29 Jun 13:30 — 14:30
About the session
Threat Modelling is a valuable process that helps teams identify and act on structural vulnerabilities that allow unauthorised access. But security is not limited to intruder access. We can use similar processes to discover and share a product oriented view on a broad set of critical risks.
This session will provide a risk capturing game where attendees, in groups, can discover the key threats they need to manage.
Bring the story of your product, so that we can ask ‘what if’ and build less risky software.
This talk looks to tackle 2 challenges:
- Delivery discussions around Cross-Functional Requirements are often excluding of less-technical team members. They focus on ‘what’, not ‘why’. This often results in them not being supported and difficulties in prioritisation.
- Threat modelling is successful but focuses on a small section of the threats to our products and services.
The session will aim to be interactive throughout
- An appreciation for the value of sharing risks across the whole team
- Template and facilitation guide for building a risk log
- Hands-on practice asking `what if?` about your product or service
- A set of operational questions they can adapt and use to run sessions themselves
This session has:
- A session number cap: 25 participants
Themes: Facilitation, Practical, Communication, Risk, Quality