(Online) Threat Modeling (Izar Tarandach and Matthew Coles)

Izar Tarandach (@izar_t) and Matthew Coles (@coles_matthewj) will discuss the following topics in applied threat modeling:

Principles: Formulate a conversation around the relationships of concepts in security. This will include attackers, exploits and value, and how the characteristics of these connections might be understood and managed.

Methods: Refresher on modeling techniques and things to consider, then dive into a selection of modeling and analysis methodologies that will help you get from principles to practice.

Evolution: Automated threat analysis using an open source tool(pytm). We will talk through the making of pytm and then do a demo.

*** Speaker bios

Izar Tarandach has peeked and poked at security from various sides over the last couple of decades, currently focusing on modern SDLC's and how AppSec extrapolates onto the larger scheme of Security. He has a MSc in Computer Science/Security from Boston U.

Matthew Coles (he/him) is a security professional focused on the security of physical devices and the ecosystems and processes that enable them to operate. He has an advanced degree in Computer Science from WPI, and maintains a CSSLP certification.

Izar and Matt have collaborated on security techniques and training for the past 10 years, co-authoring a book on Threat Modeling, and an open source threat modeling automation system, pytm.

• OWASP PyTM: https://owasp.org/www-project-pytm/
• Threat Modeling Manifesto: http://www.threatmodelingmanifesto.org
• Threat Modeling: A Practical Guide for Development Teams: https://www.amazon.com/Threat-Modeling-Identification-Avoidance-Secure/dp/1492056553

NOTE:
This will be an online event only. The Zoom URL link is available after you RSVP.