Threat Modeling Insider Newsletter Archive

Browse through the archive of our Growth Newsletter.

Join over 2000+ threat modeling practicioners reading our Threat Modeling insights every month.

Previous editions of
Threat Modeling Insider

Threat Modeling Insider Edition #42

Guest Article PLOT4AI 2.0: A Needed Update in the Changing AI Landscape
Written by Isabel Barberá
Toreon Blog Threat Modeling: A Strategic, Cost-Effective Path to CRA Compliance and Security by Design
Written by Sebastien Deleersnyder
Curated Content The Evolution of Threat Modeling: From Military Strategy to Cybersecurity Engineering
Curated Content Deep Backdoors in Deep Reinforcement Learning Agents
Tips & Tricks OWASP Cornucopia
Training Update An update on our upcoming training sessions

Threat Modeling Insider Edition #41

Guest Article Using GenAI in Threat Modeling and Application Security
Written by Dinis Cruz
Toreon Blog Making Threat Modeling Accessible: Top 10 Tools and Resources for Practitioners
Written by Sebastien Deleersnyder
Curated Content New OWASP Agentic AI – Threats and Mitigations Guide
Curated Content AI Threat Mind Map
Tips & Tricks Drawing DFDs
Training Update An update on our upcoming training sessions

Threat Modeling Insider Edition #40

Guest Article How to Enhance Your Pentest Using Threat Modeling
Written by Jeroen Verwoest
Toreon Blog Risk Patterns: Your Secret Weapon for Smarter Threat Modeling
Written by Sebastien Deleersnyder
Curated Content OWASP TOP 10 for LLM Applications 2025
Curated Content Steven Wierckx’s Choice: The Best Threat Modeling Talk of 2024
Tips & Tricks Threat composer workspace
Training Update An update on our upcoming training sessions

Threat Modeling Insider Edition #39

Guest article Layered Threat Modeling, an enterprise architectural approach
Written by Michael Boeynaems
Toreon Blog Level Up Your Threat Models: Data Flow Diagram Template for Miro
Written by Sebastien Deleersnyder
Curated Content TTPs.ai for GenAI-Targeted Attacks
Written by Michael Bargury
Curated Content Elevation of Privilege
Tips & Tricks Threat Modeling Hackathon 2025
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #38

Guest Article Threat Modeling for Retrieval-Augmented Generation (RAG) AI Applications
Written by Ben Ramirez
Toreon Blog Threat Modeling Trends and Insights from ThreatModCon 2024
Written by Steven Wierckx & Sebastien Deleersnyder
Curated Content The AI Risk Repository
Curated Content Application Security Blog – True Positives
Written by Evan Oslick
Tips & Tricks DrawIO Attack trees plugin
Training Update An update on our upcoming training sessions

Threat Modeling Insider Edition #37

Guest Article Threat Modeling Is What Puts “Sec” in “DevSecOps”
Written by Mohamed Abo El-Kheir
Curated Content Putting Threat Modeling into practice: A guide for business leaders
Written by Scott Wheeler
Curated Content How the New EU Regulatory Landscape Will Impact Software Security
Written by Nuno Teodoro
Curated Content Threat Modeling with ATT&CK v1.0.0
Tips & tricks Crypto-Gram Newsletter
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #36

Guest article The Power of Threat Modeling Capabilities and OWASP SAMM Mapping for Product Security
Toreon blog Threat Modeling in 4 steps
Curated Content Gamify Threat Modeling with OWASP Cornucopia 2.0
Curated Content Build Reusable, Robust Systems with Security Patterns
Tips & tricks New O’Reilly training: Secure Your Design with Threat Modeling
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #35

Curated content MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices
Written by MITRE
Curated content OWASP Top 10 for LLM Applications
Written by OWASP
Toreon Blog Threat Modeling Playbook Part 5 – Innovate with threat model technology
Tips & Tricks Secure from the Start: Integrate Continuous Threat Modeling
Written by Sebastien Deleersnyder
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #34

Guest article Retro Tech Tactics: Using Old-School Security for Modern Threat Modeling
Written by Steven Wierckx
Toreon blog Threat Modeling Playbook Part 4 – Strengthen your threat model processes
Written by Sebastien Deleersnyder
Curated content Security Architecture Build Phase: Planning and building a defendable architecture
Written by Telenor
Curated content Google’s Threat Model for Post-Quantum Cryptography
Written by Google's Cryptography team
Tips & tricks Book tip: Security Engineering — Third Edition
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #33

Whitepaper Inherent Threats – Clarifying a property of threats, are they inherent to the system?
Written by Adam Shostack
Toreon blog Threat Modeling Playbook Part 3 – Train your people to threat model
Written by Sebastien Deleersnyder
Curated content Thinking Like An Attacker – Another Look at Enterprise Security
Written by Microsoft Azure
Tips & Tricks Threat Modeling Hackathon is back!
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #32

Guest article 3 Scenarios for transforming a Cornucopia Card into a Product Backlog Item
Written by Ive Verstappen
Curated content OWASP 2023 Global AppSec Conference: Zero Trust Threat Modeling
Written by Chris Romeo
Curated content Threat Modeling for Software Development Kits (SDKs)
Written by Kevin Wall
Toreon Blog Threat Modeling Playbook Part 2 – Embed Threat Modeling in your organization
Tips & Tricks ThreatModCon 2023 Recordings
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #31

Guest article Learning threats in a post ChatGPT world
Written by Jonathan Marcil
Toreon blog Threat Modeling Playbook - Part 1
Curated content AI-Driven Threat Modelling with STRIDE GPT
Curated content OTM supported by threat-dragon starting from 2.1.3
Tips & tricks NIST Trustworthy and Responsible AI
Curated content Save-the-date: ThreatModCon 2024
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #30

Guest article The World’s First Threat Modeling Conference
Written by Chris Romeo
Toreon article Navigating the Future of AI Security: Insights from the Risk Match Webinar
Written by Sebastien Deleersnyder
Curated content Threat Modeling is now part of the NCSC's guidance on Risk Management
Written by the National Cyber Security Centre
Curated content Scaling threat modeling in an organisation might require an order of threat modeling
Written by NIST
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #29

Guest article 5 Challenges of Rolling Out Threat Modeling within an Enterprise-Sized Company
Written by Nick Kurtley
Curated content An Introduction to Threat Modeling by Microsoft
Curated content Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
Tips & Tricks You shall not pass: the spells behind Gandalf
Written by Max Mathys
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #28

Guest article Threat Models are useless. Threat Modeling is essential.
Written by Jess Chang
Toreon article Threat Composer, exploring the parallels between risk descriptions and user stories
Written by Georges Bolssens
Curated content Leveraging Large Language Models (LLMs) for Threat Models
Written by xvnpw
Curated content Threat elicitation and the art of "AI prompt crafting"
Written by Georges Bolssens
A gift Reading the TMI Newsletter pays off! Score yourself a discount for the upcoming ThreatModCon
Written by ThreatModCon
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #27

Guest article Unleashing the power of Threat Modeling: Overcoming Challenges, Building Community, and Driving Adoption.
Written by Brook S.E. Schoenfield
Curated content BSidesSF 2023 - FAIR STRIDE - Building Business Relevant Threat Models
Written by Arthur Loris
Curated content BSidesSF 2023 - Sleeping With One AI Open: An Introduction to Attacks Against…
Written by Eion Wickens and Marta J.
Curated content Instant Threat Modeling - #10 Adversarial ML & AI
Written by SecuRingPL
Toreon article OWASP SAMM Threat Modeling: From Good to Great presentation
Written by Sebastien Deleersnyder
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #26

Guest article The AI Attack Surface Map V1.0
Written by Daniel Miessler
Curated content AWS KMS Threat Model
Written by Costas Kourmpoglou
Curated content How to use Chat GPT to learn Threat Modeling
Written by Rusty Newton

Threat Modeling Insider Edition #25

Guest article Developer-driven threat modeling at OutSystems
Written by Rui Covelo
Book bites Threats: What Every Engineer Should Learn From Star Wars
Written by Adam Shostack
Curated content Introducing Threat Modeling to Established Teams
Written by Sarah-Jane Madden
Curated content Threat Modeling Connect: A browse through the archives
Tips & tricks Threat Modeling as Code with PyTM
Written by Georges Bolssens
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #24

Guest article A deep dive into the 2023 Threat Modeling Connect Hackathon
Written by Luis Servin
Curated content Threat Modeling Talks
Written by Kim Wuyts
Toreon article The added benefit to early threat modeling that nobody talks about
Written by Izar Tarandach and Georges Bolssens
Tips & tricks What are repudiation attacks?
Written by Winsey Fong
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #23

Guest article Supply-Chain Security: Evaluation of Threats and Mitigations
Written by Hashimoto Waturu
Curated content Tips & tricks, Draw.io
Written by Costas Kourmpoglou
Toreon article The importance of accurate notes during threat model meetings
Written by Cesar Peeters
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #22

Guest article The hitchhiker's guide for failing threat modeling
Written by Michael Bernhardt
Curated content Creating Security Decision Trees with Graphviz
Curated content Threat Modeling Lingo
Toreon article Unlocking the power of Threat Modeling
Written by Steven Wierckx
Curated content A ChatGPT Toreon poem
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #21

Guest article Threat Modeling ICS & OT Landscapes - Mind that Gap, there's a sharp EDGE!
Written by Charles Marrow
Curated content SLSA dip — At the Source of the problem!
Written by François Proulx
Curated content Integrating threat modeling with DevOps
Written by security experts at Microsoft
Toreon article An interview on Threat Modeling with ChatGTP
Written by interviewer Steven Wierckx
Tips & tricks Applying STRIDE on your hotel
Written by Miguel Llamazares
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #20

Guest article Five tips to improve your threat model
Written by Simone Curzi
Curated content How to threat model digital applications in Cloud
Written by Jeevan Singh
Curated content Threat Modeling the right way for Builders Workshop
Curated content Kubernetes Threat Model and Risk Management webinar
A gift Christmas comes early this year...
Tips & tricks Threat Modeling Connect, a new community
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #19

Guest article The Role of Tooling in Threat Modeling
Written by Zoe Braiterman
Curated content The Hybrid Approach to Threat Modeling
Written by Chris Romeo
Curated content How we're creating a threat model framework that works for GitLab
Written by Mark Loveless
Curated content Threat Modeling Soft Skills
Written by Sebastien Deleersnyder
Tips & tricks Creating Security Decision Trees with Graphviz
Written by Kelly Shortridge
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #18

Guest article Risk-Centric Threat Modeling - Part 2
Written by Marco Mirko Morana
Toreon article Adapting risk calculations to your needs
Tips & tricks Persona Non Grata, a threat generation technique
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #17

Guest article Risk-Centric Threat Modeling - Part 1
Written by Marco Mirko Morana
Toreon article Examining attack trees and tooling
Tips & tricks A tool to support threat modeling in a DevSecOps environment Threagile
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #16

Interview Security Regulation for Medical Devices
Written by Seth Carmody
Curated content Machine Assisted Threat Modeling
Curated content Plot4ai
Toreon article How Threat Modeling improves Pentesting
Tips & tricks User stories and Threat Modeling
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #15

Guest article Threat Modeling Benefits Everyone in the Dev Pipeline
Written by Ken Van Wyck
Curated content Threat Modeling Medical Devices
Curated content Mozilla Rapid Risk Assessment
Toreon article Threat Modeling vs Pentesting
Tips & tricks Continuous Threat Modeling
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #14

Guest article Threat Modeling Redefined: The Self-Serve Threat Model
Written by Jeevan Singh
Curated content New standards from NIST and OWASP
Curated content ATT&CK-like Common Threat Matrix for CI/CD Pipelines
Toreon article The 9 benefits of Threat Modeling
Written by Rusty Newton
Tips & tricks The OWASP Threat Dragon egg is hatching
Training update Our new Threat Modeling Practitioner hybrid learning journey

Threat Modeling Insider Edition #13

Guest article Threat modeling: what are we modeling, exactly?
Written by Koen Yskout
Curated content A panel discussion on agile threat modeling
Curated content How GitHub does threat modeling
Toreon article 7 key learning principles to create our future threat modeling training
Tips & tricks A new threat modeling book
Written by Izar
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #12

Guest article Keys to successful privacy threat modeling
Written by Kim Wuyts
Curated content Wikipedia on Threat Modeling history
Curated content Threat modeling your CI/CD pipeline
Toreon gift We donated our Threat Modeling Playbook to OWASP
Webinar Ask me Anything on Threat Modeling
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #11

Guest article Threat modeling's definition of done
Written by Brook Schoenfield
Curated content Threat modeling guidance for developers
Curated content Recordings from threat modeling sessions from the latest Open Security Summit
Toreon webinar Up your game with the Threat Modeling Playbook
Tips & tricks DREAD is dead
Training update Updates on upcoming Toreon training sessions

Threat Modeling Insider Edition #10

Guest article Scaling up threat modeling
Written by Mikko Saario
Curated content Threat modeling machine learning
Curated content New release of OWASP Threat Dragon
Toreon whitepaper Threat modeling medical devices
Tips & tricks New online trainings hosted by Toreon
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #9

Guest article How often do living documents need to breathe?
Written by Izar Tarandach
Curated content An awesome list of threat modeling resources
Curated content The upcoming ISO 21434 cybersecurity standard for the automotive industry
Toreon article Reports from the Archimedes conference
Tips & tricks Creating 'evil personas
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #8

Guest article Threat modeling: better caught than taught
Written by Chris Romeo
Curated content NO DIRT: a threat modeling approach for digital healthcare
Curated content The Tactical Threat Modeling paper from SAFECode
Toreon article Threat modeling in 4 steps
Tips & tricks The OWASP risk rating calculator
Training update Updates on upcoming Toreon training sessions

Threat Modeling Insider Edition #7

Guest article “Threat modeling as code" with the threatspec tool
Written by Fraser Scott
Curated content The Evolution of Threat Modeling
Curated content Adam Shostack's talk at AppSecCali 2019
Toreon article Setting up efficient threat model meetings
Tips & tricks New community edition released by IriusRisk
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #6

Guest article The OWASP Threat Model project
Written by Steven Wierckx
Curated content Jim DelGrosso teaching threat modeling
Curated content Dinis Cruz shares his threat modeling templates
Toreon article The perfect threat model party guest list
Tips & tricks Application Security Podcast, with episodes on threat modeling
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #5

Guest article Threat modeling: do it early, do it often, do it as a team
Written by Irene Michlin
Curated content LINDDUN
Curated content Automated web attacks
Toreon deal A great deal on our HITB training in Singapore
Tips & tricks Play the Elevation of Privilege card game online
Training update Updates on upcoming Toreon training sessions.

Threat Modeling Insider Edition #4

Guest article Continuum Security “Scaling threat modeling with risk patterns"
Written by Stephen de Vries
Curated content Threat modeling as code
Curated content MITRE ATT&CK
Toreon article How to use threat modeling as privacy by design technique?
Tips & tricks Hi/5 newsletter
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #3

Guest article Threat Models as a Blueprint for Attack
Written by Tony UV
Curated content OAuth 2.0
Curated content The threat modeling toolkit
Toreon presentation How can you integrate threat modeling in your agile software development?
Tips & tricks How to overcome diagramming writer's block
Training update An update on our upcoming training sessions

Threat Modeling Insider Edition #2

Guest article How to supercharge your Threat Modeling
Written by Geoff Hill
Curated content Curated resources from Carnegie Mellon University and Microsoft
Toreon guide Threat modeling done right"
Tips & tricks The OWASP threat modeling slack channel
Invitation Invitation to the Open Security Summit, featuring a threat modeling track
Training update Updates on upcoming Toreon training sessions