Using User Story Mapping for effective communication

January 1, 0001

Based on the work by @jeffpatton namely the presentation User Story Mapping, Discover the whole story

Explore how it relates to Threat Modeling

This paragraph from Jeff's User Story Mapping book pretty much describes threat modeling in non-technical terms:


User story mapping is all about discovery and communication. Threat modeling is all about discovery and communication. What can threat modeling learn from user story mapping and related techniques to help make it more effective? Can using user story mapping techniques reduce the friction to getting started with threat modeling for development and engineering teams?


To be determined based on who's in the room, but possibly:

  • A discussion of how user story mapping relates to threat modeling
  • Experimentation with using story maps in threat modeling


  • A summary of how user story mapping can work for threat modeling, and how to get started
  • A comparison with more traditional approaches to threat modeling