What is this#
I’m jst starting in threat modeling after crossing a post about Threat Modeling Connect Hackathon 2026 which sounded really interesting and should feed my engineering thirst (or over engineering thirst?).
These are my notes while learning and discovering this field, connecting with experienced and inexperienced people accross the world and of course hoping that my team wins first prize?
What is threat modeling?#
The concept itself is something we do on a daily basis. Let’s take the case of crossing the street:
We Identify how fast the vehicules are moving, how are pedastrians are moving:
We prioritize the risk: Higher moving first then slower ones..etc
We mitigate the risk: Traffic light, eye contact with the driver..etc
The same applies in the digital world. We:
- Identify threats based on their complexity, vulnerabilities chance of happening assumptions and all
- Prioritize these risks and threats.
- Mitigate these threats.
Where it sucks?#
As simple as it sounds, here’s what we’re missing.
Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know. Donald Rumsfeld
Why? Because these models are
- Limited of abstraction => simplified reality => not every possible risk is detected.
- Unpredictibility of threats => New vulnerabilities emerge, new risk rises and attackers constantly innovate.
- Bounded by assumptions => Not real systems, threats and vulunerabilities => flawed assumptions => innacurate model.
So is this helpless? No.
What makes a good Threat Model?#
All models are wrong, some are useful. George Box
In short, a good threat model is a humble (😉) threat model: Not overly complicated, not arrogant and thinks as a saviour and expects to know its limitations and leveraging strengths to build better secured systems.