Header image

Session 3.6e Tutorial: An Introduction to Threat Modelling

Tracks
Thursday, February 24, 2022
1:30 PM - 2:30 PM
Sutherland Theatrette

Speaker

Agenda Item Image
Mr Edward Farrell
Director | Principal Consultant
Mercury ISS


ABSTRACT
The purpose of this tutorial is to provide an overview of tools, techniques and processes to conduct threat modelling. Whether it's a whole organisation and specific project, the role of threat modelling is to provide clarity as far as the stakeholders risk appetite and prioritisation. This ensures that resources can be effectively applied to projects and that priority information requirements and sustainment are established.
Activities that will form part of this tutorial include: 1) Introduction to threat modelling and overview (40 minutes) 2) Teams mind map of a target environment or project (test projects will be provided) (40 minutes) 3) Unclassified Brief on established threats and threat communities incorporating active discussion amongst the participants (40 minutes) 4) Initial mapping of threats to target environments (30 minutes) 5) “Mad minute” presentations and follow on discussions about threat models presented (30 minutes and beyond)
By the end of this tutorial, attendees will have an appreciation of the threat modelling process as a framework to shape and inform their cyber security requirements.
Edward Farrell & Daniel Ting are security consultants with Mercury Information Security Services (Mercury). Having over 10 years experience in cyber security, Ed & Dan bring a detailed understanding of the threat and technology environment that grounds the industry.
BIOGRAPHY
Edward Farrell is a security consultant with over eleven years experience in information security and seventeen years experience in the IT industry. As the director of Mercury, he has conducted and overseen the delivery of over 500 independent cyber security audit activities and incident responses in the past six years. Edward Is an Army Reservist, Industry Fellow at the Australian Defence Force Academy, and an advisor to several cyber security start ups.
Mr Daniel Ting
Senior Consultant
Mercury ISS


BIOGRAPHY
Living at the intersection of technical security, trust, customer experience, and entrepreneurship, Daniel spends his days helping organisations such as Government agencies, banks, startups and non-profits secure themselves in cyberspace both in his role as a senior consultant as well as in his spare time. In the pursuit for continued growth through collaboration, Daniel is heavily involved in co-organising the OWASP AppSec Day conference, co-leading the OWASP Melbourne Chapter, and co-organising the monthly technical security meetup SecTalks Melbourne. Daniel has also played a formative role in the development of several cyber security policies and standards.
loading