2024 Security Presentation Topic: Threat Modeling
I have been accepted to speak at two conferences this year: ShowMeCon in St Louis, MO, and the Palmetto Cyber Summit 2024 in Columbia, SC. I’m super excited to be speaking again in 2024. In 2023 I spoke on API security. This year it will be on threat modeling. Threat modeling is one of those the recommendations I’ve made in just about every talk I’ve given over the years. I figured it was time to dive deeper in.
As I prepare for the conference I will be blogging about threat modeling to help get my thoughts together. The abstract and outline are below. I’m waiting on a response for one other conference in the Spring. I will be submitting to other conferences later on this year as their CFPs open up. If you have a suggested conference please leave a comment below or reach out.
Abstract
Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling.
We will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again?
This presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling.
Grab your towel and join us for "The Security Hitchhiker's Guide to Threat Modeling." Leave with a clear understanding of how to embark on your threat modeling journey.
Outline
Introduction
Why this talk?
What is Threat Modeling?
The Basics of Threat Modeling
Key concepts and terminology
The threat modeling process
Identifying assets and data flows
Establishing the security profile
Identifying potential threats
Assessing vulnerabilities
Prioritizing risks
Methodologies and Approaches
Overview of common threat modeling methodologies
STRIDE
DREAD
OCTAVE
Attack Trees
Pros and cons
Choosing the right methodology
Tools and Resources
Demonstrations and examples
Best Practices and Tips
Conclusion
This post first appeared on Exploring Information Security.