Threat Modeling A Practical Guide for Development Teams

Discover different techniques available today to perform threat modeling in your development process. Threat modeling helps software architects and developers determine what could possibly go wrong with a system under development before code is ever written. With this practical guide, you'll learn the most effective ways to integrate threat modeling into the development lifecycle, with actionable information whether you're following a waterfall or agile methodology.

Learn the current state of the threat modeling practice
Explore the security development lifecycle used in several organizations
Get help for threat modeling issues you discover in the field
Integrate threat modeling with your current development technologies
Learn practical ways to ensure that threat modeling doesn't affect the velocity of agile teams

Izar Tarandach is Lead Product Security Architect at Autodesk, Inc. Prior to this, he was the Security Architect for Enterprise Hybrid Cloud at Dell EMC, and before that he was a Security Consultant at the EMC Product Security Office. He is a core contributor to SAFECode and a founding contributor to the IEEE Center for Security Design. He holds a master's degree in Computer Science/Security from Boston University and has served as an instructor in Digital Forensics at Boston University and in Secure Development at the University of Oregon.

Matthew Coles is the product security leader at Bose Corporation, where he leverages over 15 years of product security and systems engineering experience to enable teams to build security into the products and personalized experiences Bose delivers to customers worldwide. Prior to that he was lead product security architect for analog devices, and consulting product security architect at EMC. He has been a technical contributor to community standard initiatives such as ISO 27034, CVSS version 3, and the CWE/SANS Top 25 project. He holds a master's in computer science from Worcester Polytechnic Institute, and has previously served as an instructor in software security practices at Northeastern University.