I am also happy to share a pre-print of our joint paper on #ThreatModelling for #Geodata in the #HumanitarianContext . This one of the less philosophical papers within our interdisciplinary project, but really helpful for us to discuss #bias in geospatial #AI . https://www.preprints.org/manuscript/202308.0312/v1

Coming up this month! #swsec #MLsec #ThreatModelling #ARA https://www.iriusrisk.com/impact-machine-learning

Will be chatting at LJC JUG webinar tonight from 18:00 GMT!

Know Your Threat and Model it! Why it's important for developers to know and help with it (it's not just because of legislation), but also what ways we can make this more productive for you!

https://www.eventbrite.co.uk/e/ljc-know-your-threat-and-model-it-tickets-559609937387

#java #jug #londonJUG #threatmodelling #cybersecurity #threats #vulnerabilities

I had a blast with the Irius Risk North American crew, talking #SoftwareSecurity #swsec #appsec #ThreatModelling

Time to automate the finding of security flaws at the architecture level!

Airport seemed fine with all the electronics, which is interesting as we're doing a couple of Threat Modelling Assessments for the transport sector at moment. #notcurrentlyconsideredadversary #threatmodelling

ATT&CK navigator is a good way to bootstrap threat models if you don't have dedicated tools.

1) Filter on the platforms you care about
2) Browse through the techniques looking for one that likely affect you
3) Colour code them
4) Annotate them with comments
5) Add meta-data and links to 3rd party resources
6) Score them

Save the STIX and mangle as desired e.g. I have some Python that draws directed graphs by exporting JSON into a format that Gephi can consume.

#att&ck #threatmodelling

Why not apply the principles of #threatmodelling and #CommonCriteria to secure #socialsafety in #socialmedia software or #Mastodon?

What “social targets” should be secured against what kind of attack vectors and malicious actors?

Then maybe we can evaluate the ways to use quoted posts as attack vectors on social safety and how to prevent them.

@atomicpoet

I would have thought that the #ukraine govt’s #threatmodeling would have resulted in a policy of ‘senior officials not to travel together in a war zone’. Given the propensity of helicopters to drop out of the sky, even without a war, I would have assumed rules were in place…
#threatmodelling #UkraineWar

I would have thought that the #Ukraine govt’s #threatmodeling would have resulted in a policy of ‘senior officials not to travel together in a war zone’. Given the propensity of helicopters to drop out of the sky, even without a war, I would have rules in place…
#threatmodelling #ukraine

date: 2023-01-10 15:53:40
by: Kostas

Fully funded #phd position researching on #causalinference and #machinelearning towards augmenting #decisionmaking in #threathunting and #threatmodelling. Closing date on 19/2/23. Candidates apply at https://t.co/Sr660eUPS2. Contact me if interested!

🐦🔗: https://twitter.com/twitter/statuses/1612840104719941632
#PhdPosition

All models are wrong, but some are useful
- George E. P. Box

…and some models are measurably more useful
- Doug Hubbard

#threatmodelling

I don't know if #yearininfosec is a thing, but what the hell:

I started the year with an #avionics embedded job with @cybergibbons - a curious device with some interesting findings.

I looked at quite a few consumer-grade routers. Some were bad, some were good.

I did a few #threatmodelling and consultancy engagements which I enjoyed a lot. I liked the freedom of communication.

I went to #RSA and #DEFCON - I even got to speak at the #AerospaceVillage (slightly terrifying) and did around 300 landings in our flight sim with my amazing colleagues and people who queued for ages to have a go! I did a video for it too! https://www.youtube.com/watch?v=6DHi-qC1jww&t=2s

I got #covid finally :(

I did quite a few #cyberessentials jobs, I actually enjoy them.

I met with my lovely colleagues in person more than last year.

I had an amazing time at sea with @cybergibbons on a whole-ship maritime job. Hard work but very satisfying, and hope to do more of those.

Early next year I'll be speaking at #SANS in London.

Most of all for #2023goals I'll be making a better personal v work balance and look forward to seeing friends and doing more fun stuff.

Cheers 🥃​

Ok if you do threat modelling how do you document the threats you found?
Issue manager? Text document? Reports? Exel?
Followup, how do you keep track of the mitigations?
I'm asking for a friend. :mastohalo:

#threatmodeling
#threatmodelling

Join live now #swsec #ThreatModelling #flaws Irius Risk and me! https://www.linkedin.com/feed/update/urn:li:activity:7000832788945862656​

Join live now #swsec #ThreatModelling #flaws Irius Risk and me! https://www.linkedin.com/feed/update/urn:li:activity:7000832788945862656

On February 7th @adamshostack is releasing a new book:

“Threats: What Every Engineer Should Learn From Star Wars”

I just ordered mine. :-D

https://amzn.to/3u0dj81

#threatmodeling #threatmodelling

You know what I wasn't ready for at 10 am on a Monday.. a mock threat modelling session. My coffee had barely even kicked in. Also why do I have such a mental block with these? As a former business sys analyst and visual mapper you'd think this would be easy for me. :ablobcatderpy:

#AppSec #AppSecProblems #ThreatModelling #ThreatModeling

OK time for this one!

Hey #Hachyderm I'm Dan Conn and I've been a software developer for just over 10 years, with a strong interest in cybersecurity for just as long.

Professionally I'm interested in #Java, #Python, #SecureCoding #SoftwareSupplyChains, #ThreatModelling, #OSINT4Good #PenTesting #AppSec and #Cryptography

I like to do talks, hack, code, run and also love making music and listening / dancing to it too ❤️

Come say hi!

#Introductions #Introduction

@Skittl3z @salp @jerry if you do end up going down the path of doing some #threatmodelling for #mastodon, I'd be really interested to see something in the format of a security decision tree, showing risks and mitigations, similar to the process here: https://kellyshortridge.com/blog/posts/security-decision-trees-with-graphviz/

"Threat modelling case study: bicycles"
http://calpaterson.com/bicycle-threat-model.html

#ThreatModelling (dt. "Gefahrenmodellierung") describes the process of evaluating different threats on your [thing], here: your bicycle (dt. "G. ist die Beurteilung verschiedener Gefahren für dein [Ding], hier dein Fahrrad")

#mastobikes CC @mastobikes@gup.pe #noxp