The topic of today is threat modeling, a practice of identifying and prioritizing potential threats and security mitigations. Our guests are Anne Oikarinen from Nixu, and Nicolaj Græsholt from Eficode.
In this episode, we discuss how threat modeling shifts security left, allowing teams to identify problems early in the development process. Anne Oikarinen explains the importance of threat modeling in preventing security issues before they arise, emphasizing that it can reveal logical flaws and potential problems in architecture or processes. Nicolaj Græsholt adds insights on integrating security tools into development practices and the role of security champions within teams.
Listeners will learn about various threat modeling techniques, including evil user stories and the STRIDE model, and how these methods can be applied to enhance security in software development. The conversation highlights the collaborative nature of threat modeling and the importance of continuous improvement in security practices.
Speakers
Nicolaj Græsholt
Nicolaj Græsholt is a consultant and trainer at Eficode where he helps clients with all things CI/CD, Artifact Management, Git, Docker, and Kubernetes, and is a Certified Kubernetes Administrator of CNCF. He has previously worked as a Consultant Software Developer and has a Master’s degree in cryptography. In his spare time, he enjoys containerizing tools, cold beer and doing experiments with Kubernetes to test the limits of container orchestration.
- DevOps
- Sauna Sessions
- Security
Related podcasts
