I received news my proposed talk on "Is Threat Modeling for Me?" was accepted for the Security BSides Boston 2015 Con (Twitter: @bsidesboston) on May 9, 2015, 9am - 6pm in Cambridge, MA. Here is my abstract:
Is Threat Modeling for Me?
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. Yet, often many software shops either skip the important step of threat modeling in secure software design or, after creating pretty diagrams, forget the models to do the "real work" of writing software without understanding potential problems. Based on last year's excellent book on Threat Modeling: Designing for Security by Adam Shostack, this session introduces threat modeling and creating threat models as a part of secure software design. We will also cover how to track threat models and some strategies for applying risk management in dealing with the threats.
Cost for attendance is $20 per person - see registration at the conference link above. I am really looking forward to the conference. See you there!
