The concept of writing safer, more resilient software against the threat landscape of today is a daunting task. Especially when tight budgets and deadlines are constantly under pressure and the rapid adoption of faster release cycles makes it far too easy to 'skip' thinking about the security of the systems and data we rely on to deliver our software. In this session, Dana will introduce threat modeling in a way to help you educate your developers and DevOps on how to look for threats and how to think like an attacker, all while having a bit of fun. From learning how to draw developers in with gamification using a simple card game called 'Elevation of Privilege' that focuses on identifying threats in your software to leveraging free tools published by Microsoft to aid you in documenting and responding to such threats, you will walk away with a better understanding of how to look at your software more defensively. Practical exercises and real world discussions will strengthen the presentation and re-enforce the learning objective... to write safer, more secure software in every sprint.
Speaker: Dana Epp
Dana Epp is a serial entrepreneur founding several security-based software technology companies that he has taken public or sold through acquisition. He has a passion for the startup growth mindset and believes that there aren't challenges in every opportunity, but opportunities in every challenge. Everything is impossible until someone does it. Dana has been awarded the distinction by Microsoft as an Enterprise Security MVP for over 14 years and has been a Microsoft Regional Director for 4 years, focusing on the convergence of writing and deploying secure software. He is an Azure Advisor for Microsoft offering suggestions, guidance and recommendations to Microsoft's Azure strategy around technologies like cloud identity and security, containerization and serverless computing