Why Over Complicating Threat Modeling Does More Harm Than Good
Many companies turn threat modeling into a confusing mess. Learn why simplicity is key, and how over engineering threat modelling can cause teams to give up.
Many cybersecurity teams make threat modeling unnecessarily complicated, which ends up doing more harm than good. This blog explains why simplicity is essential, especially for teams who are new to the process.
Is your threat modeling methodology too complicated?
The Problem
I’ve worked with many teams across companies and countries, and I’ve observed how threat modeling is introduced in a variety scenarios. What I have noticed is how easily teams can be derailed if that process is too complex. I’ve seen clients zone out and mentally escape to anywhere but the meeting when complexity of the threat modelling process was overly complicated.
Threat modeling is an incredibly powerful tool when used properly. But if teams are shown an overly complicated and intense process it will never be implemented. And this is where the harm exists, a inconsistent application of threat modelling by some but not all teams may lead to a false sense of security.
But it can be simple…
Lets say that again so everyone in the back can hear:
Threat Modelling can be simple!
Fundamentally, threat modeling is a conversation. Strip away the documentation, audits, and spreadsheets, and what remains is people talking to each other about how their systems actually work. The best results I’ve seen come when teams openly share details about their components. I’ve even sat in sessions where senior developers—people who had worked on the same product for years—discovered something new about their own system simply because someone else explained it out loud.
“The best threat modeling methodology is one that fits your needs and works well with your team’s design workflow. ”
Conversely, I’ve seen security issues arise precisely because teams didn’t communicate—like when one group assumed an upstream component had already handled user authentication. Nobody asked. Nobody shared. And then one client is viewing another client’s information.
The Threat Modeling Manifesto
If you are confused where to start then please do not start with a framework such as STRIDE. The Threat Modeling Manifesto is the better place to start to establish high level guidelines and values of your threat modeling program. The best threat modeling methodology is one that fits your needs and works well with your team’s design workflow.
The manifesto helps you establish high level values, principles, and culture. Its also provides references to help guide you down that path.
And Finally…
Threat modeling can be a powerful tool to architect in security in your systems and applications. It can save you times and money against lost productivity caused by a security incident. Contact us for a no obligation call to discuss how we can help you find a methodology that is a best fit for your team.
