← @kwm Twitter archive



Threat modeling can be very involved, but shortcuts are fair game:

1) What do you have?
2) Who wants it?
3) What are the adversary's capabilities?

Can't answer 2 & 3? Start with industry threat reporting: https://github.com/rabobank-cdc/DeTTECT/tree/master/threat-actor-data.

Thanks for this, @bakk3rm and @rubenb_2!

4/14/2020, 1:49:20 PM

Favs: 31

Retweets: 8