Date: Tuesday, March 8, 6:30 PM
Location: Microsoft office, Cambridge Center, Cambridge, MA. Use the Microsoft-specific building entrance.
Cost: Free and includes pizza!
Reservations and Photo ID: Required. Reserve here at Meetup or by sending an email to [masked] . We require your full name for building security purposes, so please include that if your Meetup username does not provide it or you will NOT be added to the security list. Please also bring a photo ID to present to building security upon entering the building.
"Developing a Threat Modeling MindsetPasswords: Keys to the Kingdom," presented by Robert Hurlbut of Robert Hurlbut Consulting Services (https://roberthurlbut.com/)."
Nearly every day we hear about another compromise of a system that involves a breakdown of security. In many cases, the reason for compromise can be traced back to vulnerabilities that were not found or understood and not mitigated. The attacker(s) used those vulnerabilities to carry out threats against the system.
Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset. In this session, you will learn practical strategies to develop a threat modeling mindset by: understanding a system, identifying threats, identifying vulnerabilities, determining mitigations andapplying the mitigations through risk management.
Robert Hurlbut is an independent software security consultant, architect, developer, and trainer through Robert Hurlbut Consulting Services. Robert is a Microsoft MVP for Developer Security and holds the (ISC)2 CSSLP certification. Robert has 30 years of industry experience in secure coding, software architecture, and software development and has served as a project manager, chief architect, and director of software development for several clients. Robert blogs at roberthurlbut.com/blog and shares links and other information on Twitter at @RobertHurlbut.