zentm

_posts/2024-08-30-zentm.html

@@ -0,0 +1,36 @@
+---
+layout: post
+title: Zen Of Threat Modeling
+author: Izar Tarandach
+---
+
+<figure><img alt="" src"/assets/img/monk.webp" /></figure>
+<p>These are the observations of the warrior monk Itzairo Taran-Da-Chi, of the CTM-Ryu school, musing about the experiences and people along the road to Reasonable Security. </p>
+
+<ul>
+<li>The man who threat models his friends' systems will collect the bounty. But the man who threat models his own systems will sleep the whole night.</li>
+
+<li>Life is navigating your own threat model and only appearing on other people's as a mitigation to threats.</li>
+
+<li>What is the color of what you're building? What is the taste of what could go wrong? What sounds does what you can do about it makes? A threat model fulfills every sense.</li>
+
+<li>You did good if you did well.</li>
+
+<li>Before threat modeling, chop wood, carry water. After threat modeling, chop wood, carry water.</li>
+
+<li>If a threat turns into a vulnerability but there was no impact, was it a threat?</li>
+
+<li>What sound does a no-alert design make?</li>
+
+<li>A threat model of a thousand systems begins with a single question.</li>
+
+<li>The threat model pointing at the flaw is not the flaw.</li>
+
+<li>Threat model rather than be threatened by a model.</li>
+
+<li>When the mind becomes still, the design sings and the flaws cough.</li>
+
+<li>A life well threat modeled is a life well lived.</li>
+
+<li>You can ask a LLM, but it can't answer.</li>
+</ul>