Threat Modeling - How to Actually Do It and Make It Useful

Learn threat modeling techniques and their practical application in cybersecurity through this conference talk from GrrCon 2018. Explore various threat modeling approaches, including software threat modeling, attack trees, and the FAIR method. Discover how to effectively use network diagrams, the CIS Kill Chain, and attack matrices for comprehensive threat analysis. Gain insights into moving threat modeling to the cloud, addressing compliance changes, and implementing threat modeling in real-world scenarios. Examine the differences between qualitative and quantitative approaches, and understand how to leverage threat modeling to enhance overall cybersecurity posture.

Intro
Disclaimers
Overuse term
Why people are nice
Software Threat Modeling
Whats not threat modeling
Threat Intel Pyramid
OAuth
Trivia
Attack Trees
Denial of Service
Fair Method
CBS
Risk Models
Likely Impact
Environment
Modeling Tool
Network Diagrams
IINS
CIS Community Attack Model
CIS Kill Chain Threat Model
Next Slide
Cybersecurity Domains
Meter Attack Matrix
How to hook it in
System Time Discovery
People Control
Ancient Aliens
Attack Matrix
Software based threading
Microsoft threat modeling
Moving to the cloud
Compliance can change
How to get shit done
Where to start
Qualitative vs Quantitative
Sample Factors
Impact
Musashi
Questions
Cyber Insurance