In this episode of The Security Repo, we dive deep into the world of threat modelling with Paul McCarty, a veteran in the field of DevSecOps and founder of SecureStack. Paul shares his journey from being a Unix admin to working with high-profile organizations like NASA and GitLab. We explore the essentials of threat modeling, the significance of cloud-native security, and frameworks he has developed for threat modeling like TVPO. Tune in to learn how to stay ahead in the ever-evolving landscape of cybersecurity. Show Notes Paul’s GitHub https://github.com/6mile DevSecOps Playbook - https://github.com/6mile/DevSecOps-Playbook Secure Code Red training - https://sourcecodered.com/ Linkedin - https://www.linkedin.com/in/mccartypaul/ Introduction: 0:00 Pauls Journey: 1:10 the Cloud Native Mission: 2:55 Pauls History with Threat Modeling: 4:00 TVPO Framework for Threat Modeling 6:52 When Should Companies Start Threat Modeling 10:15 When to Threat Model: 12:00 Unique Risks of Threat Modelling Open-Source 13:50 Red Team Code Puppets: 21:48 Best and Worst: 28:00