Presented at
DeepSec 2020 „The Masquerade“,
Unknown date/time
(Unknown duration).
The earlier in the lifecycle you pay attention to security, the better are the outcomes. Threat modelling is one of the best techniques for improving the security of your software. It is a structured method for identifying weaknesses on design level. The participants will learn the technique and gain practical skills through exercises.
The curriculum of the training:
- Threat modelling: introduction and motivation
- Data Flow Diagrams
- STRIDE
- Beyond STRIDE
- Prioritization
- Mitigations
- Integrating threat modelling in SDLC
This training targets mainly blue teamers, as well as software developers, qa engineers, and architects; but will be also beneficial for scrum masters and product owners.
Presenters:
-
Irene Michlin
- IBM
Irene Michlin is a security consultant at IBM. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures.
Kreshnik Rexha is a consultant security architect at IBM Security. Before joining the consultancy practice Kreshnik has worked in multiple roles in industry including software development, infrastructure engineering, architecture and risk & compliance mainly in large enterprises in the financial sector. He has also spend a considerable part of his career teaching security in various UK educational institutions. Kreshnik's professional interests are DevSecOps and Key /Secret Management.
-
Kreshnik Rexha
- IBM
Irene Michlin is a security consultant at IBM. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures.
Kreshnik Rexha is a consultant security architect at IBM Security. Before joining the consultancy practice Kreshnik has worked in multiple roles in industry including software development, infrastructure engineering, architecture and risk & compliance mainly in large enterprises in the financial sector. He has also spend a considerable part of his career teaching security in various UK educational institutions. Kreshnik's professional interests are DevSecOps and Key /Secret Management.
Links:
Similar Presentations: