Power Dynamics in Threat Modeling

On Linkedin, Peter Dowdall had a very important response to my post on remote threat modeling. Because comments on Linkedin are a transient resource, I’m going to quote heavily:

The team here ran a session with people in the same room using Miro (maybe 1 remote) and we found it stripped the barriers of either “taking the pen” or calling out threats to a board. That style of threat modelling can make some uncomfortable, resulting in people with great ideas staying quiet.

Being behind a laptop drawing on Miro, we saw more boldness from developers. It has a nice flow to it and allows you to get things down on virtual paper fast…and some of our more creative peoples drawings made it fun, which wasn’t an expectation. Just an observation I thought I would share.

This really hit home for me. I aspire to create inclusive ways to threat model, because different perspectives help us discover different problems. I’d like to use Peter’s comment to think about power dynamics in threat modeling. I am fond of whiteboards, because whiteboards, for me, are contrasted with an architect controlling a projector with a Visio doc. It’s tremendously uncomfortable, shocking even, to elbow them out of the way and start using their laptop to edit.

That’s one example of a power dynamic, and Peter brings up another. These are important. They influence the quality of the work. If we want to leverage all the brains in the room, we need to find ways to let people speak and are heard. We need to ensure everyone has both permission and encouragement to engage, and to avoid having the conversation be dominated by one or two people.

There are other power dynamics, including gender and cultural origin, especially the way a culture treats power differentials and respect. (Just to be concrete, imagine the dynamic over a laptop with a man and a woman in each role. Imagine co-workers from Israel, Japan and India, and how each engages.) There’s also organizational culture power dynamics, such as stem from seniority, length of time at the company or being part of a profit center or a cost center.

I’ve talked about one of the useful properties of the Elevation of Privilege game being power leveling: you can record a threat “to get the point,” and that’s why there’s a point system in the game. Another mechanism that can help is surveys as part of addressing “did we do a good job?”

I’m very curious, what else have you seen that helps reduce power differentials and get everyone engaged?

Image via Jopwell.

1 Comment on "Power Dynamics in Threat Modeling"


  1. This is an inspiring conversation- I love this story and the lessons learned, Thank You Adam!

    I have had an ongoing dialog with a colleague for years about power dynamics in the workplace, often on the topics of attracting and retaining talent, as well as pushing the privacy and security agenda forward inclusively to be more effective. Another power dynamic factor (beyond the gender/ethnicity/cultural/age factors):
    Choice.
    Did the person choose to be in the role they are in, with the responsibilities they have, working for the person they work for? Often the answer is ‘no’ (due to re-orgs, attrition, change in business direction, and so on). I have observed those who chose to be where they are, are far more likely to bring their best, to speak up, to question, to contribute. In threat modeling exercises they are definitely engaged, ready to identify areas for improvement, and more than willing to iterate and adapt. I recommend attempting to have some context on the participating parties, and organizing the sessions to account for these dynamics. It can be empowering and certainly cultivate more effective results.

Comments are closed.