Build Systems that Drive Business
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Attack trees: Security modeling for Agile teams

Michael Brunton-Spall (Bruntonspall Ltd)
1:30pm–5:00pm Tuesday, June 12, 2018
Location: LL21 E/F Level: Non-technical
Secondary topics: Systems Architecture & Infrastructure

What you'll learn

  • Learn a new approach to reviewing systems along with real-life examples to help you prioritize where to focus security efforts

Description

Agile software development and security often don’t seem to be good bedfellows. Many traditional security methodologies for analyzing risk and threats are based on old military or government development methodologies, which are slow to change and well documented. In addition, these approaches to threat and risk management are highly optimized to work within a traditional software development lifecycle.

Michael Brunton-Spall shares a new approach to reviewing systems along with real-life examples to help you prioritize where to focus security efforts and what sorts of security threats you should worry about. This methodology has been trialed, adopted, and used in the UK government under the auspices of the Government Digital Service for Agile programs and in the National Center for Cyber Security from a security perspective. Join in to learn how to approach your system in a new way, how to think like an attacker, how to document, evaluate and rate threats, and how to communicate it effectively to both the team and to senior leadership.

Photo of Michael Brunton-Spall

Michael Brunton-Spall

Bruntonspall Ltd

Michael Brunton-Spall is an independent security consultant. Previously, Michael was deputy director for technology and operations and head of cybersecurity at the UK Government Digital Service and held a number of jobs ranging from creating low-level embedded hardware to gaming development on consoles to scaling and operating the Guardian newspaper. He is a regular conference speaker, the author of Agile Application Security, and an enthusiastic Agilist and security geek.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)