EQS 5: Nov 2024 PDM – Securing the Pipeline: Threat Modeling in Modern CI/CD

Welcome to our Enlightening quarterly series (EQS) #5. This quarter’s theme is “Securing the Pipeline: Threat Modeling in Modern CI/CD,” focusing on Threat Modeling 

In this three-month Enlightening Quarterly Series (EQS), we explore the critical role of threat modeling in enhancing security across the Continuous Integration and Continuous Deployment (CI/CD) pipeline. Each month, we dive deeper into the concepts and frameworks, starting with the fundamentals of threat modeling and its importance in modern cybersecurity. The series will also cover hands-on demonstrations of various threat modeling methodologies, including STRIDE, DREAD, and PASTA, while addressing real-world use cases in cloud and application security.

Program Details

Date: Saturday November 9 2024
Mode: Virtual
CPE 2:00 Hours

Agenda

17:00 - 17:15: Virtual Networking 
17:15 - 17:18: Welcome by ISACA Chennai Chapter Director Programs
17:18 - 17:35: Monthly Security News Round Up by ERT Volunteer
17:35 - 17:40: Chapter Updates & Speaker Introduction
17:40 - 18:50: Comprehensive Threat Modeling: Hands-On Exploration of STRIDE, DREAD, and PASTA with Essential Tools, by  Vimalaasree Anandhan
18:50 - 19:00: QnA

Description: Exploring Threat Modeling: Frameworks, Methodologies, and Essential Tools

This session provides an in-depth overview of various threat modeling frameworks, offering participants valuable insights into identifying and mitigating security threats.

Agenda:

• STRIDE Framework: An exploration of the STRIDE methodology, delving into its six core components—Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Discover how each element contributes to a structured approach in identifying potential threats.
• DREAD and PASTA Frameworks: Understand the DREAD framework and its application in risk assessment, as well as an introduction to PASTA (Process for Attack Simulation and Threat Analysis) for a strategic, attack-based approach to threat modeling.
• Threat Modeling Tools: An overview of popular tools, including the Microsoft Threat Modeling Tool and OWASP Threat Dragon. This segment will showcase how these tools facilitate structured threat modeling across various use cases.

Speaker Details: Vimalaasree Anandhan

Vimalaasree is a Cybersecurity Leader at Poshmark India with nearly two decades of expertise in application and cloud security, as well as DevSecOps practices. She oversees security operations, governance, risk management, and compliance, ensuring a robust security posture for the organization. Her focus includes securing applications, mitigating vulnerabilities, and building resilient systems.
She has previously held key positions at Ernst & Young (EY), Tata Communications, Cognizant, and BNY Mellon, where she significantly advanced cybersecurity measures.
She holds a Master’s in Science and a Bachelor’s in Engineering, along with several industry-recognized certifications in cybersecurity and risk management.
She is a member of many vibrant cybersecurity communities like ISACA, ISC2, WiCyS and serves as the President of NexGenCyberWomen, a community dedicated to empowering women cybersecurity.