We discuss a controversial LinkedIn post claiming "Threat Modeling is Dead." While the STRIDE methodology may need updating, it remains a valuable "gateway" tool for teaching security concepts to developers without security backgrounds. We disc...

A good discussion today covering two different articles, the first covers CISA's list of product security "bad practices", questioning whether it provides real value or is just content marketing. Then the discussion moves onto an article about ...

This week we explore the multifaceted concept of obsolescence in technology, detailing its planned, unplanned, and forced forms. We delve into the security implications of outdated or unsupported devices and software, with a spotlight on cloud-...

Is everything boring? Chris, Izar and Matt discuss why nothing seems interesting enough lately. Is the excitement of vulnerabilities and ransomware waning? The guys touch on Governance, Risk, and Compliance (GRC) in corporate auditing, the impa...

What constitutes an expert in the field of threat modeling? Today Matt, Chris and Izar explore cultural references, the intricacies of threat modeling practices, and the criteria that define an expert. The discussion touches on the evolution of...