Christoph Niehof
In his role as a Senior Consultant at TNG Technology Consulting, Christoph Niehoff develops software products for his clients on a daily basis. As a full-stack developer, he lives and breathes DevOps, overseeing all steps of the development cycle. The security of the products is particularly close to his heart. He is the project lead of the threat modeling card game OWASP Cumulus.
Session
DevOps processes transfer security responsibility to development teams. But how can developers handle that additional task?
Threat Modeling is a structured approach to identifying security problems early, spreading security knowledge across teams, and communicating risks in a way that is accessible to management. In this workshop, we explore lightweight Threat Modeling approaches tailored to DevOps workflows. We also show how gamification can lower the barrier to entry for teams without a strong security background.
We will look at:
* What is Threat Modeling?
* Basic Threat Modeling with STRIDE
* Gamification
* Hands-on Threat Modeling with OWASP Cumulus for a cloud-native scenario
* What's next? Risk, processes, and beyond
Attendees will leave with practical tools and techniques they can immediately apply in their own teams.