EQS 5: Oct 2024 PDM – Securing the Pipeline: Threat Modeling in Modern CI/CD

Welcome to our Enlightening quarterly series (EQS) #5. This quarter’s theme is “Securing the Pipeline: Threat Modeling in Modern CI/CD,” focusing on Threat Modeling 

In this three-month Enlightening Quarterly Series (EQS), we explore the critical role of threat modeling in enhancing security across the Continuous Integration and Continuous Deployment (CI/CD) pipeline. Each month, we dive deeper into the concepts and frameworks, starting with the fundamentals of threat modeling and its importance in modern cybersecurity. The series will also cover hands-on demonstrations of various threat modeling methodologies, including STRIDE, DREAD, and PASTA, while addressing real-world use cases in cloud and application security.

Agenda

17:00 - 17:15: Virtual Networking 
17:15 - 17:18: Welcome by ISACA Chennai Chapter Director Programs
17:18 - 17:35: Monthly Security News Round Up by ERT Volunteer
17:35 - 17:40: Chapter Updates & Speaker Introduction
17:40 - 18:50: Introduction to Threat Modeling and Risks in the CI/CD Pipeline, Vimalaashree Anand
18:50 - 19:00: QnA

Description Introduction to Threat Modeling and Risks in the CI/CD Pipeline Objective: Familiarize participants with the concept of threat modeling, its importance, and highlight risks in the CI/CD pipeline.

• Introduction to Threat Modeling

  • What is Threat Modeling?
  • Key concepts: assets, threats, vulnerabilities, and controls
  • Why is it important in modern cybersecurity?
  • Introduction to common threat modeling frameworks (STRIDE, DREAD, PASTA)

• Threats in the CI/CD Pipeline

  • Overview of the CI/CD pipeline and its stages (development, testing, deployment)
  • Identifying critical security risks in the CI/CD process
  • Key vulnerabilities that threat modeling helps uncover in CI/CD

• Threat Modeling Techniques for CI/CD

  • Mapping threats in the pipeline
  • How to use threat modeling to strengthen security in each stage of the pipeline

Speaker Details: Vimalaasree Anandhan

Vimalaasree is a Cybersecurity Leader at Poshmark India with nearly two decades of expertise in application and cloud security, as well as DevSecOps practices. She oversees security operations, governance, risk management, and compliance, ensuring a robust security posture for the organization. Her focus includes securing applications, mitigating vulnerabilities, and building resilient systems.
She has previously held key positions at Ernst & Young (EY), Tata Communications, Cognizant, and BNY Mellon, where she significantly advanced cybersecurity measures.
She holds a Master’s in Science and a Bachelor’s in Engineering, along with several industry-recognized certifications in cybersecurity and risk management.
She is a member of many vibrant cybersecurity communities like ISACA, ISC2, WiCyS and serves as the President of NexGenCyberWomen, a community dedicated to empowering women cybersecurity.