Threat Modeling: One of the best security tactics you already know how to do
Details
Jacob Shodd to present.
---
Threat Modeling is likely something you do every day without thinking about it. Every time you merge into a new lane on the highway and check your mirrors for oncoming vehicles, that's Threat Modeling. Any time you go through your mental checklist of doors and windows to lock before going to bed, that's Threat Modeling. Throughout this talk, we'll dive into applying these same mentalities to your software development lifecycle and giving you a structure to start exploring these ideas with your teams. We'll go into how we answer the four questions of Threat Modeling:
- What are we working on?
- What could go wrong?
- What are we going to do about it?
- Did we do a good job?
As well as talk about why you should threat model. After going through this process you'll have a complete diagram detailing exactly how your application works and a list of documented threats that you can either go fix or prevent from happening in the first place. Whether you are a developer, project manager, or security engineer Threat Modeling is a practice that can dramatically improve your security posture.
---
Jacob Shodd is an engineer who enjoys building things, breaking things, and building things that break things. He spent the first few years of his career working in DevOps before transitioning to focus on Security. Since then he's worked in a variety of areas including penetration testing, cloud security, developing automated security tooling, threat modeling, and is currently working as an Application Security Engineer at Smartsheet. In addition to work, he also spends a fair amount of time mentoring junior engineers and Bootcamp students to help them find their way into the wild world of tech.