Advanced Security Design: Threat Modeling Masterclass
So, you’ve decided your products need better security? Now, you need to improve your development workflow. But your team is focused on quick delivery, often without time to discuss quality or security!
Threat Modeling, a structured methodology for security analysis of complex systems, can help you effectively identify and prioritize potential threats and attack vectors, and understand the appropriate mitigations. Still, comprehensive methodologies are often difficult to integrate into your workflow, so we also introduce a more lightweight "value driven" approach for security-minded developers.
As a professional developer, you want to contribute to your product's security, be responsible for security features. You want to build on a secure architecture, but likely don’t have unlimited time. With training and tangible experience, you could independently threat model your applications, easing the load off your security team, and creating deeper integration and a higher level of security than enforcing it externally.
My Threat Modeling Masterclass will kickstart your security design efforts, teaching you the skills required to build your own threat models for your products, and train with hands-on experience so that you are confident to continue designing secure products using threat modeling. Experienced security professionals will get more insight into developer workflows, gain skills to provide your teams with the artifacts they need to implement a secure design, and even empower developers to design a more secure architecture themselves, easing the load off you.
Avi Douglen is the founder and CEO at Bounce Security, a boutique consultancy specializing in software security, where he spends a lot of time with development teams of all sizes. He helps them integrate security methodologies and products into their development processes, and often provides training on secure coding and other security topics.
Avi is a prominent security architect and software developer, with decades of experience leading development teams in building secure products and protecting complex systems. His research interests are efficient security engineering, usable security, and scaling enterprise security systems. He is *obsessed* with maximizing value output from security efforts,
Avi is a frequent trainer and speaker at industry conferences, such as OWASP, RSA, BSides, and InfoSec, as well as developer conferences such as O'Reilly, DevSecCon, PyCon, and DevOpsDays. He has trained thousands of developers on security, including secure coding, security architecture, threat modeling, and more.
Avi currently serves on the Board of Advisors at Labs/02, a seed-stage incubator. He is a leader of the OWASP Israel chapter, created the popular AppSecIL security conference, and is co-founder and leader of the OWASP Threat Modeling Project. He also volunteers as a high school mentor, and as a community moderator on https://Security.StackExchange.com/. Recently, Avi co-authored the Threat Modeling Manifesto in order to further spread practical information and encourage more people to threat model.