Marco Mirko Morana

Marco Mirko Morana

My career in cyber-security spans more than 20 years working in different roles and industry sectors. As a author, besides co-authoring the book on risk centric threat modelling I wrote a book on application security risk management for CISOs and several white papers covering application and software security topics.

Risk-Centric Threat Modeling

Risk-Centric Threat Modeling: Process for Attack Simulation and Threat Analysis introduces the PASTA methodology, a risk-based approach to application threat modeling. The book provides an in-depth look at various threat modeling techniques, focusing on aligning security measures with the potential impact of identified threats, vulnerabilities, and attack patterns. PASTA’s seven stages guide practitioners through defining business objectives, identifying application components, enumerating potential threats, analyzing vulnerabilities, and prioritizing risk management actions. By incorporating attack simulation and business impact analysis, PASTA enables organizations to apply targeted, effective security countermeasures that address the most critical risks to their systems and data. The book can be purchased from Amazon