<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1919858758278392&amp;ev=PageView&amp;noscript=1">

Anne Oikarinen

Anne Oikarinen


Session Name: Continuous Threat Modeling – Identifying Security Problems In An Agile Way

Threat modeling is about identifying what bad can happen and what you can do about it. It can also find logical flaws and reveal problems in architecture or software development practices. These vulnerabilities cannot usually be found by security tools or even by penetration testers. Tools don't solve all our problems yet: we also need the human brain. The presentation covers various methods, such as evil user stories, for finding security and privacy threats. You will learn how to analyze your epics and user stories to continuously build a threat model that helps you identify what kind of security problems your system can face and what kind of protection you should design.

Speaker Bio:

Anne Oikarinen is a Senior Security Consultant who works with security and software development teams to help them design and develop secure software. Anne believes that cyber security is an essential part of software quality. After working several years in a security software development team in various duties such as testing, test management, training, network design and product owner tasks, Anne focused her career fully on cyber security. In her current job at Nixu Corporation, Anne divides her time between DevSecOps, cybersecurity exercises and writing about cybersecurity. Anne also has experience on incident response and security awareness after working in the National Cyber Security Centre of Finland. Anne holds a Master of Science (Technology) degree in Communication Networks and Protocols from Tampere University of Technology, Finland, and maintains the CISSP and GMOB certifications.