Shows
The ITSM Practice: Elevating ITSM and IT Security KnowledgeFISMA in the Cloud: What Midsize Security Teams Need to KnowIn this episode of The ITSM Practice Podcast, we explore what FISMA really means for midsize, cloud-native security teams. Using real-world scenarios, we explain why FISMA was built for federal systems, where it clashes with cloud responsibility models, and how a risk-based adoption strengthens governance without falling into compliance theatre.In this episode, we answer to:Do FISMA controls apply to cloud-native and SaaS-based environments?How can midsize companies use FISMA without full federal-style compliance?Why is risk-based adoption more effective than checklist compliance in the cloud?
2026-02-1008 min
The Boring AppSec PodcastS1E05 - Threat ModelingWelcome to the Boring AppSec Podcast! In Episode 5, we dig deep into what threat modeling is from a practitioner's perspective. We compare it with design reviews and discuss when/how/why of threat modeling. In the end, we wrap up by talking about how Gen AI could help threat modeling significantly.
References:
We will try and add information about all the references we make here. Please enter rabbit holes at will :)
Threat modeling manifesto - Threatmodelingmanifesto.org
STRIDE framework - https://en.wikipedia.org/wiki/STRIDE_(security)
Tools for threat modeling
http...
2024-04-011h 01