Recording

Shifting Threat Models from Static to Dynamic

  • 29 January 2024
  • 0 replies
  • 92 views
Shifting Threat Models from Static to Dynamic
Userlevel 5

Overview

Explore how to evolve threat models in sync with the ever-changing cloud landscape. This talk emphasizes shifting from static to dynamic threat models and proactive responses to cloud updates. Gain insights into threat minimization, stay abreast of cloud changes, and enhance your threat modeling.

Outline

  • Provide data on the rate of change of not only cloud providers like AWS, Azure, GCP but also SaaS providers.
  • Give examples of how this introduces both better new controls for existing threats (yay!) but also new threats (boo!)
  • Provide approaches for how to stay effectively up to date without being overwhelmed
  • Discuss methods to triage this information so you don't lose velocity in your team
  • Demonstrate workflows that enable your threat models to move from static to dynamic.
     

 

Slides

https://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/ThreatModCon/ThreatModCon2023%20Slides/ThreatModCon2023_%20Cloud_Continuous_Modelling_TysonGarrett.pdf

 

About the speaker

For over twenty years, Tyson has helped customers with threat modeling programs to scale security knowledge and impact. Now at TrustOnCloud, he is CTO, where the focus is providing a continuously updated cloud control library backed by in-depth threat models.

Prior to TrustOnCloud, Tyson was a Principal at AWS, where he worked with diverse service teams. Tyson played a significant role in using threat modeling to grow the AWS Security Foundational Best Practices standard, a trusted benchmark in the industry. He also contributed to the AWS Config Conformance Packs and provided control guidance that many AWS customers rely on today.


0 replies

Be the first to reply!

Reply


V2