Dan Horovitz
Intel (Israel)
Threat modeling for validation experts
When it comes to security validation, threat modeling (TM) might be considered as a black-box but the opposite is the right approach. Validation experts and validation architects should be involved in the threat model activity to learn about the threats and mitigation for a product. Validation involvement in the threat modeling activity improves its outcomes and fine tune the security objectives of the product. Once a threat model is developed, it helps deciding the appropriate level of testing to achieve a certain level of cybersecurity assurance. It is the main source for defining the security and privacy test strategy and deriving a test plan to cover the defined mitigations that are set to achieve the product security and privacy objectives.
If your organization does not do threat modelling yet, this talk will help you, the validation expert, in taking the first steps to close this gap.
Dan Horovitz is an experienced Security Researcher, with over 20 years of multidisciplinary security research, security product development and management experience. Dan worked at Intel, McAfee, Checkpoint as well on several security startups for the last 15+ years, doing security product development as well as security assurance, security code review, architecture and design review and security validation. Dan is a life-long hacker, security advocate, he has always had a passion for deconstructing technology, particularly since getting his first Commodore64 at the age of 7 teaching himself BASIC programming. In his career, Dan has a passion for product security assurance, security architecture, security development and security validation. Dan holds M.Sc & B.Sc in computer science and MBA from BGU and he’s CISSP certified, in Intel he reached the 3rd the Black Belt Security that is the highest Intel security certification. Dan has authored several patents on privacy and security enhancements and presented papers in different conferences such: iSecCon, SWPC, DTTC, Intel TechWeek, QA&TEST, INCOSE and MPower.