agile - Abhay Bhargav

Abhay Bhargav

Sign in Subscribe

agile

A collection of 3 posts

Mozilla's Rapid Risk Assessment (RRA) - Interview

threat modeling Featured

Mozilla's Rapid Risk Assessment (RRA) - Interview

I have always been passionate about Threat Modeling. Especially at efforts at: * scaling it * speeding it up * doing it collaboratively without having your Product Engineering Teams hating you * Codifying it, or.. * Integrating it with DevOps On the other hand, I have always found Mozilla to be a fascinating organization. They

Think "Feedback" over "Pipelines" for DevSecOps Success

Think "Feedback" over "Pipelines" for DevSecOps Success

For a while now, the term DevSecOps has become synonymous with Pipelines. That is natural. DevOps, for the longest time has been associated with pipelines. I am sure, that if you've read anything around DevOps or DevSecOps, you'd have heard of the term "CI/CD". Well, let's look at what

Thoughts on Using and Scaling Threat Modeling

threat modeling

Thoughts on Using and Scaling Threat Modeling

Some of my pet peeves with Threat Modeling, as its currently done by a lot of orgs out there: 1. Threat Models are generated as tomes, rarely used by the people who need to be using it (architects, engineering teams, business owners, even security people) 2. Consequently, Threat Modeling does