Channel 9 (http://channel9.msdn.com) taped me discussing threat modeling and the threat modeling tool and posted it today. WMP 9 users can watch it at play speed “Fast” for efficiency. Feel free to take a look and send some feedback either here or there.
Incidentally, this is my first experience with Channel 9. They don't ask you to prepare anything; rather, they just stop by and tape you talking about something. Having gotten used to talking to a slide deck, it was a bit, well, interesting. Probably better that it wasn't scripted. When Michael, Dave, and I did a “live” threat modeling session on a web application that we had never seen before and with no script, audience feedback suggested that they got more out of it than when we script it. I guess that makes sense, though, since it's closer to reality than something contrived or prepared in advance (which wouldn't have any of the hiccups that occur naturally in the process).
This posting is provided "AS IS" with no warranties, and confers no rights.