We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models?
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.