Spring Ahead with Threat Modeling!!!
Topic: Threat Modeling for Audit & Risk Teams
Presented by Max Aulakh
Time: Doors open at 7:30 AM. Class is 8:00 AM - 5:00 PM
7 CPE's
Breakfast, lunch and snacks will be provided
Ticket Prices:
Members - $100.00
Non-Members - $140.00
Students - $25.00
EXECUTIVE SUMMARY:
This seminar will discuss basics and advance topics around threat modeling. Audience will learn information and formal methodologies behind threat modeling. The course content will cover topics such as developing a working relationship with high performing software engineering teams, architects and how to build a useful threat model that will enable existing SDLC policies and procedures that audit teams most often audit against. The classroom participants will develop a threat model using a simulated environment and application. This course will assist the IT Auditor and Security Risk Assessor in their day to day work when working with software teams, threat management and attack surface management teams.
KEY HIGHLIGHTS:
- Threat Modeling, Purpose, Definitions and History
- Threat Modeling Foundations
- When to use a Threat Model?
- SDLC
- Operational environment
- Others (Attack Surface, Agile Threat Modeling, etc.)
- Methodologies & Frameworks
- Abuse Case Development
- STRIDE
- Application Development Environment Review
- Dev Team Operations
- Planning, Requirements, Designing, Building, Testing & Deployment
- Scaling Threat Modeling Operations
- Things to look for when auditing/assessing
- How to assign risk to findings
- Remediation
SPEAKER BIO:
Max Aulakh, MBA, CISSP, PMP, CSM, Linux+, Security+, Network+, ITIL. Max Aulakh a Managing Director at Ignyte Assurance Platform – a software platform designed to meet the needs of modern GRC and IRM teams. He was formally trained in security by the US. Airforce by performing mission critical security work across the Middle East (Iraq, Afghan, etc..) in areas of classified computing, COMSEC management, Crypto management for various agencies (NSA, NGA, NRO, etc..) and military units. After leaving the USAF, Max worked in the industry leading a team of security consultants that helped datacenters successfully pass Air Force Level Security audits for HIPAA, SOX, FedRAMP and FISMA Regulatory requirements. He now serves as Chief Product Officer at Ignyte Assurance Platform focused building new capabilities and use cases for audit & risk teams. His experience is supplemented by formal graduate education (MBA) from Wright State University, B.S Information Security/Computer Science – American Military University along with several industry certifications.
AGENDA:
7:30am - 8:00am - Registration, Continental Breakfast
8:00am - 12:00pm - Introduction of the Speaker and Initiation of the presentation
Breaks will be as often as needed or at breaks in the presentation
12:00pm – 1:00pm – Lunch
1:00pm - 5:00pm - Afternoon presentation / Closing / Survey
Registration details coming soon!