Security & PrivacyConference45min
A door with no locks? Let’s talk about threat modeling
This talk advocates integrating threat modeling into the early stages of product design, involving developers directly rather than leaving it to security experts alone. By demystifying the process and emphasizing collaboration, it aims to prevent security oversights and make building secure applications a shared, proactive effort.
Barbara Teruggi
Threat modeling isn’t exactly a new concept, but it has recently become a must-have in product design. With cybersecurity threats on the rise and the pressure to deliver faster, security often ends up on the back burner—usually discovered during QA or, worse, after the code is already out the door. At that point, it’s either a headless-chicken chase to fix things or a recipe for disaster.
Developers are the ones who really know how applications are supposed to work, so security needs to be part of the conversation from the start. Yet, for some reason, threat modeling is still seen as a "cybersecurity expert-only" club.
In this talk, I’ll walk through the threat modeling process, highlight key risk concepts, and show how we can all work together to avoid those "oops" moments. Because, honestly, building secure applications is way more fun when we’re all in it together!
Developers are the ones who really know how applications are supposed to work, so security needs to be part of the conversation from the start. Yet, for some reason, threat modeling is still seen as a "cybersecurity expert-only" club.
In this talk, I’ll walk through the threat modeling process, highlight key risk concepts, and show how we can all work together to avoid those "oops" moments. Because, honestly, building secure applications is way more fun when we’re all in it together!
Barbara Teruggi
Originally from Argentina, I've been living in the Barcelona area for +20 years. Started in the IT world in 2006, building my career within the Finance and Insurance business. My path started as a developer in different areas (business oriented and also more technical tasks). I have also been working on development support and a brief DevOps period, until my current position as a Security Architect.
In my free time I enjoy music, reading, climbing, pilates, traveling, socializing and spending time with my dog.
In my free time I enjoy music, reading, climbing, pilates, traveling, socializing and spending time with my dog.
comments.speakerNotEnabledComments