Using Threat Modeling to Harden Your Identity Infrastructure presented at BSidesColumbus 2020

by Jerod Brennen,

Summary : How many “compliant” organizations have suffered a publicly disclosed data breach? While compliance can be a useful step toward securing your organization, history has shown us that attackers aren’t overly concerned with your compliance efforts. If you want to gain deeper insights into attackers, their techniques, and where they’re most likely to strike, then you should give threat modeling a go. Where better to start than with the targets that attackers are going after time and again: your identities. In this talk, we’ll discuss a practical approach to threat modeling with a focus on your identity infrastructure.