The Jenga View of Threat Modeling

I’m happy to announce Shostack & Associate’s new, first, corporate white paper!It uses Jenga to explain why threat modeling efforts fail so often.

I’m excited for a lot of reasons. I care about learning from failure. I love games as teaching tools. But really, I’m excited because the paper has helped the people who read early copies.

It’s also exciting because as it turns out, the Jenga metaphor is way bigger than threat modeling. I’m talking about threat modeling because people tell me that’s what they want to hear about, but really, threat modeling requires culture change. It requires organizational work, and thinking about Jenga blocks will help you achieve that.

Only time will tell, but I think this is going to be as important as the ‘experiences’ paper where I broke threat modeling into attacker-centric, asset-centric and technology-centric views. This feels like an equally important step forward.

Because I really want people to read this paper, there’s no registration required. Because I want people to use the ideas, I’m releasing it under a creative commons license.

You can get your copy at

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam Shostack

Generally blogging at, but shared posts here before Medium asked me to jump through more and more hoops..