John dileo: Created page with "NOTOC =Security Uno: A Fun Way to Threat Model= '''Half-Day Interactive Training -- OWASP New Zealand Day 2020''' == Abstract == This course will cover the what, why,..."

2019-12-18T05:03:04Z

Created page with "__NOTOC__ =Security Uno: A Fun Way to Threat Model= '''Half-Day Interactive Training -- OWASP New Zealand Day 2020''' == Abstract == This course will cover the what, why,..."

New page

__NOTOC__

=Security Uno: A Fun Way to Threat Model=

'''Half-Day Interactive Training -- OWASP New Zealand Day 2020'''

== Abstract ==

This course will cover the what, why, when, and how of threat modelling applications in your organisation. The bulk of this course will be based on the book ''Threat Modeling: Designing for Security'', by Adam Shostack, and will leverage a variant of the ''Elevation of Privilege'' card game - Security Uno - created by the instructor.

== Course Details ==

'''Dates:''' Thursday, 20 February 2020

'''Time:''' 1:30 to 5:30 p.m.

'''Course Fee:''' NZ $325.00 (plus EventBrite fees)

'''Registration Site:''' https://owaspnz2020-training.eventbrite.com

'''Attendees Should Bring:'''

* Paper and pen
* Willingness to learn
* A laptop, to look at the Serverless Security Goat - which we will attempt to threat model in an exercise

'''Attendees Will Be Provided:'''

* The basics of threat modelling
* Ways to gain adoption by your peers

'''Instructor:''' Kendra Ash

'''Instructor's Organization:''' [https://www.vacasa.com/ Vacasa]

== Course Objective ==

The objective of this class is to provide the audience with tools to gain adoption for application threat modelling early on in the development pipeline, while also building confidence in how to threat model.

== Course Overview ==

If you are a software, DevOps, QA or security engineer and want to learn how to threat model API’s in AWS this course is for you. This course will cover the what, why, when, and how of threat modeling applications in your organization. The bulk of this course will be based on the book ''[https://www.amazon.com/dp/B00IG71FAS Threat Modeling: Designing for Security],'' by Adam Shostack, and will leverage a variant of the ''[https://www.microsoft.com/en-us/download/details.aspx?id=20303 Elevation of Privilege]'' card game.

I will also dive into the approach I have used, as a Security Engineer, to gain adoption from engineering teams. After gaining an understanding of threat modelling, we will dive into how we can automate security checks for an AWS environment — leveraging the AWS API tool to provide quick engineering feedback on ways to improve the security of their infrastructure. If time allows we will discuss the success with a monthly DevOps report on AWS, GitHub, Incidents, Security and more for each team in the department.

==Your Instructor==

'''Kendra Ash''' - Kendra is a security engineer at Vacasa, actively building a security team and programme by leveraging guidance from her network, and industry standards. She is energetic and cares deeply about safeguarding the end-user's data, through automation, collaboration, and encryption. Outside of work she participates in local meetups, coaches ski racing, and volunteers for her local search and rescue team.

OWASP NZ Day 2020-Training-Security Uno - Revision history

John dileo: Created page with "__NOTOC__ =Security Uno: A Fun Way to Threat Model= '''Half-Day Interactive Training -- OWASP New Zealand Day 2020''' == Abstract == This course will cover the what, why,..."

John dileo: Created page with "NOTOC =Security Uno: A Fun Way to Threat Model= '''Half-Day Interactive Training -- OWASP New Zealand Day 2020''' == Abstract == This course will cover the what, why,..."