Threat Modeling Panel
Adam Shostack, Brook Schoenfield, Haral Tsitsivas, Izar Tarandach, Jonathan Marcil at AppSec California 2018
Moderated by: Haral Tsitsivas, Software Sr Principal Engineer, Dell EMC
Speakers:
Jonathan Marcil, Application Security Engineer at Twitch
Brook Schoenfield, Principal Architect Product Security at McAfee
Adam Shostack, Consultant
Izar Tarandach, Lead Product Security Architect at Autodesk Inc.
Jonathan Marcil is the former chapter leader of OWASP Montreal and is now based in beautiful Irvine, California. Jonathan has been involved with OWASP for many years and is behind the official OWASP YouTube channel. He was also part of NorthSec CTF as a challenge designer special specialized in Web and imaginative contraptions. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. He holds a bachelor's degree in Software Engineering from ETS Montreal and has more than 15 years of experience in Information Technology and Security.
Brook S.E. Schoenfield is the Author of Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). He is the Principal Architect for product security at Intel Security Group. He provides strategic technical leadership, training and mentoring for 75 security architects. He is a founding member of IEEE’s Center for Secure Design and is a featured security architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces, and Mitigations (ATASM) and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored “Avoiding the Top 10 Security Design Flaws” (IEEE, 2014).
Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startup as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he's willing to admit to in the information security arena, he is a core contributor to the SAFECode training effort and a founding contributor to the IEEE Center for Security Design. He holds a masters degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.
Speakers:
Jonathan Marcil, Application Security Engineer at Twitch
Brook Schoenfield, Principal Architect Product Security at McAfee
Adam Shostack, Consultant
Izar Tarandach, Lead Product Security Architect at Autodesk Inc.
Jonathan Marcil is the former chapter leader of OWASP Montreal and is now based in beautiful Irvine, California. Jonathan has been involved with OWASP for many years and is behind the official OWASP YouTube channel. He was also part of NorthSec CTF as a challenge designer special specialized in Web and imaginative contraptions. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. He holds a bachelor's degree in Software Engineering from ETS Montreal and has more than 15 years of experience in Information Technology and Security.
Brook S.E. Schoenfield is the Author of Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). He is the Principal Architect for product security at Intel Security Group. He provides strategic technical leadership, training and mentoring for 75 security architects. He is a founding member of IEEE’s Center for Secure Design and is a featured security architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces, and Mitigations (ATASM) and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored “Avoiding the Top 10 Security Design Flaws” (IEEE, 2014).
Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startup as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.
Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he's willing to admit to in the information security arena, he is a core contributor to the SAFECode training effort and a founding contributor to the IEEE Center for Security Design. He holds a masters degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.