In this webinar with Adam Shostack and Jonny Tennyson, we address what the 4 steps to threat modeling are and how to scale them at enterprise level.
Threat Modeling is ways of understanding, identifying and mitigating security, privacy and similar issues in a system. It is ideal for security engineers, software architects, and developers as it will help them in shaping every system they build and defend.
THE 4 STEPS TO THREAT MODELING
what are we Building?
What are we going to do about it?
what can go wrong?
did we do a good job?
Adam Shostack
Shostack & Associates
Adam Shostack is a leading expert on threat modeling, and consultant,
entrepreneur, technologist, author and game designer. He helped found the
CVE and a variety of startups. During his years at Microsoft, he was Principal
Program Manager for the Trustworthy Computing SDL team, created the Microsoft SDL Threat Modeling Tool (v3), the Elevation of Privilege threat modeling
game, and fixed autorun. He has taught threat modeling at a wide range of
commercial, non-profit and government organizations. He’s a member of the
Black Hat Review Board, is the author of Threat Modeling: Designing for Security,
and the co-author of The New School of Information Security.
Jonny Tennyson
Head of Customer Success at IriusRisk
A lifelong tech enthusiast, Jonny is passionate about getting people as excited as he is about great solutions. As a result, he can normally be found sharing his ideas with customers, colleagues or publicly speaking at events. At IriusRisk, he is working to ensure that our users get the best possible experience working with us and our platform.