Agile + DevOps West 2020 Concurrent Session : Threat Modeling Lessons Learned from Star Wars

Conference archive


Wednesday, June 10, 2020 - 10:30am to 11:30am

Threat Modeling Lessons Learned from Star Wars

Everyone knows you ought to perform threat modeling, but in practical reality, it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works and how the various approaches conflict or align. Adam Shostack will give a basic introduction to threat modeling, taking you from uncertainty about how to do it well to understanding how to model threats effectively and avoid the traps that make it hard. Security professionals, developers, and systems managers alike will leave with threat modeling lessons from Star Wars and a proven foundation, enabling them to model threats effectively.

Adam Shostack
Shostack & Associates

Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He’s a member of the BlackHat Review Board, and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups including as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the “Elevation of Privilege” game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.