What does it take to threat model a bank?
There’s information online about ‘why’ you should adopt threat modeling - but this discussion walks you through ‘how’ - with a unique, never-heard account from Irfaan Santoe, ABN Amro’s Global Head of Security Engineering.
Learn how ABN Amro has moved from a state of ad-hoc threat modeling by security teams, to fully self-service threat modeling by developers, and how they embedded the practice firmly into their software development lifecycle.
Hosted by Jonny Tennyson, hear from thought leaders, Irene Michlin and Irfaan Santoe, who discussed:
- Why threat modeling is the only way to really 'start left'
- Why ABN Amro chose to automate its threat modeling
- How to promote the value of threat modeling to peers and stakeholders - and ultimately secure buy-in
- How to get your developers practicing threat modeling
- The question of threat modeling maturity and what it means
- And..listen to the compelling questions and answers pitched by your peers in the audience.
- Irfaan Santoe - Global Head of Security Engineering, ABN Amro
Irfaan leads the security implementation for ABN AMRO’s IT transformation towards DevOps and Cloud. During his tenure, over 500+ development teams have transformed to DevOps while increasing security without hampering existing ways of working. Sustainable banking products are delivered through the advising and hands-on engineering of security solutions in the early stages of development, enabling product development to be secure by design.
Prior to working for ABN AMRO, Irfaan served many companies in solving complex Security, IT, and Control challenges. Irfaan has more than 12 years' experience in Cybersecurity, IT Risk Management and Software Development. A true programmer by heart, he earned a master's degree in Computer Science from Utrecht University.
- Irene Michlin - Co-creator of the Threat Modeling Manifesto, and AppSec Europe Lead, IBM.
Irene is a thought leader in secure software development and threat modeling. Before going into application security consultancy, Irene worked as software engineer, architect, and technical lead. Her professional interests include securing development life-cycles and architecture, plus she is a core believer that Lean and Agile practices are actually friends of security. At IBM she leads Application Security practice in its European centre of competency.
- Jonny Tennyson - Head of Customer Innovation and Success, IriusRisk
A lifelong tech enthusiast, Jonny is passionate about getting people as excited as he is about great solutions. As a result, he can normally be found sharing his ideas with customers, colleagues or publicly speaking at events. At IriusRisk, he is working to ensure that our users get the best possible experience working with us and our platform.