Overview
You'e just completed a threat model of your system. Now what? We'll use a practice threat model to illustrate how to craft more secure features, functionalities, and mitigations from Threat Modeling outputs. We'll demonstrate how users, collaborators, and dependent teams benefit from Threat Modeling.
Outline
By using example potential outputs of a Threat Model Session, we'll discuss how each artifact (DFD, Threat Table, Threat Library, Risk Assessment) can: inform development with "security in mind" within the Team(3-5), feed inputs into Red/Purple team engagements for more targeted results(3-5), build collaboration across teams/organizations (10).
Slides
About the Speaker
Jonathan (Jono) Sosulska has a background of Infrastructure engineering, CI/CD, and Developer advocacy. He has been actively performing and building Threat Modeling at enterprise organizations for two years. Through Aquia, an SDVOB, he's been able to work with application teams across various architectures, from mainframes to micro-services, on quickly adopting and implementing Threat Modeling Techniques.