Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the practical paradox of threat modeling in this 50-minute conference talk that challenges conventional wisdom about when security analysis should conclude. Learn why threat modeling, while essential for application security, presents a unique dilemma: threats continuously evolve and systems constantly change, yet practical security work demands setting boundaries and moving forward with implementation. Discover the fundamental question every security team faces - not whether a threat model is complete, but whether it's sufficient for the current situation. Examine criteria for identifying the "point of diminishing returns" in threat modeling iterations, including how resource constraints shape real-world security programs. Gain insights through case studies and practical examples that teach you to recognize signals indicating when further modeling won't meaningfully improve security outcomes. Master the art of abandoning "perfect" in favor of "good enough" across different contexts while maintaining momentum in security programs. Suitable for security professionals seeking to implement or improve threat modeling practices, with no prior threat modeling experience required - just healthy skepticism about activities that could theoretically continue indefinitely.
