PASTA and OCTIVE and STRIDE, Oh My! Bringing Threat Modeling Out of the Woods

Threat modeling is an extremely valuable tool in the secure software development pipeline. Some studies suggest it has greater impact on security posture than other more widely practiced security activities. There are many different frameworks, models, and methodologies that have been developed in an attempt to make threat modeling easier. Yet, despite these efforts, popular approaches to threat modeling are often still considered too cumbersome, structured, or time consuming to fit into modern development cycles. In 2020, a group of 15 security professional released the Threat Modeling Manifesto to formalize decades of combined experience into a declared vision of what threat modeling truly is and what makes it important. Learn from one of these authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can actually make development pipelines more efficient while improving overall security of software. Get real practical examples of how you can use the manifesto as a guide to define or tailor a methodology that fits your needs and avoid common pitfalls that often derail this critical activity.

Alyssa Miller

Alyssa Miller

BISO (Business Information Security Officer) - S&P Global Ratings (she/her)

Other sessions from: Break out Sessions

Trust: From Zero to Hero

Trust: From Zero to Hero

Wouldn’t it be great if everyone behaved securely? Devs writing secure code...

Annybell Villarroel Annybell Villarroel
How a culture upgrade helped me thrive 💪

How a culture upgrade helped me thrive 💪

Lots of people talk about culture in organisations, but not many organisa...

Agata Krajewska Agata Krajewska
Threat Modeling in the “Shift Security Left” era

Threat Modeling in the “Shift Security Left” era

Shifting security left in the software development lifecycle has proven to...

Eva Sarafianou Eva Sarafianou