Look! There's a threat model in my DevOps

Alyssa Miller, Hacker, security advocate, cyber security professional and public speaker

Click play above to watch again.


If I told you that Threat Modeling is a crucial part of your Agile or CI/CD DevOps environment, would you laugh? When developers and security professionals alike think about threat modeling, they often become overwhelmed with frameworks like STRIDE, DREAD, PASTA, etc. Threat modeling is predominantly viewed as a heavy-weight, time-consuming exercise that is not compatible with high-paced delivery paradigms. As a result, as organizations transition to DevOps models, threat modeling is often scratched from the list of security practices. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle. In this session, we turn those misconceptions about Threat Modeling upside down. Let’s refocus on the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines.

Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level emerging security trends, and even issues within the security community itself. She is a member of the WiCyS Racial Equity Committee, Chapter Leader for Women of Security (WoSEC), Advisory Board member for Blue Team Con in Chicago, and her security career journey was recently featured in Cybercrime Magazine.

Watch Again - CmdR ScotSoft2020
Click the link to play



Session 3

AI for Good Mapping land cover to support Natural Capital Asset Index tracking in Scotland 

Collaborating across clusters

Look! There’s a Threat Model in my DevOps

Sharpening the saw – how tooling can make us better developers


Dr Murray Collins

Dr Poonam Malik, Ben Shorrock, David Dunn, Jane Morrison-Ross

Alyssa Miller

Chris Heilmann



Session 4

Ten Traits that Differentiate the most Trusted Advisors

Getting value from data – productionising data science

Innovating with Immigration.



Austen Mulinder

Dr James McMinn

Jamie Kerr

Tech challenges coming out of Open Banking and the GOFCoE project

50% of AI is easy, we just don’t know which half


Gavin Littlejohn

Alex Bell and Petur Einarsson



Session 5

Overcoming and handling bias in data: ethical and practical considerations 

Building brand awareness for your tech company 

Start up, scale up


Navigating Venture Capital


Olivia Gambelin, Joseph Crispell

Kathryn Strachan

Peter Proud

Brian Baglow

Paul Neeson and Andrew Noble


Session 6

A Fyne future for graphical development

Launching terrestrial tech into the space marketplace

Tales from the Crypt(o)

Serverless Architecture


Andrew Williams

Dr David Alexander

Matt Summers

Julian Wood



Closing Keynote

Steve Guggenheimer, Corporate Vice President – AI & ISV Engagement at Microsoft Corporation 


Young Software Engineer of the Year Awards

The YSE Awards recognise the best undergraduate software projects, drawn from across all students studying computing science and software engineering in Scotland.

ScotSoft2020 dated -01