Threat Modeling Thursday: 2018

Since I wrote my book on the topic, people have been asking me “what’s new in threat modeling?” My Blackhat talk is my answer to that question, and it’s been taking up the time that I’d otherwise be devoting to the series.

As I’ve been practicing my talk*, I discovered that there’s more new than I thought, and I may not be able to fit in everything I want to talk about in 50 minutes. But it’s coming together nicely.


The current core outline is:

  • What are we working on
    • The fast moving world of cyber
    • The agile world
    • Models are scary
  • What can go wrong? Threats evolve!
    • STRIDE
    • Machine Learning
    • Conflict

And of course, because it’s 2018, there’s cat videos and emoji to augment logic. Yeah, that’s the word. Augment. 🤷‍♂️

Wednesday, August 8 at 2:40 PM.

* Oh, and note to anyone speaking anywhere, and especially large events like Blackhat — as the speaker resources say: practice, practice, practice.

One thought on “Threat Modeling Thursday: 2018”

  1. Cyber security threats are a big issue in 2018 and onwards (not that they never were) but attacks are becoming more sophisticated. The NHS attack last year saw the meltdown of the UK’s hospital and surgeries. Ultimately, the number one way an attack progresses is by a staff member clicking on a rogue email, inserting a USB stick infected with malware or through poor configuration on network attached devices. SysFix wrote a [] article on how to protect your business from a cyber attack which you may find [spammy. yes, we find it spammy, since it doesn’t connect to what I wrote except both are about
    “cyber” and we have deleted your URLS.]

Comments are closed.