As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To accomplish this goal and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans. This paper will examine threat modeling and explain how it can be used in concert with secure development best practices, including defensive coding, automated source code analysis, peer code reviews, and penetration testing to both identify and mitigate embedded software threats.