Threat Modeling Insider Newsletter

Delivering the latest Threat Modeling articles and tips straight to your mailbox.

Threat Modeling Insider Newsletter

Delivering the latest Threat Modeling articles and tips straight to your mailbox.

The valuable insights of Threat Modeling experts

Our “Threat Modeling Insider” newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox.
It will bootstrap and elevate your security knowledge and threat modeling skills.

Previous editions include guest content from Adam Shostack, Tony UV, Fraser ‘zeroXten‘ Scott, Izar Tarandach, Geoff Hill, and many more. We provide curated articles on topics such as Microsoft’s threat modeling tool, Bruce Schneier on attack trees, and practical tips such as which diagramming tools to use.

We aim to make this a community driven newsletter and welcome your input or feedback. If you have content or pointers for the next edition, please share them with us.

Join thousands of readers that bootstrap and elevate threat modeling skills every month.
Do not miss our next edition, register to get it in your inbox every time!

The valuable insights of Threat Modeling experts

Threat Modeling Insider edition

Our “Threat Modeling Insider” newsletter brings a combination of guest articles, white papers, curated articles and tips on threat modeling to your inbox.
It will bootstrap and elevate your security knowledge and threat modeling skills.

Previous editions include guest content from Adam Shostack, Tony UV, Fraser ‘zeroXten‘ Scott, Izar Tarandach, Geoff Hill, and many more. We provide curated articles on topics such as Microsoft’s threat modeling tool, Bruce Schneier on attack trees, and practical tips such as which diagramming tools to use.

We aim to make this a community driven newsletter and welcome your input or feedback. If you have content or pointers for the next edition, please share them with us.

Join thousands of readers that bootstrap and elevate threat modeling skills every month.
Do not miss our next edition, register to get it in your inbox every time!

Previous editions of
Threat Modeling Insider

Previous editions of
Threat Modeling Insider

Threat Modeling Insider
29th Edition

  • 5 Challenges of Rolling Out Threat Modeling within an Enterprise-Sized Company Guest article

    Written by Nick Kurtley

  • An Introduction to Threat Modeling by Microsoft Curated content
  • Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Curated content
  • You shall not pass: the spells behind Gandalf Tips & Tricks

    Written by Max Mathys

  • An update on our upcoming training sessions Training update

Previous editions of
Threat Modeling Insider

Threat Modeling Insider
36th Edition

  • The Power of Threat Modeling Capabilities and OWASP SAMM Mapping for Product Security Guest article

    Written by Sebastien Deleersnyder & Steven Wierckx

  • Gamify Threat Modeling with OWASP Cornucopia 2.0 Curated content

    By OWASP Foundation

  • Build Reusable, Robust Systems with Security Patterns Curated content

    By Securitypatterns.io

  • Threat Modeling in 4 steps Toreon Blog
  • New O’Reilly training: Secure Your Design with Threat Modeling Tips & Tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
35th Edition

  • ThreatModCon 2024 Lisbon is coming in 20 days! Announcement
  • MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices Curated content

    By MITRE

  • OWASP Top 10 for LLM Applications Curated content

    By OWASP

  • Threat Modeling Playbook Part 5 – Innovate with threat model technology Toreon Blog
  • Secure from the Start: Integrate Continuous Threat Modeling Tips & Tricks

    By Sebastien Deleersnyder

  • An update on our upcoming training sessions Training update

Previous editions of
Threat Modeling Insider

Threat Modeling Insider
38th Edition

  • Threat Modeling for Retrieval-Augmented Generation (RAG) AI Applications Guest article

    Written by Ben Ramirez

  • Threat Modeling Trends and Insights from ThreatModCon 2024 Toreon blog

    By Sebastien Deleersnyder & Steven Wierckx

  • The AI Risk Repository Curated content
  • Application Security Blog – True Positives Curated content

    By Evan Oslick

  • DrawIO Attack trees plugin Tips & Tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
37th Edition

  • Threat Modeling Is What Puts “Sec” in “DevSecOps” Guest article

    Written by Mohamed Abo El-Kheir

  • Putting Threat Modeling into practice: A guide for business leaders Curated content

    Written by Scott Wheeler

  • How the New EU Regulatory Landscape Will Impact Software Security Curated content

    Written by Nuno Teodoro

  • Threat Modeling with ATT&CK v1.0.0 Curated content
  • Crypto-Gram Newsletter Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
36th Edition

  • The Power of Threat Modeling Capabilities and OWASP SAMM Mapping for Product Security Guest article

    Written by Sebastien Deleersnyder & Steven Wierckx

  • Gamify Threat Modeling with OWASP Cornucopia 2.0 Curated content

    By OWASP Foundation

  • Build Reusable, Robust Systems with Security Patterns Curated content

    By Securitypatterns.io

  • Threat Modeling in 4 steps Toreon Blog
  • New O’Reilly training: Secure Your Design with Threat Modeling Tips & Tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
35th Edition

Threat Modeling Insider
34th Edition

  • Retro Tech Tactics: Using Old-School Security for Modern Threat Modeling Guest article

    Written by Steven Wierckx

  • Threat Modeling Playbook Part 4 – Strengthen your threat model processes Toreon blog

    Written by Sebastien Deleersnyder

  • Security Architecture Build Phase: Planning and building a defendable architecture Curated content

    By Telenor

  • Google’s Threat Model for Post-Quantum Cryptography Curated content

    By Google's Cryptography team

  • Book tip: Security Engineering — Third Edition Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
33rd Edition

  • Inherent Threats – Clarifying a property of threats, are they inherent to the system? Whitepaper

    Written by Adam Shostack

  • Threat Modeling Playbook Part 3 – Train your people to threat model Toreon blog

    Written by Sebastien Deleersnyder

  • Thinking Like An Attacker – Another Look at Enterprise Security​ Curated content

    Written by Forbes

  • Advancing Resiliency Threat Modeling for Large Distributed Systems Curated content

    Written by Microsoft Azure

  • Threat Modeling Hackathon is back! Tips & Tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
32nd Edition

  • 3 Scenarios for transforming a Cornucopia Card into a Product Backlog Item Guest article

    Written by Ive Verstappen

  • OWASP 2023 Global AppSec Conference: Zero Trust Threat Modeling Curated content

    By Chris Romeo

  • Threat Modeling for Software Development Kits (SDKs) Curated content

    Written by Kevin Wall

  • Threat Modeling Playbook Part 2 – Embed Threat Modeling in your organization Toreon Blog
  • ThreatModCon 2023 recordings Tips & Tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
31st Edition

  • Learning threats in a post ChatGPT world Guest article

    Written by Jonathan Marcil

  • Threat Modeling Playbook - Part 1 Toreon blog
  • AI-Driven Threat Modelling with STRIDE GPT Curated content
  • OTM supported by threat-dragon starting from 2.1.3​ Curated content
  • NIST Trustworthy and Responsible AI Tips & tricks
  • Save-the-date: ThreatModCon 2024 Curated content
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
30th Edition

  • The World’s First Threat Modeling Conference Guest article

    Written by Chris Romeo

  • Navigating the Future of AI Security: Insights from the Risk Match Webinar Toreon article

    Written by Sebastien Deleersnyder

  • Threat Modeling is now part of the NCSC's guidance on Risk Management Curated content

    Written by the National Cyber Security Centre

  • Scaling threat modeling in an organisation might require an order of threat modeling Curated content

    Written by NIST

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
29th Edition

  • 5 Challenges of Rolling Out Threat Modeling within an Enterprise-Sized Company Guest article

    Written by Nick Kurtley

  • An Introduction to Threat Modeling by Microsoft Curated content
  • Threat Modelling Cloud Platform Services by Example: Google Cloud Storage Curated content
  • You shall not pass: the spells behind Gandalf Tips & Tricks

    Written by Max Mathys

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
28th Edition

  • Threat Models are useless. Threat Modeling is essential. Guest article

    Written by Jess Chang

  • Threat Composer, exploring the parallels between risk descriptions and user stories Toreon article

    Written by Georges Bolssens

  • Leveraging Large Language Models (LLMs) for Threat Models Curated content

    Written by xvnpw

  • Threat elicitation and the art of "AI prompt crafting" Curated content

    Written by Georges Bolssens

  • Reading the TMI Newsletter pays off! Score yourself a discount for the upcoming ThreatModCon A gift

    ThreatModCon

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
27th Edition

  • Unleashing the power of Threat Modeling: Overcoming Challenges, Building Community, and Driving Adoption. Guest article

    Written by Brook S.E. Schoenfield

  • BSidesSF 2023 - FAIR STRIDE - Building Business Relevant Threat Models Curated content

    Written by Arthur Loris

  • BSidesSF 2023 - Sleeping With One AI Open: An Introduction to Attacks Against… Curated content

    Written by Eion Wickens and Marta J.

  • Instant Threat Modeling - #10 Adversarial ML & AI Curated content

    Written by SecuRingPL

  • OWASP SAMM Threat Modeling: From Good to Great presentation Toreon article

    Written by Sebastien Deleersnyder

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
26th Edition

  • The AI Attack Surface Map V1.0 Guest article

    Written by Daniel Miessler

  • AWS KMS Threat Model Curated content

    Written by Costas Kourmpoglou

  • How to use Chat GPT to learn Threat Modeling Curated content

    Written by Rusty Newton

  • OWASP SAMM Threat Modeling: From Good to Great Toreon article

    Written by Sebastien Deleersnyder

  • The Threat Modeling podcast Curated content

    Written by Adam Shostack

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
25th Edition

  • Developer-driven threat modeling at OutSystems Guest article

    Rui Covelo

  • Threats: What Every Engineer Should Learn From Star Wars Book bites

    Written by Adam Shostack

  • Introducing Threat Modeling to Established Teams Curated content

    Talk by Sarah-Jane Madden

  • Threat Modeling Connect: A browse through the archives Curated content
  • Threat Modeling as Code with PyTM Tips & tricks

    Written by Georges Bolssens

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
24th Edition

  • A deep dive into the 2023 Threat Modeling Connect Hackathon Guest article

    Written by Luis Servin

  • Threat Modeling Talks Curated content

    By Kim Wuyts

  • The added benefit to early threat modeling that nobody talks about Toreon article

    Written by Izar Tarandach and Georges Bolssens

  • What are repudiation attacks? Tips & tricks

    Written by Winsey Fong

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
23rd Edition

  • Supply-Chain Security: Evaluation of Threats and Mitigations Guest article

    Written by Hashimoto Waturu

  • Tips & tricks, Draw.io Curated content

    Written by Costas Kourmpoglou

  • The importance of accurate notes during threat model meetings Toreon article

    Written by Cesar Peeters

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
22nd Edition

  • The hitchhiker's guide for failing threat modeling Guest article

    Written by Michael Bernhardt

  • Creating Security Decision Trees with Graphviz Curated content
  • Threat Modeling Lingo Curated content
  • Unlocking the power of Threat Modeling Toreon article

    Written by Steven Wierckx

  • A ChatGPT Toreon poem Curated content
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
21st Edition

  • Threat Modeling ICS & OT Landscapes - Mind that Gap, there's a sharp EDGE! Guest article

    Written by Charles Marrow

  • SLSA dip — At the Source of the problem! Curated content

    Written by François Proulx

  • Integrating threat modeling with DevOps Curated content

    Written by security experts at Microsoft

  • An interview on Threat Modeling with ChatGTP Toreon article

    By interviewer Steven Wierckx

  • Applying STRIDE on your hotel Tips & tricks

    Written by Miguel Llamazares

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
20th Edition

  • Five tips to improve your threat model Guest article

    Written by Simone Curzi

  • How to threat model digital applications in Cloud Curated content

    Written by Jeevan Singh

  • Threat Modeling the right way for Builders Workshop Curated content
  • Kubernetes Threat Model and Risk Management webinar Curated content
  • Christmas comes early this year... A gift
  • Threat Modeling Connect, a new community Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
19th Edition

  • The Role of Tooling in Threat Modeling Guest article

    Written by Zoe Braiterman

  • The Hybrid Approach to Threat Modeling Curated content

    Written by Chris Romeo

  • How we're creating a threat model framework that works for GitLab Curated content

    Mark Loveless

  • Threat Modeling Soft Skills Curated content

    A session with Sebastien Deleersnyder

  • Creating Security Decision Trees with Graphviz Tips & tricks

    Kelly Shortridge

  • An update on our upcoming training sessions Training update

Threat Modeling Insider
18th Edition

  • Risk-Centric Threat Modeling - Part 2 Guest article

    With Marco Mirko Morana

  • Adapting risk calculations to your needs Toreon article
  • Persona Non Grata, a threat generation technique Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
17th Edition

  • Risk-Centric Threat Modeling - Part 1 Guest article

    With marco Mirko Morana

  • Examining attack trees and tooling Toreon article
  • A tool to support threat modeling in a DevSecOps environment Threagile Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
16th Edition

  • Security Regulation for Medical Devices Interview

    With Seth Carmody

  • Machine Assisted Threat Modeling Curated content
  • Plot4ai Curated content
  • How Threat Modeling improves Pentesting Toreon article
  • User stories and Threat Modeling Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
15th Edition

  • Threat Modeling Benefits Everyone in the Dev Pipeline Guest article

    Written by Ken Van Wyck

  • Threat Modeling Medical Devices Curated content
  • Mozilla Rapid Risk Assessment Curated content
  • Threat Modeling vs Pentesting Toreon article
  • Continuous Threat Modeling Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
14th Edition

  • Threat Modeling Redefined: The Self-Serve Threat Model Guest article

    Written by Jeevan Singh

  • New standards from NIST and OWASP Curated content
  • ATT&CK-like Common Threat Matrix for CI/CD Pipelines Curated content
  • The 9 benefits of Threat Modeling Toreon article

    Written by Rusty Newton

  • The OWASP Threat Dragon egg is hatching Tips & tricks
  • Our new Threat Modeling Practitioner hybrid learning journey Training update

Threat Modeling Insider
13th Edition

  • Threat modeling: what are we modeling, exactly? Guest article

    Written by Koen Yskout

  • A panel discussion on agile threat modeling Curated content
  • how GitHub does threat modeling Curated content
  • 7 key learning principles to create our future threat modeling training Toreon article
  • A new threat modeling book by Izar Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
12th Edition

  • Keys to successful privacy threat modeling Guest article

    Written by Kim Wuyts

  • Wikipedia on Threat Modeling history Curated content
  • Threat modeling your CI/CD pipeline Curated content
  • We donated our Threat Modeling Playbook to OWASP Toreon gift
  • Ask me Anything on Threat Modeling Webinar
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
11th Edition

  • Threat modeling's definition of done Guest article

    Written by Brook Schoenfield

  • Threat modeling guidance for developers Curated content
  • Recordings from threat modeling sessions from the latest Open Security Summit Curated content
  • Up your game with the Threat Modeling Playbook Toreon webinar
  • DREAD is dead Tips & tricks
  • Updates on upcoming Toreon training sessions. Training update

Threat Modeling Insider
10th Edition

  • Scaling up threat modeling Guest article

    Written by Mikko Saario

  • Threat modeling machine learning Curated content
  • New release of OWASP Threat Dragon Curated content
  • Threat modeling medical devices Toreon whitepaper
  • New online trainings hosted by Toreon Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
9th Edition

  • How often do living documents need to breathe? Guest article

    Written by Izar Tarandach

  • An awesome list of threat modeling resources Curated content
  • The upcoming ISO 21434 cybersecurity standard for the automotive industry Curated content
  • Reports from the Archimedes conference Toreon article
  • Creating 'evil personas Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
8th Edition

  • Threat modeling: better caught than taught Guest article

    Written by Chris Romeo

  • NO DIRT: a threat modeling approach for digital healthcare Curated content
  • The Tactical Threat Modeling paper from SAFECode Curated content
  • Threat modeling in 4 steps Toreon article
  • The OWASP risk rating calculator Tips & tricks
  • Updates on upcoming Toreon training sessions. Training update

Threat Modeling Insider
7th Edition

  • “Threat modeling as code" with the threatspec tool Guest article

    Written by Fraser Scott

  • The Evolution of Threat Modeling Curated content
  • Adam Shostack's talk at AppSecCali 2019 Curated content
  • Setting up efficient threat model meetings Toreon article
  • New community edition released by IriusRisk Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
6th Edition

  • The OWASP Threat Model project Guest article

    Written by Steven Wierckx

  • Jim DelGrosso teaching threat modeling Curated content
  • Dinis Cruz shares his threat modeling templates Curated content
  • The perfect threat model party guest list Toreon article
  • Application Security Podcast, with episodes on threat modeling Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
5th Edition

  • Threat modeling: do it early, do it often, do it as a team Guest article

    Written by Irene Michlin

  • LINDDUN Curated content
  • Automated web attacks Curated content
  • A great deal on our HITB training in Singapore Toreon deal
  • Play the Elevation of Privilege card game online Tips & tricks
  • Updates on upcoming Toreon training sessions. Training update

Threat Modeling Insider
4th Edition

  • Continuum Security “Scaling threat modeling with risk patterns" Guest article

    Written by Stephen de Vries

  • Threat modeling as code Curated content
  • MITRE ATT&CK Curated content
  • How to use threat modeling as privacy by design technique? Toreon article
  • Hi/5 newsletter Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
3rd Edition

  • Threat Models as a Blueprint for Attack Guest article

    Written by Tony UV

  • OAuth 2.0 Curated content
  • The threat modeling toolkit Curated content
  • How can you integrate threat modeling in your agile software development? Toreon presentation
  • How to overcome diagramming writer's block Tips & tricks
  • An update on our upcoming training sessions Training update

Threat Modeling Insider
2nd Edition

Threat Modeling Insider
1st Edition

  • Changing the game on threat modeling Guest article

    Written by Adam Shostack

  • Curated articles from Bruce Schneier and Avi Douglen Curated content
  • A free threat modeling guide Toreon guide
  • Our threat modeling tip of the month Tips & tricks
  • An update on our upcoming training sessions Training update

Get the latest Threat Modeling insights in your inbox

Start typing and press Enter to search

Shopping Cart