Threat Modeling: A Manifesto And Some Code
Details
Speakers:
Izar Tarandach, Principal Security Engineer at Squarespace
Matthew Coles, Senior Principal Product Security Engineer at Dell Technologies
Topic: Threat Modeling: A Manifesto And Some Code
Abstract:
Threat Modeling: why we think it matters for you, and why we wrote a book about it.
We will look at:
Modeling: how to model your system in an expressive way
Eliciting threats: what are some of the major approaches in use? How can it be done closer to the developer and at Agile speed?
The Threat Modeling Manifesto: the distilled wisdom of dozens of collected years of threat modeling, in an easily consumable format - why it was written, what it is, and how can you benefit from it?
Evolution: Automated threat analysis using an open source tool(pytm). We will talk through the making of pytm and then do a demo.
Speaker Bios:
Matthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has an advanced degree in Computer Science from WPI, and maintains a CSSLP certification.
Izar Tarandach (he/him) has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston U.
Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, and an open source threat modeling automation system, pytm.
LinkedIn: https://www.linkedin.com/in/izartarandach/
Twitter: https://twitter.com/izar_t
LinkedIn: https://www.linkedin.com/in/matthew-coles-4330652/
Twitter: https://twitter.com/coles_matthewj
pytm: https://github.com/izar/pytm
NOTE: Due to the continuing health concerns relating to the spread of the coronavirus disease (COVID-19), we will be meeting virtually until further notice.
