Overview
This session presents a framework for decomposing complex systems into their constituent components and using that information to conduct an AI-assisted threat model. The aim of this session is to bring threat modeling to engineers regardless of their experience and thereby greatly increasing adoption.
Outline
- Introduction: Common challenges to adopting threat modeling.
- The CCCS Model: A universal framework for decomposing complex systems.
- AI-Assisted Threat Modeling: Exploring the role of large language models in accelerating the generation of threat models.
- CCCS Applied: Decomposing Kubernetes.
- Practical Session: Participants to observe AI generate a basic threat model for Kubernetes.
- Conclusion: Recap of learnings and next steps in the threat modeling journey.
- Discussion and Q&A: Addressing participant questions and discussing further applications of the technique.
Slides
About the speaker
Wael Ghandour is currently a security software engineer at VMware focusing on the development of automated and scalable security technologies. Prior to his current role he led security for VMware VeloCloud covering all aspects of the security development lifecycle. His experience includes working on and securing large-scale distributed systems at various companies in the San Francisco Bay Area such as VMware, Cisco Systems, Medallia, and Lending Club as well as internationally in Canada and the UAE.