ISC2 Security Congress Talk and SIRACon

Today I spoke at the (ISC)2 Security Congress in Philadelphia, which is co-located with the ASIS International Conference. I talked about Behavioral Threat Modeling, which is my proposal for a better way of identifying security design flaws. I enjoyed the talk, and got several good questions at the end.

Although video of the talk is only available to conference participants, I’ve posted a copy of my slides below. For those who would like a copy of the Excel template I used for the Threat Profiles, I’m working on posting a copy here as well, but until then, please contact me and I’ll be happy to email you a copy.

Defending Against Attacks by Modeling Threat Behaviors

Sample Threat Profiles Excel template

If you happen to live in the Minneapolis / St Paul area, I’ll be giving the talk again at the local OWASP MSP chapter a week from today, on September 17. (It’s the same talk, we just had a problem getting the title right) The OWASP MSP group is fun, and I’m hoping I’ll get some hecklers.

Finally, here is a link to videos of all of the talks at SIRACon, including the talk I gave on Information Safety.

Update: I’ve posted both the slides, and the sample threat profiles, links above.