The Problem With Threat Modeling in Application Security: Too Slow, Too Theoretical, Not Agile | ...
0Threat modeling is often called the foundation of secure software design—anticipating attackers, uncovering flaws, and embedding resilience before a single line of code is written. But does it really work in practice?
In this episode of AppSec Contradictions, Sean Martin explores why threat modeling so often fails to deliver:
• It’s treated as a one-time exercise, not a continuous process
• Research shows teams who put risk first discover 2x more high-priority threats
• Yet fewer than 4 in 10 organizations use systematic threat modeling at scale
Drawing on insights from SANS, Forrester, and Gartner, Sean breaks down the gap between theory and reality—and why evolving our processes, not just our models, is the only path forward.
👉 What’s your take? Share your experience with threat modeling in application security in the comments below. Is your organization able to integrate threat modeling into everyday work, or does it remain a one-off exercise? What changes to process or culture would make it valuable and visible across teams?
📖 Read the full companion article in the Future of Cybersecurity newsletter for deeper insights: https://www.linkedin.com/pulse/problem-threat-modeling-application-security-too-slow-martin-cissp-8n5ye/
🔔 Subscribe to stay updated on the full AppSec Contradictions video series and more perspectives on the future of cybersecurity: • The Future of Cybersecurity Newsletter
________
This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.
Enjoy, think, share with others, and subscribe (https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7108625890296614912) to "The Future of Cybersecurity (https://www.linkedin.com/newsletters/the-future-of-cybersecurity-7108625890296614912/) " newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity
Sincerely, Sean Martin (seanmartin.com) and TAPE9
________
Sean Martin (https://www.linkedin.com/in/imsmartin?miniProfileUrn=urn:li:fs_miniProfile:ACoAAAAWxYMBIEF_vFY2wR6GE75_JdWoZSiH3h4) is a life-long musician and the host of the Music Evolves Podcast (https://www.seanmartin.com/music-evolves-podcast) ; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast (https://www.seanmartin.com/redefining-cybersecurity-podcast) ; and is also the co-host of both the Random and Unscripted Podcast (https://www.seanmartin.com/random-and-unscripted-podcast) and On Location Event Coverage Podcast (https://www.seanmartin.com/on-location-podcast) . These shows are all part of ITSPmagazine (https://www.linkedin.com/company/itspmagazine/) —which he co-founded with his good friend Marco Ciappelli (https://www.linkedin.com/in/marco-ciappelli?miniProfileUrn=urn:li:fs_miniProfile:ACoAAAD_QZMB_jUr1316NWqo3MgG_iFVSPTfDgY) , to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™ ️
Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be nexthttps://www.itspmagazine.com/on-locationon
To learn more about Sean, visit his personal websitehttps://www.seanmartin.com/m/) .