Making threat modelling easy and scalable using STRIDE
when: Sat, 13 Nov 2021 15:00:00 +1300
where: The Michael Fowler Centre
Do you think it sucks to do threat modelling and risk assessments every time you create an app or a feature? Isn’t this a function of the security team? Or do you work in security and don’t like developers or engineers treating this as a checkbox item? Why does that happen? Is it because of competing priorities, overwhelming processes, unclear requirements, non-technical people telling technical people how to do it, or something else? I decided to learn more about it - well basically speak to a lot of people about it and google the hell out of it.
With some help and some trial and error, I came up with a way that strikes a balance between the effort on threat modelling vs the value + coverage it gives. Therefore something like 20% effort for 80% coverage. This short talk is about what I’ve learned and what worked for me. I am not claiming to be an expert in this domain and in fact this is my first big talk! But I’ll share a self-service* threat modelling template that I came up with, which can be used by teams in workshops for reviewing apps/services built on AWS. Hopefully you can use it too.
I work in the security risk and compliance space, but my main portfolio is about making threat modelling easy and scalable for the software engineers. I usually shy away from generic high level cookie cutter stuff in this domain that doesn't work for people who have to actually use it. Throughout my security career my favorite part has been about making risk management relevant and valuable for people I get to work with. I love learning how people actually create apps/services on cloud platforms and am currently getting some experience about securing AWS workloads.