Vaibhav Garg – Developer Centric Threat Modeling

Today we are joined by Vaibhav Garg, Executive Director, Cybersecurity & Privacy Research and Public Policy at Comcast, to talk about developer-centric threat modeling. We start by looking at ways to make threat modeling more appealing to developers. We discuss how a security team can help developers participate in threat modeling in the midst of continual change with both development and security teams. Ultimately, a threat modeling program is only as effective as the value it offers to a diverse group of stakeholders. We discuss how to measure and align the value of threat modeling across project, program, and executive levels. We conclude with Vaibhav’s thoughts about where he thinks developer-centric threat modeling is heading over the next 12 to 18 months.