Understand the history of threat modeling with Adam Shostack, the father of threat modeling. Learn how threat modeling has evolved with the Four Question Framework and can work in your organizations in the wake of the AI revolution.
This interview is sponsored by the OWASP GenAI Security Project. Visit https://securityweekly.com/owaspappsec to watch all of CyberRisk TV's interviews from the OWASP 2025 Global AppSec Conference!
Adam is the author of Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars. He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.
His accomplishments include:
> Helped create the CVE. Now an Emeritus member of the Advisory Board.
> Fixed Autorun for hundreds of millions of systems
> Led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3)
> Created the Elevation of Privilege threat modeling game
> Co-authored The New School of Information Security
Beyond consulting and training, Shostack serves as a member of the Blackhat Review Board, an advisor to a variety of companies and academic institutions, and an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.
