We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Threat Modeling by Adam Shostack - Free Chapter Included

Sarit Newman Internet Security Researcher

Threat Modeling is an explanatory book by Adam Shostack that teaches the various methods and ways to successfully threat model. We sat with him to talk about his book and he gave a sneak preview to the first chapter.

Back in 2014, Adam Shostack – a program manager and security developer for Microsoft – published a book on threat modeling. His book, which is available in Kindle and paperback, explains how to optimize network security for software developers, security managers, and security professionals.  

We had a discussion with him, addressing his book and the importance of threat modeling

vpnMentor: What made you write Threat Modeling?

Shostack: I wrote Threat Modeling because threat modeling is at the core of my security career.  I have watched so many people struggle to create threat models, even mediocre ones, and I figured there was a better way to teach it.  We security folks learn by doing, by action, by apprenticeship, but a lot of what we're taught to do goes untested.

When threat modeling, should you focus on assets? No, it's a trap. What about focusing on thinking like an attacker? Also a trap. The system catches normal, well-meaning engineers trying to do the right thing, but they aren't successful. It got to the point where even speaking with these engineers for an hour about what to do and what not to do wasn't sufficient, so I decided to write a book about it.

vpnMentor:  What new knowledge did you gain while writing this book?

The biggest thing I learned in writing the book was just how big threat modeling is. There are ways to think about what you're working on, what can go wrong, what to do about it, or if you did a good job.

Writing a book on threat modeling is like writing a book on all of programming. In programming, there are languages, like Perl or Haskel or even Excel, and there are methods to do it, from copying and pasting to StackOverflow to very formal engineering approaches. There are stages from concept to implementation, to testing and deployment. I had to fit all that into one book! But at the core of threat modeling are four questions:

(1) What are we working on?

(2) What can go wrong?

(3) What are we going to do about it?

(4) Did we do a good job?

I hope sharing these focus points will help others successfully threat model.

Threat Modeling: Designing for Security is available for purchase on Amazon. Click on the link below to read the first chapter. 

Click here to read a chapter from Adam's book!

Privacy Alert!

Your data is exposed to the websites you visit!

Your IP Address:

Your Location:

Your Internet Provider:

The information above can be used to track you, target you for ads, and monitor what you do online.

VPNs can help you hide this information from websites so that you are protected at all times. We recommend ExpressVPN — the #1 VPN out of over 350 providers we've tested. It has military-grade encryption and privacy features that will ensure your digital security, plus — it's currently offering 49% off.

Visit ExpressVPN

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Sarit is an experienced internet security writer who believes everyone has the right to online privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback