Building a Culture of Threat Modeling

The growth and complexity of modern cyber threats has led cyber-forward enterprises to implement practices that predict the techniques of their adversaries. Sophisticated information security teams are increasingly adopting proactive measures to understand the landscape of potential security threats and adapt accordingly.

What is a Threat Model
Threat modeling is a structured approach for reviewing and assessing an application’s architectural security.   This allows security risks, that exist as a result of the application’s design, to be identified and addressed. The threat model is accompanied by system architecture, design, and data flow documentation, performed by a skilled threat modeller, that uncovers security weaknesses in an application or platform. The results of a threat model provides application and platform stakeholders with a comprehensive understanding of the system and associated security gaps.


Danish Ali, CISM, is a former Consultant within DayBlink’s Cybersecurity Center of Excellence

Jacob Armijo, CISM, is a Senior Consultant and Chief of Staff of DayBlink’s Cybersecurity Center of Excellence

Justin Whitaker is a Partner and Practice Lead of DayBlink’s Cybersecurity Center of Excellence and is based in the Vienna, Virginia office 

Research contributions from: Chloe Spetalnick, Martin Badinelli, and DayBlink’s Cybersecurity Center of Excellence

To continue reading, click here to download