EP215 Threat Modeling at Google: From Basics to AI-powered Magic

In this episode of the Cloud Security Podcast, Tim Peacock and Anton Chevokhin interview Meador Inge, a security engineer at Google, about Google's threat modeling process. Meador explains the key steps, emphasizing scoping, collaboration with subject matter experts, and continuous updates integrated into the software development lifecycle. The discussion covers applying threat modeling to complex systems, operationalizing threat models, and communicating effectively with software engineers. They also explore the use of AI, specifically LLMs like Gemini, to enhance threat modeling and address challenges in scaling the process, and practical advice for those starting out in threat modeling.