This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams https://gotoams.nl Izar Tarandach - Sr. Staff Engineer at Datadog & Co-Author of "Threat Modeling" @izartarandach4009 RESOURCES https://twitter.com/izar_t https://linkedin.com/in/izartarandach ABSTRACT Threat Modeling has been growing as a discipline for the last few years, and much has been said about methodologies, how-to's, what to expect, what value to extract from it, and how to get it into the organization, but mostly from the side of the security practitioner. In this talk, aimed at developers, managers and testers, we will explore the value of threat modeling as a development tool. Attendees should leave this talk with a number of tested suggestions on how to make the principles and techniques of Threat Modeling work at tactical and strategic levels. [...] TIMECODES 00:00 Intro 03:01 Agenda 04:17 Security & threat model primer 14:11 Threat Modeling Manifesto 18:54 Values 22:22 Principles 24:47 Patterns 27:05 Anti-patterns 33:35 CTM: Continuous threat modeling 51:11 Pytm: Pythonic way of threat modeling 58:35 Resources 59:25 Outro Download slides and read the full abstract here: https://gotoams.nl/2023/sessions/2451 RECOMMENDED BOOKS Izar Tarandach & Matthew J. Coles • Threat Modeling • https://amzn.to/40PCKbU Adam Shostack • Threat Modeling: Designing for Security • https://amzn.to/3QSVeUt Ed Moyle & Diana Kelley • Practical Cybersecurity Architecture • https://amzn.to/3QJQ39a https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #ThreatModel #ThreatModeling #Cybersecurity #Security #DevSecOps #DevOps #CTM #ContinuousThreatModeling #Pytm #OWASP #IzarTarandach Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Get notified about new features and conference additions.