What we're about
Upcoming events (1)
19:00 - 19:15 Welcome
19:15 - 20:00 A story on scaling threat modeling across 500+ DevOps teams by Abhishek k. Goel
20:00 - 20:15 Break
20:15 - 21:00 Gamification of Threat Modelling by Grant Ongers
A story on scaling threat modeling across 500+ DevOps teams.
This talk is not about “what is threat modelling, and what are the different methodologies?”. This is well known and understood by now. With every organization moving towards DevSecOps, the difficult question is “how to do Threat Modeling at scale?”. I want to take this opportunity to share with you the ABN AMRO story about how we did this!
Abhishek k. Goel is a Security Consultant at ABN Amro and the IT lead for Threat Modelling capability at the bank. He is a senior security engineer responsible for enabling security in DevOps across the bank.
Before ABN, he was a Lead Security Consultant with Deloitte USI and enabled security in CICD pipelines for clients across the globe.
Gamification of Threat Modelling
The talk is all about doing security architecture and threat modelling work as part of development planning.
The presentation starts by introducing OWASP Cornucopia and the simplified OWASP “Top 5” for developers and then moves into looking at how one can practically include a form of threat modelling (using Cornucopia) into one’s agile development practises in an effective manner.
There is a brief discussion on gamification, covering the usual FAQs on that and then it moves onto implementation at scale and some of the experiences we’ve had there.
Co-founder of Secure Delivery and current OWASP Global Foundation board member, Grant Ongers (@rewtd), is a firm believer in security enabling delivery not blocking it. The philosophy and purpose of Secure Delivery is in the name: optimal delivery and security in one nimble and adaptive offering.
Grant’s experience spans Dev - building platforms for Telcos, MSPs and Financial institutions for more than 10 years. 20+ years in Ops, running operational teams in global NOCs to managing mainframe and database systems. He also has over 30 years pushing the limits of (Info)Sec - mostly white-hat. He’s worked on both sides of the TPSA table, for and with regulated orgs ensuring compliance and matching “appetite for” with “acceptance of” risk.
Grant’s community involvement is global: Staff at BSides (London, Las Vegas, and Cape Town), Goon at DEF CON (USA) for over a decade and DC2721 co-founder, staff at BlackHat (USA and EU).
Alongside his role as CTO within Secure Delivery, Grant provides C-suite advice and guidance on security to FTSE100 enterprises and strategic risk analysis within M&A diligence teams.
This is an online meeting and will be streamed on YouTube.