Many security interviews will have a platform security threat modeling interview rounds for platform security engineering roles. What resources and books are best to prepare for these interviews? Already read Adam Shostack’s book Thread Modeling which gives a foundational overview on how to treat model but doesn’t go deep enough on systems designs and examples of threat modeling for complex distributed and highly scalable systems.
There is no single correct answer for that. Threat modeling is a very complicated stuff, but in the interviews we have strict time constraint and do very basic one. Maybe I am wrong, but in the interviews my methodology is as follows: 1-Defining high level components of the corresponding system 2-Defining the system boundaries 3-Defining the entry points 4-Defining the data flows across the system 5-Assessing the threats for each component, entry point and flows systematically. You can use frameworks like STRIDE and similar stuff. Normally since sometimes the systems are quite complicated, it requires decomposition of subsystem and performinng analysis on each decomposed elements. For distributed and scalable systems, nothing is different. As long as you define the system very well, the remaining is the same. The definition of system is up to the knowledge of system architecture for such systems. If you know how they work, the remaining stuff is the same.