Training Session Video
Notable logs from the chat during the session
14:24:16 From Mario : I’ve been teaching both RTMP and LINDDUN GO with my customers
14:24:31 From Mario : On the same sessions. Gives everyone vocabulary to discuss both problem spaces :)
14:26:08 From Mario : Agree with respect to LINDDUN, as it’s a “hard” modelling technique
14:26:12 From Mario : But LINDDUN GO is easier
14:26:31 From Didar Gelici : because it is gamified?
14:26:58 From Mario : yes, and the cards themselves have all the basic INFO to understand it and real world examples to make them clear
14:27:44 From Didar Gelici : as opposed to Elevation of Privacy game
14:29:37 From Didar Gelici : privacy… i meant privilege
14:30:11 From Avi Douglen : actually, Elevation of Privacy sounds like a killer game
14:30:31 From Avi Douglen : maybe an expansion pack… inapp DLC?
14:34:17 From Mario : An online game would be brilliant
14:34:28 From Mario : someone should suggest that to Kym
14:34:52 From Mario : She was kind enough to send me a deck of the actual cards
14:35:25 From Avi Douglen : or talk to https://eopgame.herokuapp.com/ for an expansion :-)
14:43:46 From Didar Gelici : https://github.com/geoffrey-hill-tutamantic
14:43:56 From Didar Gelici : https://github.com/geoffrey-hill-tutamantic/rapid-threat-model-prototyping-docs
14:44:58 From Didar Gelici : Prerequisites for using Tutamantic: RTMP
14:45:23 From Didar Gelici : draw.io
14:45:27 From Didar Gelici : knowledge in STRIDE
14:45:57 From Didar Gelici : stakeholders
14:54:38 From Didar Gelici : 50 uploads each for a limited time for people who email geoff.hill@tutamantic.com
14:56:14 From Didar Gelici : “Threat model game”
15:00:13 From jbi zoom1 : James Veitch for some security related humour
15:01:17 From Didar Gelici : Takeaway’s for Geoff: instructions to the game > Avi
15:01:25 From Didar Gelici : Mario’s fork
15:01:53 From Didar Gelici : Wallaby’s STRIPED
15:01:59 From Didar Gelici : Zone vs Criticality
Why
When choosing a threat model tool, you first need to know what the tool can and cannot do. In order to facilitate this we are organising a number of demonstrations of tools, each 30 minutes long.
What
Tool 1: A Pythonic framework for threat modeling by Izar https://github.com/izar/pytm
Tool 2: TENTATIVE by zeroXten https://threatspec.org/
Outcomes
A recording of the functionalities at the moment of the summit
Who
Back to list of all User Sessions