Threat Modelling & Elevation of Privilege with Bill Matthews


Location visible to members


Bill Matthews will discuss the threat modelling technique from the perspective of security testing and we will show the Elevation of Privilege game in action.

We will place this game in the context of DevOps DevSecOps and ShiftLeft.

About Threat Modelling

Threat modelling is a technique which aims to identify security vulnerabilities within systems. The typical output from the threat modelling process is some information, such as bug reports, about what work is necessary to make the system more secure.

About Elevation of Privilege

Invented by Adam Shostack at Microsoft, this game takes an architectural diagram and the varied perspectives of the team produces validated set of work items. It is also fully gamified and provides an architectural pattern for the gamification of any anti-pattern collection.

About Bill Matthews

Bill is a test consultant from QA Consulting and has used threat modelling and Elevation of Privilege many times. He has not spoken on this topic for many years and will take this opportunity to provide up to date insights.