Becoming the Godfather of Threat Modeling
10-17, 10:00–14:00 (America/New_York), Track 3 (205AB)
Language: English

This session’s header image

In the world of cybersecurity there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s too late… or before they even think about making a move you can take the control over and see everything coming from miles away. In this session, you’ll dive deep into the art of threat modeling—an essential skill that allows you to anticipate risks, identify vulnerabilities, and develop a proactive defense strategy.

Mike will guide you through the process and show you why threat modeling is an offer you simply can’t refuse. You’ll learn how to analyze threats with precision, build effective threat scenarios and develop a mindset that stays one step ahead of the attackers. Ultimately you won’t only understand threat modeling—you’ll lead it with confidence.

Join Mike in the family business, hone your expertise and become the Godfather of Threat Modeling. In this game only the wise and the prepared will survive.

  1. Introduction to Threat Modeling
    What is threat modeling?
    Key concepts and goals
    The role of threat modeling in modern development and security

  2. Why and When to Use Threat Modeling
    The importance of proactive security
    Business and technical benefits
    When to apply threat modeling in a project lifecycle

  3. Threat Modeling in Agile Environments
    Integrating threat modeling into agile workflows
    Balancing speed and security
    Best practices for iterative threat assessments

  4. Who Can Perform Threat Modeling?
    Roles and responsibilities in an organization
    Collaboration between security, development, and operations teams

  5. Writing Effective Threats (+ Hands-on Exercise)
    How to document threats clearly and effectively
    Examples of well-structured threats
    Common pitfalls and how to avoid them

  6. Requirements for Effective Threat Modeling
    Prerequisites for successful implementation
    Tools and frameworks

  7. Deep Dive: STRIDE Threat Modeling (+ Hands-on Exercise)
    Understanding STRIDE methodology
    Applying STRIDE to real-world scenarios

  8. Deep Dive: PASTA Threat Modeling (+ Hands-on Exercise)
    Understanding PASTA methodology
    Applying PASTA to real-world scenarios

  9. Applying Threat Modeling in a Practical, Low-Key Manner
    Simple strategies to start threat modeling immediately
    Lightweight approaches for quick security wins
    Tips for small teams or limited resources

  10. Threat Modeling as Code
    Automating threat modeling in CI/CD pipelines
    Available tools and frameworks
    Best practices for integrating security into Dev(Sec)Ops

  11. Q&A and Closing Remarks
    Recap of key takeaways
    Open discussion and questions
    Next steps for participants
Mike van der Bijl

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force.

For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, busines