AppSecCali 2019 - Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team
The good old days of waterfall! You had "The One Design To Bind Them All" and once it got all agreed, the developers would happily implement it "per spec". But alas, we are not there anymore. Agile methodologies basically guarantee that the deployed system will change, and change fast, since inception. Design emerges as it develops. How do we cope with that in Threat Modeling? This talk explores the way Autodesk is moving to a team-based collaborative and continuous Threat Modeling methodology, and how the dialog has moved the dependency away from security SMEs and into the team. PyTM, an Open Source threat-modeling-as-code support system is also presented.
Izar Tarandach
Lead Product Security Architect, Autodesk
Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he's willing to admit to in the information.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...