The One Where We Threat Model During Development • Izar Tarandach • GOTO 2023

This presentation was recorded at GOTO Amsterdam 2023. #GOTOcon #GOTOams Izar Tarandach - Sr. Staff Engineer at Datadog & Co-Author of “Threat Modeling“ @izartarandach4009 RESOURCES ABSTRACT Threat Modeling has been growing as a discipline for the last few years, and much has been said about methodologies, how-to’s, what to expect, what value to extract from it, and how to get it into the organization, but mostly from the side of the security practitioner. In this talk, aimed at developers, managers and testers, we will explore the value of threat modeling as a development tool. Attendees should leave this talk with a number of tested suggestions on how to make the principles and techniques of Threat Modeling work at tactical and strategic levels. [...] TIMECODES 00:00 Intro 03:01 Agenda 04:17 Security & threat model primer 14:11 Threat Modeling Manifesto 18:54 Values 22:22 Principles 24:47 Patterns 27:05 Anti-patterns 33:35 CTM: Continuous threat modeling 51:11 Pytm: Pythonic way of threat modeling 58:35 Resources 59:25 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Izar Tarandach & Matthew J. Coles • Threat Modeling • Adam Shostack • Threat Modeling: Designing for Security • Ed Moyle & Diana Kelley • Practical Cybersecurity Architecture • #ThreatModel #ThreatModeling #Cybersecurity #Security #DevSecOps #DevOps #CTM #ContinuousThreatModeling #Pytm #OWASP Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.