SnykCon 2020 has ended
Back To Schedule
Wednesday, October 21 • 18:25 - 18:55
User Story Threat Modeling: It's the DevSecOps Way

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Threat modeling is one of those security practices that is most often left out of the DevOps pipeline. Yet according to the Puppet 2019 State of DevOps Report, while not as often practiced in a DevOps Pipeline, collaborative threat modeling can have the most significant impact on security posture. So how bring the typically labor intensive methodology of threat modeling into a practice that doesn't break our DevSecOps pipeline?

In this session, we'll discuss a user story-based approach for threat modeling that was developed by asking the question, why do we threat model in the first place. The methodology presented focuses on continuous improvement by eliminating time consuming frameworks, limiting the scope, and providing valuable information that makes incorporating and validating security controls easier throughout the delivery pipeline. We'll even walk through a practical application of this methodology to show how it drives greater collaboration among various teams to make the ideals of DevSecOps culture a reality.

avatar for Alyssa Miller

Alyssa Miller

Application Security Advocate, Snyk
Alyssa Miller is a hacker, security evangelist, cybersecurity professional and public speaker with almost 15 years of experience in the security industry. A former developer, her background is application security, not only conducting technical assessments, but also helping develop... Read More →

Wednesday October 21, 2020 18:25 - 18:55 BST
Technology Track