Starting threat modeling isn't just about applying STRIDE and calling it a day. Many hit a roadblock when faced with a blank page. In this workshop, we'll explore how the concept of kata, derived from martial arts, can be applied to the realm of threat modeling. Just as martial artists perfect a series of movements through repetitive practice, we'll create safe playgrounds for participants to engage in hands-on threat modeling exercises. By doing so, you'll not only gain invaluable experience but also enhance your ability to navigate complex cybersecurity challenges with confidence.
Outline
*Architecture Diagrams: what do you need to start threat modeling
*Approaches to threat modeling: Attack library-based (e.g. stride), security principles informed to look for vulnerabilities
*Katas as safe spaces to practice threat modeling.
*Exercises:Kata practice (threat model an LLM system)
Slides
Workshop handout
https://docs.google.com/document/d/1DJ2MgxiKo_4iyopmJGsDkbTTlnssdX9I_xSlZowc9Bs/edit
Miro board
https://miro.com/app/board/uXjVKa_-X_4=/?share_link_id=315170355481
🔒Password: hackathon
Â