Skip to Content
Threat Modeling Best Practices
book

Threat Modeling Best Practices

by Derek Fisher
October 2025
Intermediate to advanced
322 pages
8h 45m
English
Packt Publishing

Overview

Build threat modeling skills with practical advanced techniques to enhance risk analysis, optimize security measures, and stay ahead of emerging threats in the complex cybersecurity landscape Free with your book: DRM-free PDF version + access to Packt's next-gen Reader*

Key Features

  • Identify and mitigate security threats across software, cloud, mobile, IoT, and supply chains using STRIDE, PASTA, and MITRE ATT&CK
  • Learn from real-world case studies showing practical threat modeling applications across industries
  • Build threat modeling programs with the right team, tools, SDLC integration, and continuous improvement

Book Description

Threat modeling has become a cornerstone of modern cybersecurity, yet it is often overlooked, leaving security gaps that attackers can exploit. With the rise in system complexity, cloud adoption, AI-driven threats, and stricter compliance requirements, security teams need a structured approach to proactively spot and stop risks before attackers do. This book delivers exactly that, offering actionable insights for applying industry best practices and emerging technologies to secure systems. It breaks down the fundamentals of threat modeling and walks you through key frameworks and tools such as STRIDE, MITRE ATT&CK, PyTM, and Attack Paths, helping you choose the right model and create a roadmap tailored to your business. You'll learn how to use leading threat modeling tools, identify and prioritize potential threats, and integrate these practices into the software development life cycle to detect risks early. The book also examines how AI can enhance analysis and streamline security decision-making for faster, stronger defenses.

By the end, you'll have everything you need to build systems that anticipate and withstand evolving threats, keeping your organization secure in an ever-changing digital landscape.

*Email sign-up and proof of purchase required

What you will learn

  • Create foundational threat modeling artifacts like Data Flow Diagrams and security architecture diagrams to visualize system threats
  • Understand the relationship between vulnerabilities (exploitable weaknesses) and threats (sources of harm)
  • Analyze real-world case studies to see how threat modeling is applied in industry incidents
  • Evaluate and compare popular threat modeling tools, both open source and commercial
  • Explore advanced topics, including threat modeling for cloud environments and integrating with DevSecOps

Who this book is for

This book is for cybersecurity professionals, security consultants, penetration testers, and compliance managers seeking to integrate threat modeling into their assessment methodologies and client engagements. It’s also ideal for software architects, DevOps engineers, risk managers, and organizational leaders responsible for identifying, assessing, and mitigating security risks in their technological environments. Whether you’re new to threat modeling or looking to enhance your existing expertise, this book helps you with foundational knowledge as well as advanced techniques.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Threat Modeling

Threat Modeling

Izar Tarandach, Matthew J. Coles
Threat Modeling

Threat Modeling

Adam Shostack

Publisher Resources

ISBN: 9781805128250