The presentation discusses the challenges and solutions in implementing threat modeling in established software development teams, particularly during the COVID-19 pandemic.
- Established software development teams may have difficulty in implementing threat modeling due to their existing processes and lack of security expertise.
- To address this, it is important to provide benefits and scope of threat modeling, as well as point to similar organizations that have successfully implemented it.
- Threat modeling should be integrated into the software development process and not treated as a separate tool.
- Facilitated sessions can help teams overcome challenges in implementing threat modeling, particularly during remote work situations.
The speaker shared a story of a product manager who expressed frustration over their team's lack of findings in their threat modeling sessions. Upon investigation, it was discovered that the team had resorted to a visual code review process via email, which was not effective. Facilitated sessions were then conducted to help the team overcome their challenges.