search menu icon-carat-right cmu-wordmark

Using Threat Modeling to Guide Everything in DevSecOps

December 2021 Presentation

This presentation by Ken van Wyk of KRvW Associates was given virtually at DevSecOps Days Washington D.C. 2021 on December 16, 2021.

Publisher:

Software Engineering Institute

Abstract

Threat modeling is a powerful process for assessing design security defects that could result in major vulnerabilities. We've seen that for years. But threat modeling can and should be used to guide our other development activities as well. It can be used to guide code reviews, security testing, and even incident response operations once our software is deployed.

In this session, we'll discuss how to best leverage our threat modeling efforts to guide and optimize those other activities.

Ken van Wyk is an internationally recognized incident response and software security expert. He has published 3 books on incident response and software security. He worked at SEI's CERT as an incident responder from 1989-1993 and went on to leadership roles at the Department of Defense's incident response program and later in the commercial sector. For the past 18 years, he has been the principal consultant at KRvW Associates, LLC in Alexandria, Virginia.

Watch the video on YouTube or below: