From our meetup on Thursday, February 11 2021: www.meetup.com...
Izar Tarandach (@izar_t) and Matthew Coles (@coles_matthewj) will discuss the following topics in applied threat modeling:
Principles: Formulate a conversation around the relationships of concepts in security. This will include attackers, exploits and value, and how the characteristics of these connections might be understood and managed.
Methods: Refresher on modeling techniques and things to consider, then dive into a selection of modeling and analysis methodologies that will help you get from principles to practice.
Evolution: Automated threat analysis using an open source tool(pytm). We will talk through the making of pytm and then do a demo.
*** Speaker bios
Izar Tarandach has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston U.
Matthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has an advanced degree in Computer Science from WPI, and maintains a CSSLP certification.
Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, and an open source threat modeling automation system, pytm.
- OWASP PyTM: owasp.org/www-...
- Threat Modeling Manifesto: www.threatmodel...
- Threat Modeling: A Practical Guide for Development Teams: www.amazon.com...
Appsec California 18/19/20 talks on CTM:
- • APPSEC Cali 2018 - The...
- • AppSecCali 2019 - Thre...
- • Scaling Up Is Hard To ...