Title: Threat Modeling - A Manifesto And Some Code
Threat Modeling: Why we think it matters for you, and how you can implement it in your organization.
Modeling: How to model your system in an expressive way.
Eliciting threats: What are some of the major approaches in use and how can it be done closer to the developer and at Agile speed.
Evolution: Automated threat analysis using an open source tool (pytm). We will talk through the making of pytm and then do a demo.
Guest Speakers
Matthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has a MSc in Computer Science from Worcester Polytechnic University (USA), and maintains a CSSLP certification.
https://www.linkedin.com/in/matthew-coles-4330652/
Izar Tarandach (he/him) has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston University (USA).
https://www.linkedin.com/in/izartarandach/
Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, are founding members of the Threat Modeling Manifesto, and created and maintain an open source threat modeling automation system, pytm.
Your Hosts
Michael Man: https://www.linkedin.com/in/mman/
Glenn Wilson: https://www.linkedin.com/in/glennwilson/
DevSecOps - London Gathering
Keep in touch with our events associated with this podcast.