Old Pareto had a Chart: How to achieve 80% of Threat Modelling Benefits with 20% of the Efforts

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration).

The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level. However, it is often perceived by the organisations as too expensive to introduce, or too slow to fit modern lifecycles, be it Agile, Lean, or DevOps.

This talk will show how to fit threat modelling in fast-paced software development, without requiring every developer to become an expert. The outcomes should be immediately applicable, hopefully empowering you to try it at work the day after the conference.

Presenters:

• Irene Michlin - IBM
  Irene Michlin is a security consultant at IBM. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures.

Links:

• https://deepsec.net/archive/2020.deepsec.net/speaker.html#PSLOT498

Similar Presentations:

• May Contain Hackers (MCH2022) / Threat modelling for hackers: a hands-on workshop
• Kawaiicon 2 (2022) Rescheduled / Making threat modelling easy and scalable using STRIDE
• DeepSec 2020 „The Masquerade“ / Threat Modeling: The Ultimate "Shift Left" (closed)