Threat Modeling Discussion
Jonathan Marcil
JM InternationalAppSec Consultant
Abstract
Threat Modeling interacts with many other activities during a secure development lifecycle. For example, it can be a way to enforce security requirements or perform architecture assessment. Its versatility leads to many different implementations and approaches. Let’s discuss what managed to provide value in the real world, and what might have failed to.
This session is made to be a reverse panel discussion, where the audience is encouraged to bring their own stories and share them with the room. Host will provide structure and stories of his own.
Speaker bio
Jonathan is from Montreal, Canada and is part of the collective that published the Threat Modeling Manifesto and Threat Modeling Capabilities. He enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor’s degree in Software Engineering and has 20 years of experience in IT and Security.