Lessons From The Threat Modeling Trenches
Brook Schoenfield at AppSec California 2018
What wisdom percolates from building threat modeling practices across 4 organizations? This presentation is drawn from hundreds of students, years of coaching, 100 formal trainings, and 1000’s of threat models. This presentation draws upon experience gained in the trenches of the battle to reduce design errors that is often fought through threat modeling. Conclusions may overturn cherished beliefs.
Brook S.E. Schoenfield is the Author of Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). He is the Principal Architect for product security at Intel Security Group. He provides strategic technical leadership, training and mentoring for 75 security architects. He is a founding member of IEEE’s Center for Secure Design and is a featured security architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces, and Mitigations (ATASM) and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored “Avoiding the Top 10 Security Design Flaws” (IEEE, 2014).
Brook S.E. Schoenfield is the Author of Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). He is the Principal Architect for product security at Intel Security Group. He provides strategic technical leadership, training and mentoring for 75 security architects. He is a founding member of IEEE’s Center for Secure Design and is a featured security architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces, and Mitigations (ATASM) and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored “Avoiding the Top 10 Security Design Flaws” (IEEE, 2014).