Agile + DevOps West 2020 Concurrent Session : Threat Modeling Lessons Learned From Star Wars


Wednesday, June 10, 2020 - 10:30am to 11:30am

Threat Modeling Lessons Learned From Star Wars

Add to calendar

Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. Threat Modeling Lessons from Star Wars is a basic intro to threat modeling talk designed to take the audience from knowing nothing about threat modeling to understanding how to threat model effectively as avoid the traps that make it hard. This talk captures lessons Adam Shostack has learned from his years of work helping people throughout the software industry threat model more effectively. It's designed to help security pros, developers and systems managers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively.

Adam Shostack
Shostack & Associates

Adam Shostack is the author of Threat Modeling: Designing for Security and the co-author of The New School of Information Security. He helped found the CVE, the Privacy Enhancing Technologies Symposium and the International Financial Cryptography Association. He has been a leader at a number of successful information security and privacy startups. Shostack is currently a principal program manager on the Microsoft Trustworthy Computing Usable Security team, where among other accomplishments, he shipped the Microsoft Security Development Lifecycle (SDL) Threat Modeling Tool and the Elevation of Privilege threat modeling game as a member of the SDL team.