Nearly every day we hear about another compromise of a system that involves a breakdown of security. In many cases, the reason for compromise can be traced back to vulnerabilities that were not found or understood and not mitigated. The attacker(s) used those vulnerabilities to carry out threats against the system.
Threat modeling is a way of thinking about what can go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building or evaluating information systems, we need to develop a similar mindset. In this session, you will learn practical strategies to develop a threat modeling mindset by: understanding a system, identifying threats, identifying vulnerabilities, determining mitigations and applying the mitigations through risk management.
|Format of talk||Lecture|
|Select a track||Application Security|
|If “Other”, please explain|
|Will you require funding for travel?||YES|
|In one sentence, describe who should attend this talk and what they’ll get out of it.|
Robert Hurlbut, based in Enfield, CT, is a Threat Modeling Architect/Lead at a large financial institution. Robert is a Microsoft MVP for Developer Technologies and Security and holds the (ISC)2 CSSLP security certification. Robert has 30 years of industry experience in software security, software architecture, and software development. He speaks at user groups, national and international conferences, and provides training for many clients. You can follow Robert on Twitter at https://twitter.com/roberthurlbut and co-hosting on the Application Security Podcast at https://www.appsecpodcast.org.
|Shirt Size||Men’s L|
Get promotions and special offers directly to your inbox.