Threat Model Every Story: Practical Continuous Threat Modeling Work for Your Team
Izar Tarandach at AppSec California 2019
The good old days of waterfall! You had "The One Design To Bind Them All" and once it got all agreed, the developers would happily implement it "per spec". But alas, we are not there anymore. Agile methodologies basically guarantee that the deployed system will change, and change fast, since inception. Design emerges as it develops. How do we cope with that in Threat Modeling? This talk explores the way Autodesk is moving to a team-based collaborative and continuous Threat Modeling methodology, and how the dialog has moved the dependency away from security SMEs and into the team. PyTM, an Open Source threat-modeling-as-code support system is also presented.
Izar Tarandach
Lead Product Security Architect, Autodesk
Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he's willing to admit to in the information.
Izar Tarandach
Lead Product Security Architect, Autodesk
Izar Tarandach is Lead Product Security Architect at Autodesk inc.. Prior, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, for long before a Security Consultant at the EMC Product Security Office. With more years than he's willing to admit to in the information.