Threat Modeling for Security Professionals – Matt Trevors
Powered by iSpeech
MATT TREVORS
As security researchers, penetration testers, and other security professionals look to provide value-added services to their customers, they often find that customers are overwhelmed with the myriad of ways to look at the relationship between threats and the strategies they can employ to mitigate those threats. Enter a tabletop exercise known as STRIDE threat modeling. STRIDE threat modeling outlines a process that gives you the ability to identify threats in system architecture related to spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege. Furthermore, the process can be used to focus on specific risks such as those introduced by the OWASP Top 10. This talk discusses the benefits of using a threat modeling exercise as part of your workflow as well as how you can introduce the exercise to your customers.
Matt Trevors is a Technical Manager for Carnegie Mellon's Software Engineering Institute. Matt has more than 15 years of experience in information technology, information security, and secure software development strategies. Matt obtained him Master's in Computer Information Systems from Boston University and his Bachelor's in Computer Science from the University of New Brunswick. Matt also holds the CISM, CISSP, CCSP professional credentials.
2019-07-14 02:47:08
source
Gloss