Dan Horovitz

Intel (Israel)

Threat modelling from zero to hero

Threat modelling is a core component of secure development lifecycle process for developing any secure system, it is definitely used by hackers, and it is a mandatory security activity for any product. It is an upfront view of a system to help identify potential issues from the start as opposed to attempting to bolt on security later. This four hours, introduction workshop will cover an approach for Software/Firmware threat modelling in a step-by-step process and allow the attendees to apply the material on a working example (Software/Firmware). This workshop explains the importance of threat modelling, reviews security terminology with examples that demonstrate various terms and how to use them, goes through the threat modelling stages and then uses an example of a SW/FW design to show how to go through all the steps with that design. It will explain the purpose of threat modelling and examine methods of system diagramming for threat modelling, identifying assets, attack surfaces and attackers and using this information to develop a listing of threats and associated mitigations. At the end of the workshop, if time allows, we will talk about using TM tools. The entire workshop emphasizes developing a security mindset.

Buy Tickets now
Dan Horovitz is an experienced Principal Security Researcher, worked at Intel, McAfee, Checkpoint as well on several security startups for the last 15+ years, doing security product development as well as security assurance, security code review, architecture and design review and security validation. Dan is a life-long hacker, security advocate, he has always had a passion for deconstructing technology, particularly since getting his first Commodore 64 at the age of 7 teaching himself BASIC programming. In his career, Dan has performed all forms of security assessments but given his developer and management background, he has a dedication to security architecture, security features development and security assurance. Dan has MBA & B.Sc in computer science from BGU and he's CISSP certified, reached the 3rd Black Belt Security in Intel, highest org. security certification. Dan has authored several patents on privacy and security enhancements and presented papers in different conferences such: iSecCon, SWPC, Intel System Engineer, Intel TechWeek, QA&Test, INCOSE and MPower