HOW TO Threat Model Digital Applications in Cloud
Cloud Security Podcast21 Elo 2022

HOW TO Threat Model Digital Applications in Cloud

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jeevan Singh (Jeevan's Linkedin) about Threat Modelling STRIDE Threat Modelling can be used for self service Application running in Cloud and allowing Security Teams to go on holiday without worrying about Digital Supply Chain.

Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv

Host Twitter: Ashish Rajan (@hashishrajan)

Guest Twitter: Jeevan Singh (Jeevan's Linkedin)

Podcast Twitter - @CloudSecPod @CloudSecureNews

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- Cloud Security News

- Cloud Security Academy


Spotify TimeStamp for Interview Questions

(00:00) Ashish's Intro to the Episode

(02:15) https://snyk.io/csp

(02:40) Jeevan's Professional Background

(04:23) What is threat modelling

(05:35) Flicking the Threat Modelling switch

(06:47) Common AppSec Mistake

(09:58) What is Threat Modelling Important?

(11:46) Tainted Flow Analysis and Threat Modelling

(13:00) Where does this fit in CI/CD?

(14:25) Security Teams going on vacation made possible

(15:34) Impact of teaching developers how to run Threat Model

(16:33) First time running Observe Phase of Threat Modelling with Developers

(17:13) Developers are better at Threat Model than Security

(19:09) Level of programming expertise for Threat Modelling

(21:32) Fixing Threats vs Finding relevant controls for the threat

(22:00) Bad example of role of Threat Modelling in Business

(23:41) Should Threat Model be done in Dev?

(24:54) Example of Threat Model for an App hosted in Cloud?

(27:27) Threat Model Skeleton for Cloud Native Apps

(30:12) Does complexity increase with multi-cloud/hybrid environments?

(32:27) What’s involved in rolling a Threat model program in an organisation?

(36:26) Who is the minimum representation in Threat modelling session?

(38:30) Advice for folks who are starting threat modelling today in their organization

(41:59) Cultural Change required for Threat Modelling

(43:19) Example of getting Management agreement

(44:58) Jeevan's 4 Stage of Threat model talk - https://www.youtube.com/watch?v=DtvjJL8xcPY

(45:28) Time-boxing Threat Model Sessions

(48:21) Maintaining Quality of Risk identified during threat modeling

(50:21) Keeping developers updated on latest security vulnerabilities

(54:07) Jeevan’s Favourite Threat Model Type

(55:09) Where can people learn threat modelling?

(56:12) Fun Section

Jaksot(344)

Cybersecurity Best Practices and Password Security in Cloud and AI

Cybersecurity Best Practices and Password Security in Cloud and AI

We caught up with Troy Hunt and Scott Helme at NDC Security Oslo 2024 to talk about best practices when it come to decoding TLS, password security and data breaches in cloud and AI. Troy Hunt, known f...

26 Tammi 202429min

Multicloud strategy for AWS and GCP

Multicloud strategy for AWS and GCP

What is a good multicloud strategy in 2024? We spoke to Vivek Menon, CISO for Digital Turbine about the maturity and security capabilities of major cloud service providers, AWS and GCP. Vivek spoke ab...

19 Tammi 202427min

AI's Role in Security Efficiency - Kubernetes Edition

AI's Role in Security Efficiency - Kubernetes Edition

Dive into the world of AI and Kubernetes with Shopify's Shane Lawrence in this episode of the Cloud Security Podcast. Shane, shares his experience in the security team at Shopify and working on the in...

12 Tammi 202420min

Build an Effective AWS Cloud Security Program in 2024

Build an Effective AWS Cloud Security Program in 2024

How can you build a robust cloud security program in AWS, particularly as a startup and small to medium-sized businesses navigating AWS in 2024? We spoke to Chris Farris, who is the event chair for fw...

5 Tammi 202448min

Offensive Cloud Security Program for 2024

Offensive Cloud Security Program for 2024

Is Offensive Security part of your 2024 Security Roadmap? We caught up with Sam Kirkman, Director at NetSPI EMEA at BlackHat Europe 2023 about what an Offensive Security Roadmap going into 2024 should...

19 Joulu 202322min

Understand Your Cloud Security Landscape to cut through the noise!

Understand Your Cloud Security Landscape to cut through the noise!

Cloud Security environments looks very complex in 2023, and it will continue to evolve in 2024 now with AI. At AWS re:Invent 2023 this year, we sat down with Alex Jauch, Senior Director of Product Man...

15 Joulu 202327min

Kubernetes Security Trends 2024 | Software Supply Chain Security, Zero Trust and AI

Kubernetes Security Trends 2024 | Software Supply Chain Security, Zero Trust and AI

Kubernetes is shaping the future of cloud native technology with interest from security folks, businesses and developers - what does the future of Kubernetes Security look like? At Kubecon NA 2023, we...

14 Joulu 202333min

Kubernetes Network Security for Multi Tenancy

Kubernetes Network Security for Multi Tenancy

Kubernetes security explained : We spoke to Cailyn Edwards, CNCF Ambassador and Senior Security Engineer at Shopify. Interview was recorded at Kubecon NA 2023. We asked her about the complexities of K...

12 Joulu 202326min