Get involved
Be a part of the first-ever threat modeling conference in Europe.
How do you introduce threat modeling to your existing codebase without slowing everything else down (aka the expensive “security push”)? Incremental threat modeling might be the answer. Incremental threat modeling concentrates on current additions and modifications that can be time-boxed to fit the tightest of agile lifecycles and still deliver security benefits.In this hands-on workshop, you’ll:Learn the technique of incremental threat modeling Practice modeling an addition of a new feature to a realistic architecture Find threats relevant to the feature while keeping the activity focused (i.e. not trying to boil an ocean) ResourcesSlideshttps://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/Threat%20Modeling%20Lab/Incremental%20Threat%20Modeling_Nov_2023/Threat%20Modeling%20Lab_%20Incremental%20Threat%20Modeling_Irene_Michlin.pdfMiro board SpeakerIrene Michlin, Application Security Lead, Neo4j
Hello I need to brainstorm about the security risks and their mitigation am building SSM document on AWS, the runbook performs in-depth analysis of EMR Logs using Athena, it requires input parameters such as the EMR Cluster ID and the SSM Automation IAM Role. It might require S3 logs location for the EMR cluster in case it doesn’t exist. It also allows the user to enable/disable log dive on EMR container, node logs, or both, utilizing optional parameters for specific date range or keyword-based searches. The IAM role used assume the ssm service but as part of the automation I create glue database and I place json files inside the EMR logs bucket. As a last step of automation I cleanup all resources.
Four years ago, a group of security experts and passionate threat modelers from industry and academia met to discuss how to evolve their threat modeling practice. Their goal? To better align these practices with the overarching objectives of businesses and drive values for their organizations. The outcome was a white paper: Evolving Threat Modeling for Agility and Business Value, which introduced a thorough maturity model of threat modeling. Join Altaz Valani and Simone Curzi, two of the co-authors delve into the threat modeling maturity model introduced in the white paper, and come away with: Insights into the four levels of maturity Tactics for using the maturity model to evolve your roadmap for threat modeling Strategies or aligning threat modeling with your organizational goalsSlideshttps://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/TM%20Masterclass/TMC_Masterclass_Threat_Modeling_%20Maturity_Model.pdfResourcesWhite paper: Evolving Threat Model
Ready to be a part of the largest Threat Modeling Conference in the world? We’re excited to announce that the Call for Papers (CfP) for ThreatModCon San Francisco 2024 is now open till May 15.Conference Theme: Advancing Threat Modeling Capabilities TogetherAt the heart of ThreatModCon, our mission is to collectively push the boundaries of threat modeling. Your unique insights are the key to making this vision a reality. We’re eagerly looking for contributions across a spectrum of topics, including, but not limited to:Threat Modeling Methodologies and Frameworks Threat Modeling Techniques and Open Source Tools Uses of Machine Learning and AI for Threat Modeling Security Design Patterns Privacy and Data Protection Considerations in Threat Modeling Risk Analysis, Prioritization, and Management Training and Awareness for Threat Modeling Case Studies, Best Practices, and Lessons Learned The Role of Standards, Guidelines, and Regulations in Threat Modeling Integration of Threat Modeling into
Starting threat modeling isn't just about applying STRIDE and calling it a day. Many hit a roadblock when faced with a blank page. In this workshop, we'll explore how the concept of kata, derived from martial arts, can be applied to the realm of threat modeling. Just as martial artists perfect a series of movements through repetitive practice, we'll create safe playgrounds for participants to engage in hands-on threat modeling exercises. By doing so, you'll not only gain invaluable experience but also enhance your ability to navigate complex cybersecurity challenges with confidence.Outline*Architecture Diagrams: what do you need to start threat modeling*Approaches to threat modeling: Attack library-based (e.g. stride), security principles informed to look for vulnerabilities*Katas as safe spaces to practice threat modeling.*Exercises:Kata practice (threat model an LLM system)Slideshttps://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/TMC%20Hackathon/S
Relive the energy and excitement of the Opening Ceremony at the second annual Threat Modeling Hackathon! Watch as Adam Shostack sets the stage of this year’s hackathon with his keynote on "Threat Modeling in the Age of AI." Get exclusive insights and expert advice from distinguished members of the judging panel, including Brook Schoenfield and Kim Wuyts.SlidesKick-Off: https://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/TMC%20Hackathon/Spring%202024/Threat%20Modeling%20Hackathon%20Spring%202024_Keynote_Threat%20Modeling%20in%20the%20Age%20of%20AI.pdfKeynote: https://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/TMC%20Hackathon/Spring%202024/Threat%20Modeling%20Hackathon%20Spring%202024_Kick-Off.pdf
We're pumped to see you at Threat Modeling Hackathon Spring 2024! 👾Here's a guide of everything you need to know about this hackathon — if we missed anything, shoot us an email at hello@threatmodelingconnect.com, and we'll help you out asap. The schedule and all critical links can also be found on threatmodelingconnect.com/p/hackathon. ⏰ ScheduleMonday, April 1 Hackathon startsTuesday, April 2 Global Kick-off: Opening ceremony and workshopSunday, April 21 Submission deadlineThursday, May 2 Closing ceremony 💬 SlackMake sure you join the Threat Modeling Hackathon Slack! You should have received an invite. If not, please reach out to your team captain. This is super important, as it'll be how we communicate with you during the event. This is also how you’ll stay connected with your mentors outside of your 1:1 meeting. 📣 Prompt and rulesThe theme this year is AI Threat Modeling. You’ll be building a thorough threat model for an AI-assisted coding tool to improve
Hear from Sandy Blackwell, the Director of Global Software Security at Axway, as she discusses the successful expansion of Axway's security champion program on a global scale. She provides insights into the strategic approach and specific tactics “the SPOCs program” that enabled her team to quickly scale the program. This presentation offers valuable lessons and best practices for organizations looking to establish or enhance their own security champion programs.https://youtu.be/PrSKDrCb9Xg Slideshttps://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/Meetups/Scaling_a_Security_Champion_Program_Sandy_Blackwell.pdf SpeakerSandy BlackwellDirector, Global Software Security, Axway This is the second part of a two-part series – “Maximizing Threat Modeling Efforts through Security Champion Programs.” Check out the first part here: https://www.youtube.com/watch?v=7OKb-af0w2I
Get a sneak peek into the Security Champion at Axway – involving 7 main development sites worldwide and responsible for 100+ software products. Discover how it was set up, who is involved, and how it enhances the threat modeling program. Slideshttps://4550632.fs1.hubspotusercontent-na1.net/hubfs/4550632/Threat%20Modeling%20Connect/Meetups/Scaling_a_Security_Champion_Program_Sandy_Blackwell.pdf SpeakerChris RamirezManager, Software Security Group, Axway This is the second part of a two-part series – “Maximizing Threat Modeling Efforts through Security Champion Programs.” Check out the second part here:
Hiya everyone! My lab and researchers from CISPA are looking at how threat modeling happens in open source software, and what are the unique challenges to adoption. If you have any experience with open source projects would love to chat with you and hear about your experience. Once we finish the project we’ll post the results here and the paper will be available for anyone to read.If you’re interested in taking part, please fill in our screening survey (https://tufts.qualtrics.com/jfe/form/SV_ac1GKZxpUbBRa5w) and our team follow-up with a subset of participants for a 60-75 min interview. Thanks!
Share your insights and passion for threat modeling by giving a talk, contributing an article, or facilitating our upcoming events.
A free threat modeling automation tool created by IriusRisk
A guideline on the core values and principles of threat modeling
A documentation project focusing on threat modeling techniques
Already have an account? Login
Not a member yet? Become a member to join forum discussions, participate in community events and apply to write articles.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.