This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Anton Chuvakin. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Anton Chuvakin or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
EP215 Threat Modeling at Google: From Basics to AI-powered Magic
MP3•Episode home
Manage episode 471848925 series 2892548
Content provided by Anton Chuvakin. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Anton Chuvakin or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Guest:
- Meador Inge, Security Engineer, Google Cloud
Topics:
- Can you walk us through Google's typical threat modeling process? What are the key steps involved?
- Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?
- How does Google keep its threat models updated? What triggers a reassessment?
- How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture?
- What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong?
- How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques?
- What advice would you give to organizations just starting with threat modeling?
Resources:
- EP12 Threat Models and Cloud Security
- EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw
- EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
- EP140 System Hardening at Google Scale: New Challenges, New Solutions
- Threat Modeling manifesto
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- Awesome Threat Modeling
- Adam Shostack “Threat Modeling: Designing for Security” book
- Ross Anderson “Security Engineering” book
- ”How to Solve It” book
234 episodes
MP3•Episode home
Manage episode 471848925 series 2892548
Content provided by Anton Chuvakin. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Anton Chuvakin or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Guest:
- Meador Inge, Security Engineer, Google Cloud
Topics:
- Can you walk us through Google's typical threat modeling process? What are the key steps involved?
- Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?
- How does Google keep its threat models updated? What triggers a reassessment?
- How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture?
- What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong?
- How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques?
- What advice would you give to organizations just starting with threat modeling?
Resources:
- EP12 Threat Models and Cloud Security
- EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw
- EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
- EP140 System Hardening at Google Scale: New Challenges, New Solutions
- Threat Modeling manifesto
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- Awesome Threat Modeling
- Adam Shostack “Threat Modeling: Designing for Security” book
- Ross Anderson “Security Engineering” book
- ”How to Solve It” book
234 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.