YoVDO

Using the Threat Modeling Manifesto to Build an Enterprise Threat Modeling Program

Offered By: LASCON via YouTube

Tags

LASCON Courses Enterprise Security Courses Threat Modeling Courses STRIDE Courses

Course Description

Overview

Explore the fundamentals of building an Enterprise-class threat modeling program using the Threat Modeling Manifesto in this 57-minute LASCON conference talk. Learn why threat modeling is crucial in today's security landscape, how to leverage the manifesto created by 15 security experts, and gain practical tips for implementation. Discover the four key questions, benefits, and principles of effective threat modeling. Understand the importance of collaboration, iterative approaches, and the 30-minute rule. Delve into positive patterns, antipatterns, and useful toolkits for choosing a solid process. Learn strategies for embedding threat modeling in your organization, developing threat modeling champions, and teaching the practice. Explore how to adapt methodologies like STRIDE and ASVS, focus on mitigations, adopt the right tool sets, and perform quality checks on threat models.

Syllabus

Introduction
Agenda
The Challenge
The Threat Modeling Manifesto
What is Threat Modeling
Threat Modeling for Everyone
Why Did We Put This Together
The Four Key Questions
Benefits of Threat Modeling
Using the Manifesto
People in Collaboration
Journey of Understanding
iterative approach
threat modeling
the 30 minute rule
the principles
outcomes are meaningful
antipatterns
positive patterns
useful toolkit
choosing a solid process
embed threat modeling
threat modeling champions
teaching threat modeling
embracing stride
adapt with ASVS methodology
focus on mitigations
adopt the right tool sets
threat model quality checks
summary


Taught by

LASCON

Related Courses

Modelado de Amenazas - Threat Modeling
Udemy
Performing Threat Modeling with the Microsoft Threat Modeling Methodology
Pluralsight
Computer Vision with GluonCV (Spanish)
Amazon Web Services via AWS Skill Builder
Threat Modeling: Spoofing In Depth
LinkedIn Learning
OWASP top 10 Web Application Security for Absolute Beginners
Udemy