Threat Modelling in the Cloud: Tools, Frameworks and Live Demos

SPEAKER

Roy Harrow

AGENDA

18:00 - Refreshments and networking for those in person

18:30 - Presentation – Roy Harrow, Chair of the BCS DevSecOps Group

19:30 - Q&A

20:00 - Light refreshments for those who are able to attend in person

20:30 - Close

SYNOPSIS

This event will introduce the topic of Threat Modelling and show how it forms an essential part of the "shift-left" philosophy and practice of DevSecOps processes in support of modern applications development. In fact if could be said that Threat Modelling is key to any successful secure development life-cycle (SDLC). The cloud threat landscape and some common challenges will be reviewed to help explain the need for a structured approach to understanding the risks early when creating new cloud applications. An introduction to the well-established STRIDE framework for threat modelling will be used with some other techniques for helping to identify and assess potential risks for cloud applications. Reference will be made to useful resources to apply these processes. As many threat modelling techniques are based on the analysis of process flow diagrams, some common freely available tools will be demonstrated with examples covering a number of cloud deployments, such as IaaS, PaaS, SaaS and serverless scenarios. Best practices will be discussed with links to important online resources from organisations such as OWASP and the Cloud Security Alliance (CSA). This event will be useful for anyone creating new cloud applications and anyone working in DevOps, DevSecOps or other Information Security role supporting cloud implementations.

SPEAKER BIOGRAPHY

Roy Harrow is the Chair of the DevSecOps BCS Group and has worked in a wide range of roles in information technology and information security. His experience includes financial services, public sector work, security consulting and security architecture. Roy is currently working for Sainsbury's in a cloud security role as part of the information security team.

Our events are for adults aged 16 years and over.

BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today:

https://www.bcs.org/membership/events

If you are attending in person, please familiarise yourself with the Visitor Instructions for the BCS London Office.

Please note, if you have any accessibility needs, please let us know via groups@bcs.uk and we’ll work with you to make suitable arrangements.

For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.

THIS EVENT IS BROUGHT TO YOU BY:

DevSecOps Specialist Group