Making Consistent STRIDEs with Threat Modeling Templates
2023-11-04 , TRACK 2

Do you find that security issues relating to configuration and design are only found once the product has been built? Are your cloud accounts alerting multiple failed best practice checks? This talk will look at how you can build your own template for Microsoft's Threat Modeling Tool to help ensure the right configurations and hardening are identified at the architectural design stage. The talk will also cover sources for threat information and best practice for different environments.

Andrea started practicing Information Security in the public sector, also holding the position of Data Protection Officer, and is currently a Lead Information Security Analyst with Sainsbury's where she works with squads of developers to ensure products are designed and delivered in line with company policy.