S3E7: Robert Hurlbut

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson are joined by Robert Hurlbut, an industry expert in threat modeling. Robert shares his extensive background in software architecture and application security, and they dive deep into the practical aspects of threat modeling, why it’s critical, and how organizations can get started. 🛡️

🔑 Key Highlights:

• Robert’s journey from software development to focusing entirely on threat modeling

• What threat modeling is and how it differs from threat hunting

• The importance of asking critical questions like “What could go wrong?” to identify potential threats early in the software development lifecycle

• How methods like STRIDE can help identify threats but aren’t the full definition of threat modeling

• The value of the Threat Modeling Manifesto and the core principles it promotes

• How threat modeling fits into modern approaches like Zero Trust, DevSecOps, and cloud environments

• The need for collaboration between diverse teams to effectively identify threats and secure design decisions

• Advice for organizations looking to start a threat modeling program and scaling it across teams

Robert also discusses the growing importance of threat modeling in industry standards like NIST and OWASP, and how the inclusion of threat modeling in executive orders is driving its adoption.