If I told you that Threat Modeling is a crucial part of your Agile or CI/CD DevOps environment, would you laugh? When developers and security professionals alike think about threat modeling, they often become overwhelmed with frameworks like STRIDE, DREAD, PASTA, etc. Threat modeling is predominantly viewed as a heavy-weight, time-consuming exercise that is not compatible with high-paced delivery paradigms. As a result, as organizations transition to DevOps models, threat modeling is often scratched from the list of security practices. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle. In this session, we turn those misconceptions about Threat Modeling upside down. Let’s refocus on the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines.
Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs. She speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level emerging security trends, and even issues within the security community itself. She is a member of the WiCyS Racial Equity Committee, Chapter Leader for Women of Security (WoSEC), Advisory Board member for Blue Team Con in Chicago, and her security career journey was recently featured in Cybercrime Magazine.
Kate Forbes MSP
Andrew Harmel Law
Bev Harrow, Lee Hutchinson and Chris Hughes
Look! There’s a Threat Model in my DevOps
Sharpening the saw – how tooling can make us better developers
Dr Murray Collins
Dr Poonam Malik, Ben Shorrock, David Dunn, Jane Morrison-Ross
Ten Traits that Differentiate the most Trusted Advisors
Getting value from data – productionising data science
Innovating with Immigration.
Dr James McMinn
Tech challenges coming out of Open Banking and the GOFCoE project
50% of AI is easy, we just don’t know which half
Alex Bell and Petur Einarsson
Overcoming and handling bias in data: ethical and practical considerations
Building brand awareness for your tech company
Start up, scale up
Navigating Venture Capital
Olivia Gambelin, Joseph Crispell
Paul Neeson and Andrew Noble
A Fyne future for graphical development
Launching terrestrial tech into the space marketplace
Tales from the Crypt(o)
Dr David Alexander
Steve Guggenheimer, Corporate Vice President – AI & ISV Engagement at Microsoft Corporation
Young Software Engineer of the Year Awards
The YSE Awards recognise the best undergraduate software projects, drawn from across all students studying computing science and software engineering in Scotland.