World Conflicts
5h
231
Israel prevents Palestinians from gathering rainwater? Seems wrong on so many levels to me
Tech Industry
7h
336
Blind is an antisemitic cesspool
Tech Industry
10h
1197
Racism towards Indians
Tech Industry
8h
859
Am I racist if I don’t want to marry a Southeast Asian? (Korean here)
World Conflicts
4h
394
Should We Destroy BRICS Now?
Many security interviews will have a platform security threat modeling interview rounds for platform security engineering roles. What resources and books are best to prepare for these interviews? Already read Adam Shostack’s book Thread Modeling which gives a foundational overview on how to treat model but doesn’t go deep enough on systems designs and examples of threat modeling for complex distributed and highly scalable systems.
There is no single correct answer for that. Threat modeling is a very complicated stuff, but in the interviews we have strict time constraint and do very basic one. Maybe I am wrong, but in the interviews my methodology is as follows: 1-Defining high level components of the corresponding system 2-Defining the system boundaries 3-Defining the entry points 4-Defining the data flows across the system 5-Assessing the threats for each component, entry point and flows systematically. You can use frameworks like STRIDE and similar stuff. Normally since sometimes the systems are quite complicated, it requires decomposition of subsystem and performinng analysis on each decomposed elements. For distributed and scalable systems, nothing is different. As long as you define the system very well, the remaining is the same. The definition of system is up to the knowledge of system architecture for such systems. If you know how they work, the remaining stuff is the same.