A Dog, a Cat, and a Roast Turkey (RELOADED): What’s in your threat model?
Wade Winright (Salesforce)
What do the most effective red teams, blue teams, and engineers all have in common? Threat modeling. Two words wildly used, mostly misunderstood, and almost guaranteed to strike instantaneous yawns in most of the cyber/security field and community (when sadly, it is likely the most powerful non-deterministic tool available.) Attendees of this training workshop will leave prepared to address the needs of each of the three constituents previously mentioned.
- Red team? Threat modeling is the place to start to enumerate the attack surface.
- Blue team? Threat modeling is the place to determine what type of attackers you will most likely be facing.
- Software Engineer/Developer? Threat modeling is the place to start securing your project from the ground up, providing resiliency and security assurances.
This is an engaging hands on training with active participation. Attendees will work through the flow of creating threat models to facilitate ownership, perspective, and informed direction regardless of your station or mission. Student sourced options and live scenarios are encouraged; current examples we’re using today include substrate level concerns and threats to multi-tenancy, Nation States, various abstract situations, and coaching on how to use 0day in a FUD-free manner.
Based out of Auckland, Wade is a Director of Security Assurance at Salesforce who is passionate to make this series of tubes we call home a safer place for all, and has been modeling threats for far more years than he’d care to admit.