Agile Threat Modeling
Approximately 50% of threats in a system are related to architecture and design, so companies should act proactively at this point.
Thread modeling is a methodical approach that uses attack scenarios to identify threats in the system design that lead to real-life consequences for the system or business.
Under the pressure of digital transformation, the temptation for business managers/product owners to continuously deliver technical features is great.
However, security is also a permanently required feature and quality goal that customers expect and deserve.
In the workshop, the participant will be introduced to the approach according to the proven STRIDE method in a clear and comprehensible way with a mix of theory and practical exercises using show cases.
The workshop concludes with the participants learning how to make threat modeling attractive to employees who are not so security-savvy by using playful elements in the form of a card game.
Get to know Secure Design principles
Participants gain basic theoretical knowledge and based on this methodological knowledge in order to carry out a risk assessment of (web) systems
Threat Modeling as a method to discover design vulnerabilities
Create awareness of high cost and effort to fix design vulnerabilities
Getting to know gamification elements
Tips and tricks for applying threat modeling in practice
Developers, architects and DevOps engineers, but also product managers and IT security architects with a basic understanding of IT architectures.
During the workshop, topics are presented and participants perform hands-on analyses in a training environment. In some cases, measures are implemented.
During this workshop with a mix of hands-on and lecture, developers and administrators learn about threats and measures when using container technologies.
- Technically highly specialized and customized to your needs
- Structured and practice-oriented
- Playful learning
- Participants are interactively involved
- Balancing heterogeneity in prior knowledge
More about the training methodology here.
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.