Threat model cheat sheets

Track: Threat Model
When: Tue AM-1
Where: Kings
Organizers Steven Wierckx Steven Wierckx
Participants Adam Shostack Adam Shostack , Andrew Johnstone Andrew Johnstone , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , Chris Allen Chris Allen , Claudio Camerino Claudio Camerino , David Cervigni David Cervigni , Fabien Thalgott Fabien Thalgott , Gabor Pek Gabor Pek , Luis Saiz Luis Saiz , Matt Pendlebury Matt Pendlebury , Peter Turczak Peter Turczak , Ruben Tronçon Ruben Tronçon , Sotiraki Sima Sotiraki Sima , Stuart Winter-Tear Stuart Winter-Tear , Tash Norris Tash Norris
Remote Participants Abhi Raj Abhi Raj , Andrew Martin Andrew Martin , Lubo Vikev Lubo Vikev , Vinod Anandan Vinod Anandan


We need to have 3 more cheat sheets for the missing TM steps.


Create a cheat sheet of maximum 5 points, each one starting with “do” or “don’t”


3 cheat sheets


The one cheat sheet already created:

Cheat sheets: What are we building?

DO: scope to what is under your control.

DO: Understand the context your system will live in. This includes but is not limited to the environment, security controls, …

DO: If you are stuck, either look at the entry and exit points OR let the Subject Matter Expert (SME) tell a story to get back on track.

DON’T: Go beyond/deeper than design level.

DON’T: Threat threat modeling like a kitchen sink, don’t try to put everything in.

Register as participant

To register as participant add Threat model cheat sheets to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions