Matthew Coles
Izar Tarandach
Threat Modeling is, at its root, a combination of two separate disciplines: system modeling and threat elicitation (and then a bit of risk management, but that’s another talk). In the last few years the industry has focused mostly on the second part, threat elicitation, and rare was the analysis of the successes and failures of system modeling. Co-authors and members of the Threat Modeling Manifesto Group, Matt & Izar offer a view from the threat modeling pit of why sometimes developers won’t model for threats, what can be done differently, and a view of their pytm tool as a collaborative (remote) system modeler tool with a threat elicitation cherry on top.
Izar Tarandach
Izar Tarandach, a curious threat modeler