Threat Modeling

Knows basic threat modeling concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used.

Understands basic Threat Modeling concepts. Follows security guidelines. Recognizes common vulnerabilities in code.

Understands threat modeling: STRIDE for threat identification, data flow diagrams for the system. Participates in threat modeling sessions. Documents identified threats.

Understands basic threat modeling methodologies (STRIDE, DREAD). Identifies common threats in simple systems using predefined templates. Documents threat scenarios following organizational guidelines. Assists in data flow diagram creation for threat analysis.

Understands basic threat modeling for smart contracts: identifies common vulnerability patterns (integer overflow, access control flaws, unchecked external calls). Follows OWASP Smart Contract Top 10 guidelines. Documents potential threats in contract designs under mentorship.

Confidently applies threat modeling for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions.

Independently applies threat modeling to identify attack surfaces before penetration testing engagements. Maps MITRE ATT&CK techniques to system components. Understands trade-offs between different attack paths and prioritizes testing efforts. Creates threat-informed test plans covering network, application, and social engineering vectors.

Conducts threat modeling: STRIDE/PASTA for new features, identifies trust boundaries and attack surfaces. Creates threat models for APIs and data flows. Derives security test cases from threats.

Independently conducts threat modeling for medium-complexity systems using STRIDE and attack trees. Correlates identified threats with MITRE ATT&CK framework tactics. Understands trade-offs between security controls and system usability. Produces actionable threat reports with risk-ranked mitigation recommendations.

Independently applies threat modeling to multi-contract systems and cross-chain interactions. Analyzes protocol-level attack vectors (bridge exploits, oracle dependencies, upgrade mechanism abuse). Understands trade-offs between proxy patterns and immutability from a security perspective. Maps threats to formal verification targets.

Expertly applies threat modeling for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices.

Designs adversary simulation frameworks informed by comprehensive threat models. Maps MITRE ATT&CK kill chains to organizational assets and creates purple team exercise plans. Mentors junior testers on threat-driven penetration testing methodology. Optimizes threat model accuracy by feeding pentest findings back into organizational threat intelligence.

Designs threat modeling process: automated threat modeling (OWASP Threat Dragon, IriusRisk), organizational threat library, SDLC integration. Translates threats into security tests.

Designs threat modeling processes for complex distributed systems and cloud-native architectures. Creates attack tree libraries mapped to industry-specific threat landscapes. Mentors analysts on advanced threat analysis techniques including kill chain modeling. Optimizes threat detection rules based on modeled attack scenarios and emerging threat intelligence.

Designs comprehensive threat modeling processes for DeFi protocol ecosystems. Creates formal threat taxonomies covering economic, cryptographic, and governance attack surfaces. Mentors teams on invariant-driven security design and automated threat detection in smart contract upgrades. Optimizes security audit scope based on threat model coverage.

Establishes threat modeling standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams.

Defines threat-driven penetration testing strategy at team level. Establishes threat model-informed scoping and prioritization for all engagements. Coordinates red team and purple team exercises aligned with organizational threat landscape. Builds feedback loops between threat modeling outcomes, pentest findings, and security architecture decisions.

Defines threat modeling standards: mandatory for high-risk features, templates, review process. Trains dev teams. Coordinates threat models across teams.

Defines threat modeling strategy at team and product level for security operations. Establishes threat intelligence-driven modeling processes aligned with MITRE ATT&CK and industry frameworks. Coordinates threat assessments across SOC, incident response, and vulnerability management teams. Drives integration of threat models into detection engineering and monitoring strategy.

Defines threat modeling strategy for smart contract development teams and protocol products. Establishes security review standards integrating formal verification with threat analysis. Coordinates cross-protocol threat assessments for composability and upgrade risks. Drives adoption of threat modeling as a mandatory pre-audit practice across all contract development.

Shapes threat modeling strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area.

Defines organizational threat modeling strategy that drives offensive security priorities. Shapes enterprise red team roadmap based on evolving threat landscape and adversary TTPs. Establishes frameworks linking threat intelligence, threat models, and penetration testing coverage across the organization. Influences industry offensive security practices through research and community engagement.

Designs organizational threat modeling: automated threat discovery, threat intelligence integration, continuous threat assessment. Defines risk-based security strategy.

Defines organizational threat modeling strategy aligned with enterprise risk management. Shapes security operations architecture through threat landscape analysis and adversary modeling at scale. Establishes cross-departmental threat assessment standards integrating MITRE ATT&CK, STRIDE, and business impact analysis. Drives industry collaboration on threat intelligence sharing and modeling frameworks.

Defines organizational threat modeling strategy for blockchain and Web3 security across all protocols and chains. Shapes industry-wide smart contract security standards through formal threat taxonomies and risk frameworks. Establishes cross-organizational threat intelligence sharing for DeFi ecosystem risks. Drives evolution of threat modeling methodologies for novel attack surfaces (ZK circuits, cross-chain bridges, MEV).