presented as an essential security practice, but rarely does anyone discuss when to declare a threat model "done", because the uncomfortable truth is that it never really is. This talk explores the paradox at the heart of threat modeling: while threats continuously evolve and systems constantly change, practical security work demands we set boundaries in our analysis and move forward with implementation of the mitigations.

After a primer on threat modeling fundamentals, we'll examine a fundamental question every security team faces: not whether a threat model is complete, but whether it's sufficient for the current situation. We'll explore potential criteria for gauging whether you've reached the "point of diminishing returns" in your current modeling iteration, including resource constraints that shape real-world security programs.

Through case studies and practical examples, attendees will learn to recognize the signals that indicate further modeling won't meaningfully improve security outcomes and learning to abandon "perfect" in favor of "good (enough)" in different contexts.
This talk is for security professionals who want to implement or improve threat modeling practices while maintaining momentum in their security programs. No prior threat modeling experience required – just a healthy skepticism about activities that could theoretically continue forever.

NDC Conferences

Threat modeling is analyzing system representations to identify security risks before implementation. The core challenge isn't when to start, but when to stop—since it's never truly "finished." Effective scoping techniques include time-boxing sessions, focusing on trust boundaries, defining 3 doomsday scenarios, tackling legacy systems first, and using thematic sprints around security properties (CIA triad + authentication/authorization). Reference architectures and security patterns prevent reinventing solutions. Impact scoring becomes simpler when threats are mapped to business-critical scenarios. The goal is a more secure product, not just documentation.

The question is not when to start threat modeling. It's when to stop - Georges Bolssens