The Calculus of Threat Modeling

I have been designing secure and security products for 20 years. I always thought of this as “architecture” and it took me a long time to realize that a major part of what I was doing was threat modeling. There are many established approaches to threat modeling, but because I backed into the field, I had rolled my own. This post is to explicitly describe what I have been doing.

The Next Level

“That’s where the money is!”
– Attributed to Willie Sutton, Non-Traditional Withdrawals Specialist

Willie Sutton was quoted as having said the above (he denied coining the phrase) in response to the question, “Why do you rob banks?” At the time, it was an obvious choice; in a pre-networked world, value was primarily transmitted by moving physical objects around the world, whether they were bars of precious metalsmineral crystals, or slips of paper. A non-traditional account withdrawal, then, relied on transporting physical objects from point A (a location controlled by the bank) to point B (a location controlled by the attacker).