Member-only story

STRIVE to Threat Model — make real STRIDES, duds

Andre Camillo, CISSP
5 min readFeb 8, 2025

--

I’ve written about this back in 2022 — this is an update following technological developments and more…

So I went on vacation recently… and as a good cyber security minded person always does, I checked all my accounts’ means of access — meaning tested pwds, 2fa, security keys, passkeys — all the fun of doing this multiple times — because we all have about 10 emails providers don’t we all?

Then I decided to work on a side project during my time away: using AI to help build an open-source password generator. The idea was simple, yet it assumed an in-depth understanding of security concepts like cryptography, obfuscation, zero-knowledge, salting/peppering, ephemeral keys — and the risks associated with them. That’s when I remembered the fundamentals of Threat Modeling and how crucial it is to designing safer systems.

As Lana del Rey sings: Margaret

Looking Back: In my post from 3 years ago, I highlighted how “Threat modeling is a way to analyze and represent potential risks in systems…” and how this activity can be extended to further areas of our lives, ensuring we protect our digital assets at every turn. If you’re just diving into threat modeling or want a broader context, it’s worth revisiting.

What Is Threat Modeling?

--

--

Andre Camillo, CISSP
Andre Camillo, CISSP

Written by Andre Camillo, CISSP

Cloud, AI and Cyber Security tech, Career, Growth Mindset. Find my Discord &more: https://linktr.ee/acamillo . Architect @Crowdstrike. Opinions are mine!

No responses yet