Avocado Labs - Online talks

Avocado Labs is a way to keep people connected online and have access to quality talks. There will be live talks, which will then be uploaded, where expert speakers can share their knowledge. After each talk there will be a 5min Q&A where our speakers will be able to answer any related questions you may have. These episodes will be hosted and moderated by our Auth0 developer advocates to ensure a safe and friendly environment.

Join us at 18:00h CEST

Talk

Look! There's a threat model in my DevOps.

Look! There's a threat model in my DevOps.

"You can't threat model in a CI/CD DevOps environment!!" This is a common belief among developers and security professionals alike. With frameworks like STRIDE, DREAD, PASTA, etc. threat modeling is typically viewed as a heavy-weight, time-consuming exercise that is simply not compatible with high-paced development paradigms. As a result, organizations that employ these paradigms commonly scratch threat modeling off their Secure SDLC checklist as simply impossible to implement without breaking their DevOps model. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle.

In this session, we’ll turn those misconceptions about Threat Modeling upside down. We’ll go back to the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines.

Speaker

Alyssa Miller

Alyssa Miller

Application Security Advocate - Snyk

Alyssa Miller has been a hacker and programmer since her pre-teens when she bought her first computer. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting her focus on defending corporate systems grew to the point where she was advising fortune 100 companies on how to build comprehensive security programs. She’s a security advocate, public speaker and author with a passion for sharing her ideas and knowledge to help improve the ways we defend our digital world.

Schedule

  • Welcome!

  • Look! There's a threat model in my DevOps - Alyssa Miller

  • Q&A wit Alyssa Miller

  • Goodbye!

© 2020 Avocado Labs   |   Powered by