Threat Modeling in Practice: Skills Every AppSec Professional Needs

Threat modeling is one of the most valuable (and most overlooked) skills for anyone working in or around software security. It blends structured thinking, attacker mindset, and clear communication. And the earlier you learn it, the faster you grow in AppSec.

Join OWASP Barcelona for a community-driven session where Roger Castellanos Fernandez, cybersecurity engineer specializing in application security, breaks down how threat modeling works in real-world environments and how to integrate it into product development.

### What you’ll learn

• How to approach “what can go wrong?” using practical threat-modeling frameworks
• STRIDE, CAPEC, risk assessment basics, and how they apply in real projects
• How to collaborate with developers and product teams to embed security early
• Why mastering threat modeling accelerates your career in AppSec

### Why this talk matters

Roger’s research work, including a full threat model and risk assessment of a blockchain-enabled anti-counterfeiting system, gives him a unique perspective on analyzing complex architectures, understanding attacker goals, and turning findings into actionable controls.