Exploring Information Security

View Original

2024 Security Presentation Topic: Threat Modeling

Timothy De Block

Security Conferences 2024

I have been accepted to speak at two conferences this year: ShowMeCon in St Louis, MO, and the Palmetto Cyber Summit 2024 in Columbia, SC. I’m super excited to be speaking again in 2024. In 2023 I spoke on API security. This year it will be on threat modeling. Threat modeling is one of those the recommendations I’ve made in just about every talk I’ve given over the years. I figured it was time to dive deeper in.

As I prepare for the conference I will be blogging about threat modeling to help get my thoughts together. The abstract and outline are below. I’m waiting on a response for one other conference in the Spring. I will be submitting to other conferences later on this year as their CFPs open up. If you have a suggested conference please leave a comment below or reach out.

Abstract

Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling.

We will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again?

This presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling.

Grab your towel and join us for "The Security Hitchhiker's Guide to Threat Modeling." Leave with a clear understanding of how to embark on your threat modeling journey.

Outline

  • Introduction

  • Why this talk?

  • What is Threat Modeling?

  • The Basics of Threat Modeling

    • Key concepts and terminology

    • The threat modeling process

      • Identifying assets and data flows

      • Establishing the security profile

      • Identifying potential threats

      • Assessing vulnerabilities

      • Prioritizing risks

  • Methodologies and Approaches

    • Overview of common threat modeling methodologies

      • STRIDE

      • DREAD

      • OCTAVE

      • Attack Trees

    • Pros and cons

    • Choosing the right methodology

  • Tools and Resources

  • Demonstrations and examples 

  • Best Practices and Tips

  • Conclusion

See this form in the original post

This post first appeared on Exploring Information Security.