In the recent news we’ve seen a variety of colorful headlines. Everything from “uninstall signal” to “the cia has broken whatsapp’s encryption”, followed by “the nsa can hack every cisco device” and even “the cia can hack your TV to spy on you”. Managing infrastructure for a company, a utility, a carrier and a press outlet all come with wildly different types of risk. Being able to clearly identify threats to a specific organization or technology is a key skill if you are defending it. Being able to explain to non-technical people what the risks are is also key. Deciding on what security posture to take, where to spend budgetary dollars and what defensive technologies need to be bolstered are decisions that all hinge from basic threat modeling.
This presentation serves as a “the-grugq-style” explanation of what threat modeling is, how it is used, and how to apply it to some recent headlines so that the audience take-away is a better understanding of threat modeling and how to apply it to various speaking topics, as well as their day to day work in the security space