Threat Modelling

A figure at a small desk in a high-ceilinged reading room, reading with the quiet satisfaction of someone who has found exactly the book they wanted; through the tall windows, crowds of other figures drift past, half-dissolving into a cheerful drizzle, their attention already elsewhere. The reader is entirely unbothered.

Audience design

A friend asked whether the proof-of-concept I had sketched on a docs page was worth actually building. I said no, for the usual reasons, and also because the page in question had been written in the specific style of a document that does not want to be read. A four-layer architecture diagram without the diagram. Ingestion, storage, correlation, presentation. Bullet lists of API names with the dispiriting authority of a railway timetable. It reads like a tender response written by a tender response. ...

Is your threat model already behind?

Most organisations think they have a threat model. What they usually have is a historical artefact: a snapshot of how the environment looked on the day several people sat in a room with diagrams, coffee, and varying levels of optimism. The session happens. Assets are mapped. Threats are identified. Risks are scored. A document is produced. The document is reviewed, approved, uploaded somewhere nobody voluntarily visits, and occasionally resurrected during audits or post-incident archaeology. ...

Threat modelling for zero-day vulnerabilities

Threat modelling for zero-day vulnerabilities is a peculiar exercise in preparing for the unknowable. These are not the comfortable, catalogue‑ready bugs that live in CVE databases. These are the ones nobody, least of all the vendor, has seen fit to admit exist. They arrive without warning, without a patch, and with precisely zero days’ notice before being exploited. The task, therefore, is less about ticking boxes and more about building the sort of resilience that can withstand the unexpected without falling to pieces. ...