Agile Threat Modeling Workshop
Approximately 50% of threats in a system are related to architecture and design, so companies should act proactively at this point.
Thread modeling is a methodical approach that uses attack scenarios to identify threats in the system design that lead to real-life consequences for the system or business.
Under the pressure of digital transformation, the temptation for business managers/product owners to continuously deliver technical features is great.
However, security is also a permanently required feature and quality goal that customers expect and deserve.
In the workshop, the participant will be introduced to the approach according to the proven STRIDE method in a clear and comprehensible way with a mix of theory and practical exercises using show cases.
The workshop concludes with the participants learning how to make threat modeling attractive to employees who are not so security-savvy by using playful elements in the form of a card game.
We perform a threat modeling for your new feature/architecture together. We will perform the traditional threat modeling steps:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good enough job?
Developers, architects and DevOps engineers, but also product managers and IT security architects with a basic understanding of IT architectures.
We will determine different roles in the start of the threat modeling. In remote Threat Modeling, we will use an interactive whiteboard like miro and cue cards to determine threats.
A preperation is not needed. We will together understand the architecture, threats and countermeasures.
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.