Developing a Threat Modeling Mindset

Overview

Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regard to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset - a Threat Modeling Mindset.

Outline

• Understanding a system
• Identifying threats and vulnerabilities 
• Determining mitigations 
• Applying the mitigations through risk management
   

Slides

https://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/ThreatModCon/ThreatModCon2023%20Slides/ThreatModCon2023-Developing_Threat_Modeling_Mindset_Workshop_RobertHurlbut.pdf

Handout

https://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/ThreatModCon/ThreatModCon2023%20Slides/ThreatModCon2023-Developing_Threat_Modeling_Mindset_Handout_RobertHurlbut.pd

About the speaker

Robert Hurlbut is a Principal Application Security Architect / Threat Modeling Lead at Aquia, Inc. Robert has 30 years of industry experience in secure coding, software architecture, and software security. He speaks at user groups, national and international conferences, and provides training for many clients. Robert is a co-author of the Threat Modeling Manifesto (https://threatmodelingmanifesto.org). You can find Robert on Twitter at https://twitter.com/roberthurlbut and as a co-host for the Application Security Podcast at https://podcasts.apple.com/us/podcast/the-application-security-podcast/id1154351685.