Not sure how to get started with software threat modeling? Learn by thinking of it more solidly- a threat model for securing a castle.

Threat modeling is the art of determining if we are secure enough for our situation. Figuring out what to protect and how much effort we will spend on that protection is half the battle. The other half is understanding what happens if we fail- what it costs us and how it impacts us.

But the art of threat modeling isn’t just for securing software. Imagine we are security consultants for a medieval kingdom. We will determine the castle’s weak points by planning an attack. We will learn to assess risks by asking what the stronghold, well, um, holds. And we will strengthen our defenses by applying limited resources in the places that will help us the most. By the time we are through, our fortress will be sturdier, we will be able to stave off attacks, and we’ll know what improvements we can make to keep the kingdom safe.

Finally, we will discuss how it applies to development projects and how we can use these techniques to secure software. No expertise in medieval architecture is needed.