Ready to build cloud applications that attackers can’t break? In this in-depth podcast, cybersecurity host Prabh Nair sits down with his brother Pushpinder Singh—Cloud Security Architect, CCSP, AWS-Pro, Zero-Trust specialist—to unpack practical, real-world threat modeling. You’ll learn how to weave security into every sprint, cut through compliance noise, and ship code that’s resilient from day one. Pushpinder starts by breaking down STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), then shows how to map trust boundaries, data-flow diagrams (DFDs) and risk scores to the cloud stack—web front end, APIs, micro-services, payment gateways and AI workloads. Hear war-stories on adding multi-factor authentication, mutual TLS, input validation, encryption at rest/in transit and why early stakeholder buy-in crushes later rework. We dive into: Threat modeling vs secure design reviews—why both matter in DevSecOps Adapting STRIDE, PASTA, DREAD, MAESTRO to SaaS, serverless and AI systems Building living threat-model docs: scope, data flows, risk registers, Jira tickets Real e-commerce demo: from login spoofing to tampering mitigation with signed tokens Trust-boundary pitfalls in hybrid / multi-cloud and how to segment for Zero Trust Rapid response case study: choosing controls for payment and PII flows without killing agility Sneak peek at Pushpinder’s open-source threat-modeling tool (OWASP ASVS + SAM today, NIST soon) 00:00 – 02:30- Introduction and Welcome Pushpinder Singh and his career journey 02:30 – 10:55 - Fundamentals and Philosophy of Threat Modeling 10:55 – 19:48 - Threat Modeling and Key Questions 19:48 – 26:37 - Important Documents and step by step integration required for Threat Modeling 26:37 – 27:47 - Five Artifacts 27:47 – 29:33 - How we decide Threat Modeling 29:33 – 33:11 - Stride Methodology 33:11 – 35:49 - Data Flow Diagrams 35:49 – 40:07 - Threat Model Flow 40:07 – 45:56 - Trust Boundaries 45:56 – 57:10 - E-Commerce Application Threat Model 57:10 – 01:02:20 - Threat Modeling Process 01:02:20 – 01:25:25 - Tool - Threat Modeling 101: E-Commerce example with enhanced DFD 01:25:25 – 01:29:40 - How company can do threat modeling if they don't have a tool 01:29:40 - End of the conversation by thanking Pushpinder Singh and looking forward to doing more sessions. CISO talks NIST Series GRC Series ISO 27001 Video ISO 27001 Implementation Guide GRC Practical Series GRC Interview Internal Audit Stick around for next steps: a live, hands-on STRIDE workshop and downloadable templates so you can start threat modeling your own projects tomorrow. #ThreatModeling #CloudSecurity #STRIDE #SecureSDLC #DevSecOps #ZeroTrust #Cybersecurity #SecurityArchitecture