OWASP SAMM Threat Modeling: From Good to Great

#### OWASP SAMM Threat Modeling: From Good to Great

Have you heard about Threat Modeling but are unsure of how to implement it effectively in your organization? As Threat Modeling becomes increasingly popular in organizations, it's crucial to understand the key elements and strategies you can leverage to build a successful program tailored to your environment.

This session will explore the OWASP SAMM maturity stream for threat modeling, which consists of three levels:

• Level 1: Perform best-effort, risk-based threat modeling using brainstorming and existing diagrams with simple threat checklists.
• Level 2: Standardize threat modeling training, processes, and tools to scale across the organization.
• Level 3: Continuously optimize and automate your threat modeling methodology.

During this session, we will explore the various indicators within your organization that can shape your Threat Modeling program and help you envision what it may entail. We'll also cover the essential data you'll need to collect to effectively measure and improve its impact and efficacy.

You'll gain insights into whether you should handle the program in-house or consider bringing in external help, as well as who should lead it - the Security Team or developers. We'll also delve into whether all teams should follow the same approach or if you should have dedicated Security Champions.

We will introduce a Threat Modeling maturity model and an OWASP threat modeling playbook that can guide you in building a successful program. Through this talk, you'll leave with ideas for your next steps, equipped with ways to succeed and fail fast if necessary.

Join us in this session to learn how to implement Threat Modeling effectively and build a program that works for your organization.

About your speaker

Sebastien Deleersnyder (Seba) is the CTO, co-founder of Toreon and COO of Data Protection Institute. With a strong background in development and extensive experience in cybersecurity, Seba has trained numerous developers on how to create more secure software. He is also the founder of the Belgian OWASP chapter and a former member of the OWASP Foundation Board. Through his work leading OWASP projects like OWASP SAMM, Seba has made a significant impact in improving the overall security of the world. Currently, he is focused on adapting application security models to the rapidly changing landscape of DevOps and promoting the importance of threat modeling to a broader audience.