There are hundreds (if not thousands) of adversary groups out there, and it’s understandable if defenders sometimes feel like resistance is futile. Good news: you don’t have to defend against all of them! Even better news: there’s a simple way you can prioritize what adversaries you focus on and how you defend against them–threat modeling. This presentation will present a simple, practical threat modeling approach that any analyst or defender can use to get started figuring out what threats matter to their organization.
The presentation will start by acknowledging the many approaches to threat modeling that others have created, and then discuss why there’s confusion around it. The presentation will then explain four simple steps and practical actions that anyone can take to get started with threat modeling: know your organization, know your adversaries, match those up, and take action. The audience will leave with an understanding of how threat modeling can help any team prioritize what threats they care about and use that to improve their organization’s defenses.
Katie Nickels (@likethecoins) is a Principal Intelligence Analyst with Red Canary and a SANS Instructor for FOR578: Cyber Threat Intelligence. She has worked in network defense, incident response, and cyber threat intelligence for over a decade, including in her prior role as the Threat Intelligence Lead for MITRE ATT&CK. Katie has shared her expertise with presentations at Black Hat, SANS Summits, and other events. She is also a Co-Chair of the SANS CTI Summit and the FIRST CTI Symposium. Katie serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn about STEM.