EP215 Threat Modeling at Google: From Basics to AI-powered Magic
Update: 2025-03-17
Description
Guest:
- Meador Inge, Security Engineer, Google Cloud
Topics:
- Can you walk us through Google's typical threat modeling process? What are the key steps involved?
- Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems?
- How does Google keep its threat models updated? What triggers a reassessment?
- How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture?
- What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong?
- How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques?
- What advice would you give to organizations just starting with threat modeling?
Resources:
- EP12 Threat Models and Cloud Security
- EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw
- EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security
- EP140 System Hardening at Google Scale: New Challenges, New Solutions
- Threat Modeling manifesto
- EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use
- Awesome Threat Modeling
- Adam Shostack “Threat Modeling: Designing for Security” book
- Ross Anderson “Security Engineering” book
- ”How to Solve It” book
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
