An Introduction to Threat Modelling

Overview

This Lunch-and-Learn series provides an essential introduction to threat modelling, equipping participants with tools to identify vulnerabilities early, ensuring cost-effectiveness and regulatory compliance. We delve into Adam Shostack’s Four Questions framework and other methodologies to establish common language and consistent risk reporting across teams. Through the course, we underscore the importance of focusing on outcomes, rather than documentation, and we highlight that threat modelling is an ongoing process. Practical tips on initiating threat modelling, stakeholder involvement, scope definition, and use of Data Flow Diagrams are also provided.

Course Outline

Threat Modelling & the Four Questions Framework

A.
Threat modelling overview
B.
Understanding threat modelling: What it is and what it isn't
C.
Exploration of the "four questions" framework

Threat Modelling Methodologies

A.
Examination of different threat modelling methodologies
B.
Selecting the right methodology for your specific needs

Best Practices in Threat Modelling

A.
Overview of best practices for effective threat modelling
B.
Strategies for maintaining and updating threat models

Conclusion

A.
Recap of key learning points

Register Your Interest

Instructor Bio

Cole Cornford

Founder & CEO
Galah Cyber

Cole is a renowned figure in the Australian Application Security scene. An active OWASP contributor and sought-after speaker, Cole has spearheaded significant AppSec programs globally. In addition to leading Galah, he hosts the Secured podcast and authors influential security-focused articles.