Threat modeling is one of the most important security activities. Yet they are usually done by security experts and can be quite dry and boring.This talk will cover a different way to do Threat Models by using Attack Trees. Attack trees are an easy, fun, engaging and inclusive for everyone.
It is a known fact the Empire needs to up their security game. The Rebellion hack their ships, steal their plans and even create backdoors!
In this talk we will help the Empire by threat modelling the Death Star. Traditionally, Threat Models have been a slow and boring process that ends up with a giant document detailed any possible security problem. This approach, although useful in the past, is not necessarily good in an ever changing environment (or when you have Jedis as enemies!).
I will introduce Attack Trees and how they can fit quite well in a DevOps world. Also, I will challenge some of the assumptions about threat models. Hopefully, I will convince the audience that Threat Models can be fun, useful, inclusive and make people think in a very different way.
Come and Join the Dark side! We might save the Empire after all!
Watch 'Threat Modeling the Death Star' on PyCon AU's YouTube account
Mario Areias
A software developer turned DevSecOps. His passions are open source, security and privacy. He spent the last few years doing security in a few fintech start ups. Now as a DevSecOps Engineer at Lendi he focus on being secure while being Agile.