@adamshostack @nyquildotorg @dangoodin i lol'ed <4 #threatmodeling ITT! \o/

Лекцията ми от VarnaConf миналата година на тема моделиране на заплахи. Чак сега я намерих в тубата :)
https://www.youtube.com/watch?v=dEJlUu3Vlwc

#varnaconf #threatmodeling #varna

based on my most recently surfaced books in my #Boox or iPad i could really read the hell out of a book like "#Decluttering Your World with #Psychedelics, #AI, #PKM, #threatModeling, and #Privacy and Love Your #Productivity Journey" by Harvard Business Review

Dev[Sec]OpsDays is coming to #Prague again in May. Why don't you join me? https://talkweb.eu/openweb/3775/

#devOps #devsecops #ThreatModeling #Prague #techops #platform #sre

A link to the RECORDED #ML for #threatmodeling webinar I did yesterday with @adamshostack is now available behind a registration wall.

#swsec #MLsec

https://www.iriusrisk.com/impact-machine-learning

WEBINAR THURSDAY 3.30

Threat Modeling and Machine Learning. Huh?

Or When with chatGPT replace Adam Shostack?

Reserve your spot today: https://www.iriusrisk.com/impact-machine-learning

#MLsec #ML #MachineLearning #threatmodeling

I listen to @Kugg 's and @nxsolle 's Säkerhetssnack, which is a Swedish language security podcast. Swedish being only my third language, sometimes it's a bit hard to follow, especially when it's less formal.

A great solution is to feed the audio into the #OpenAI #Whisper model. What I saw at the end of the most recent episode on #ThreatModeling (https://fsecure.libsyn.com/om-hotmodulering-med-stefan-andersson-frn-axis) was odd.The last spoken words in the recording are:

• Twitterkontot finns kvar om ni vill ge oss feedback. ("Finns kvar" sounds to me like they're just about to ditch it for Mastodon, right?)

• Annars så hörs vi nästa gång. - Hej då!

But Whisper goes on during the outro jingle:

• Tack till elever och personal vid Säkerhetssäkerhetssäkerheten.se.

• Undertextning.nu

• [Svensktextning: Catarina Palmklint Iyuno-SDI Group för UR]

I first thought that this was some inaudible watermark that Whisper picked up, but then I realised that it's most probably an artifact of its training. Maybe it has been taught using an audio + subtitle corpus, and it has just learned that when Swedish people stop talking, you're supposed to add information about some humans who did the subtitle translation. #MachineLearning

Will you be at the WiCyS conference #wicys this week?

I’ll be leading a workshop about threat modeling conferences with two other wonderful #cyber #leaders.

#infosec #conference #threatModeling #wicys2023 #cybersecurity

How can we assess #privacyrisk in a reliable and precise way? Qualitative measures are not the best option. Quantitative measures, on the other hand, provide invaluable insights that lend themselves to practical use in Three Modern Quantiative Privacy Risk Models
https://enterprivacy.com/tools-resources/ #privacybydesign #privacybydefault #dataprivacy #FAIR #NIST #LINDDUN #riskmodeling #threatmodeling #riskassessment #privacyresources

Short Update on Gram - the #threatmodeling webapp I've published some screenshots / details on here before.

I'm still working on getting it open sourced, trying to get the right permissions etc but also working on cleaning up the repo to make it good enough.

In the past month I've merged back the code-base so that our internal version is now based of the open source version. Meaning I can do most development in the OSS version and keep internal specific logic/deployment stuff etc in a separate repo that is internal.

It's still kind of a mess though. Tried setting up a typescript monorepo and it turned out kind of "meh". Will see if I can get some help structuring it better from some other engineers while I wait for permissions etc.

I will try to invite to a private beta asap, then when the structure is a bit cleaner and everything is better documented I'll make it public for everyone.

@rmondello @adamshostack I’ve seen a great influx of #threatmodeling discussions in the #appsec space. Now we just get to implement it and not just talk about it 😅

"During one of the networking events, one person inquired about my methodology for threat modeling privacy, noting the new chapter in my book. I was excited to explain, but as I begun, this person expressed concern that the method “didn’t scale.” https://www.linkedin.com/pulse/invading-privacy-scale-r-jason-cronk/?trackingId=54K5k43o%2FbCFXf0RcGszbA%3D%3D #privacyrisk #threatmodeling #privacyengineering #privacybydesign #privacybydefault

"During one of the networking events, one person inquired about my methodology for threat modeling privacy, noting the new chapter in my book. I was excited to explain, but as I begun, this person expressed concern that the method “didn’t scale.” https://www.linkedin.com/pulse/invading-privacy-scale-r-jason-cronk/?trackingId=54K5k43o%2FbCFXf0RcGszbA%3D%3D #privacyrisk #threatmodeling #privacyengineering #privacybydesign #privacybydefault

things have been a lot of fun at work lately and our team is hiring another security architect for our #threatmodel and secure design consult team.

you can ask me for a referral if you're interested, public link is https://jobs.comcast.com/jobs/description/tpx-jd-template?external_or_internal=External&job_id=R354787

i didn't know i could be doing #threatmodeling all the time until i met this team and our program is very mature, we've started privacy threat model workshops in late 2021. still time make it amazing with us!

#infosec #jobs #security #securityArchitect

Thank you @kimw for an excellent opening keynote at @owasp #GlobalAppSec #dublin about threat modeling with a privacy lens

I appreciated the use of #analogy throughout!

#threatmodeling #infosec #privacy #owasp

Join
@cigitalgem
&
@adamshostack , two heavyweights of #softwaresecurity #swsec & #threatmodeling, as they go head to head explaining and debating the future of #MachineLearning and threat modeling.

#MLsec

https://hubs.li/Q01C5GDV0

During one of the networking events, one person inquired about my methodology for threat modeling privacy, noting the new chapter in my book. I was excited to explain, but as I begun, this person expressed concern that the method "didn’t scale.” https://lnkd.in/g28M6YGq #privacyrisk #threatmodeling #privacyengineering #privacybydesign #privacybydefault

Okay #cybersecurity and especially #threatmodeling folks, do any of you know of templates for the Microsoft Threat Modeling Tool that are good for modeling environments with:

- Sensitive regulated data like #pii #phi financial data etc.
- Both on-prem and cloud systems and applications, with cloud services from different vendors (so maybe brand-agnostic)
- Legacy systems (low priority, the first two are more important).

Wow! My first conference of 2023 and it's looking like a good one!

I hope you can catch my talk, 'Modelling Threats Out In The Open (Source)' at @openuk #SOOCon23 #stateofopencon tomorrow at 4:30pm GMT on the Security Track

Head to https://stateofopencon.com/ to register!

#threatmodeling #cybersecurity #infosec #opensource #appsec #applicationsecurity

Threat modeling can be effectively integrated with DevOps practices to maximize value and shift-left security, as suggested by leading security experts. This topic was discussed in a recent post on Microsoft Security Blog. https://www.microsoft.com/en-us/security/blog/2023/02/02/mitigate-risk-by-integrating-threat-modeling-and-devops-processes/ #ThreatModeling #DevOps #ShiftLeftSecurity