BSidesSF 2019 has ended
Saturday, March 2 • 9:00am - 11:45am
Practical Threat Modeling Full

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity full


As software engineers and security practitioners working within software companies, threat modeling is one of the most important parts of the work that we do, no matter the size or sophistication of our organizations. Whether we’re having an informal chat with a colleague over coffee or we’re part of a team writing a report that formally analyzes a large and complex system, one of our most important functions is helping company leadership understand what the security threats facing our systems are and prioritize addressing them.

Many threat modeling methodologies have been developed over the years. The one I will present here was originally developed at Akamai, specifically for security teams in cloud software companies, who need to build safe systems which run big chunks of the modern Internet and provide fast, correct answers during outages affecting people around the globe. Such threat models need to be fast to create, correct to reason about, and easy to communicate, even to engineers and management who have deep knowledge of their systems and people but not necessarily specific expertise in security or a particular threat modeling framework.

To do this, we describe the system with a system diagram, and then answer four questions about it:
• Principals: Who cares about it?
• Goals: What is it supposed to do?
• Adversities: What bad things can happen to it? (Both by accident and by design.)
• Invariants: What must be true about the system so that the system can still accomplish its goals, despite those adversities?

(I creatively refer to this rubric as the “Principals–Goals–Adversities–Invariants rubric.”)

More here: https://increment.com/security/approachable-threat-modeling/

In this workshop, I will teach you how to understand your systems in this framework and apply it in a variety of contexts inside a software organization to communicate, collaborate, and prioritize in a variety of hands-on exercises.

• Pre-reading: https://increment.com/security/approachable-threat-modeling/
• Create & bring a system diagram like the ones in the article for a system you know well. (You don’t need to threat model it, you’ll do that together in class, just bring the diagram. Obviously don’t include any confidential information!)

avatar for Kevin Riggle

Kevin Riggle

Kevin Riggle works in security at Lyft and lives in San Francisco. When he’s not trying to keep people safe on the internet, he enjoys hiking and gluten-free baking.

Saturday March 2, 2019 9:00am - 11:45am
Splunk HQ