Abstract
Outline
1. Introduction to Threat Modeling
What is threat modeling?
Key concepts and goals
The role of threat modeling in modern development and secrurity
2. Why and When to Use Threat Modeling
The importance of proactive security
Business and technical benefits
When to apply threat modeling in a project lifecycle
3. Threat Modeling in Agile Environments
Integrating threat modeling into agile workflows
Balancing speed and security
Best practices for iterative threat assessments
4. Who Can Perform Threat Modeling?
Roles and responsibilities in an organization
Collaboration between security, development, and operations teams
5. Writing Effective Threats (+ Hands-on Exercise)
How to document threats clearly and effectively
Examples of well-structured threats
Common pitfalls and how to avoid them
6. Requirements for Effective Threat Modeling
Prerequisites for successful implementation
Tools and frameworks
7. Deep Dive: STRIDE Threat Modeling (+ Hands-on Exercise)
Understanding STRIDE methodology
Applying STRIDE to real-world scenarios
8. Deep Dive: PASTA Threat Modeling (+ Hands-on Exercise)
Understanding PASTA methodology
Applying PASTA to real-world scenarios
9. Applying Threat Modeling in a Practical, Low-Key Manner
Simple strategies to start threat modeling immediately
Lightweight approaches for quick security wins
Tips for small teams or limited resources
10. Threat Modeling as Code
Automating threat modeling in CI/CD pipelines
Available tools and frameworks
Best practices for integrating security into Dev(Sec)Ops
11. Q&A and Closing Remarks
Recap of key takeaways
Open discussion and questions
Next steps for participants
Note:
My workshops are structured around five key principles to ensure a well-rounded and impactful learning experience:
1. Theoretical Knowledge – I provide a solid foundation by explaining key concepts and principles, ensuring participants understand the "why" behind what they are learning.
2. Practical Application – Hands-on exercises allow participants to apply what they’ve learned, reinforcing their understanding through real-world practice.
3. Critical Reflection – I encourage participants to reflect on their decisions, analyze their approaches, and explore ways to improve their answers and problem-solving strategies.
4. Additional Resources – To support continuous learning, I offer materials, such as books, articles, and online resources, for those who wish to explore the topic in greater depth after the workshop.
5. Storytelling-Based Delivery – I incorporate storytelling techniques to make the learning process more engaging, memorable, and enjoyable. This approach helps participants retain information more effectively while keeping them motivated.
By integrating these five elements, my workshops cater to different learning styles, ensuring that every participant finds an approach that suites them. My goal is to create a dynamic and inspiring learning environment where knowledge is not just shared but absorbed and applied.
Note: I'm also happy to deliver this workshop as a 30-minute talk, with slightly fewer items covered (I'm also happy to deliver this workshop as a talk, though exercises, PASTA, and Threat Modeling as Code will be scaled down).
