SPEAKER
Roy Harrow
AGENDA
18:00 - Refreshments and networking for those in person
18:30 - Presentation – Roy Harrow, Chair of the BCS DevSecOps Group
19:30 - Q&A
20:00 - Light refreshments for those who are able to attend in person
20:30 - Close
SYNOPSIS
This event will introduce the topic of Threat Modelling and show how it forms an essential part of the "shift-left" philosophy and practice of DevSecOps processes in support of modern applications development. In fact if could be said that Threat Modelling is key to any successful secure development life-cycle (SDLC). The cloud threat landscape and some common challenges will be reviewed to help explain the need for a structured approach to understanding the risks early when creating new cloud applications. An introduction to the well-established STRIDE framework for threat modelling will be used with some other techniques for helping to identify and assess potential risks for cloud applications. Reference will be made to useful resources to apply these processes. As many threat modelling techniques are based on the analysis of process flow diagrams, some common freely available tools will be demonstrated with examples covering a number of cloud deployments, such as IaaS, PaaS, SaaS and serverless scenarios. Best practices will be discussed with links to important online resources from organisations such as OWASP and the Cloud Security Alliance (CSA). This event will be useful for anyone creating new cloud applications and anyone working in DevOps, DevSecOps or other Information Security role supporting cloud implementations.
SPEAKER BIOGRAPHY
Roy Harrow is the Chair of the DevSecOps BCS Group and has worked in a wide range of roles in information technology and information security. His experience includes financial services, public sector work, security consulting and security architecture. Roy is currently working for Sainsbury's in a cloud security role as part of the information security team.
