Threat Modeling the Death Star
Mário Areias at DevSecCon24 2020
It is a known fact the Empire needs to up their security game. The Rebellion hack their ships, steal their plans and even create backdoors!
In this talk we will help the Empire by threat modelling the Death Star. Traditionally, Threat Models have been a slow and boring process that ends up with a giant document detailed any possible security problem. This approach, although useful in the past, is not necessarily good in an ever changing environment (or when you have Jedis as enemies!).
I will introduce Attack Trees and how they can fit quite well in a DevOps world. Also, I will challenge some of the assumptions about threat models. Hopefully, I will convince the audience that Threat Models can be fun, useful, inclusive and make people think in a very different way.
Come and Join the Dark side! We might save the Empire after all!
Mário Areias
Senior Security Engineer at Canva
A software developer turned Security Engineer. His passions are open source, security and privacy. He spent the last few years doing security in the start up world, now as a Security Engineer at Canva he focus on deliver secure software while being Agile.
In this talk we will help the Empire by threat modelling the Death Star. Traditionally, Threat Models have been a slow and boring process that ends up with a giant document detailed any possible security problem. This approach, although useful in the past, is not necessarily good in an ever changing environment (or when you have Jedis as enemies!).
I will introduce Attack Trees and how they can fit quite well in a DevOps world. Also, I will challenge some of the assumptions about threat models. Hopefully, I will convince the audience that Threat Models can be fun, useful, inclusive and make people think in a very different way.
Come and Join the Dark side! We might save the Empire after all!
Mário Areias
Senior Security Engineer at Canva
A software developer turned Security Engineer. His passions are open source, security and privacy. He spent the last few years doing security in the start up world, now as a Security Engineer at Canva he focus on deliver secure software while being Agile.