Threat Modeling 101

Presented at LayerOne 2017, May 27, 2017, 10 a.m. (60 minutes)

In the recent news we’ve seen a variety of colorful headlines. Everything from “uninstall signal” to “the cia has broken whatsapp’s encryption”, followed by “the nsa can hack every cisco device” and even “the cia can hack your TV to spy on you”. Managing infrastructure for a company, a utility, a carrier and a press outlet all come with wildly different types of risk. Being able to clearly identify threats to a specific organization or technology is a key skill if you are defending it. Being able to explain to non-technical people what the risks are is also key. Deciding on what security posture to take, where to spend budgetary dollars and what defensive technologies need to be bolstered are decisions that all hinge from basic threat modeling. This presentation serves as a “the-grugq-style” explanation of what threat modeling is, how it is used, and how to apply it to some recent headlines so that the audience take-away is a better understanding of threat modeling and how to apply it to various speaking topics, as well as their day to day work in the security space

Presenters:

  • Dan Tentler / Viss as Dan Tentler
    Dan Tentler (@Viss) is the founder and CEO of The Phobos Group, a boutique information security services company. Previously a co-founder and CTO of Carbon Dynamics, and a security freelancer under the Aten Labs moniker, Dan has found himself in a wide array of different environments, ranging from blue team, to red team, to purple team, to “evil hacker for a camera crew”. When not obtaining shells or explaining against how to get shelled, Dan enjoys FPV racing and crashing drones in new and interesting ways.

Links: