📚 Just completed the 'Basics of Personal Threat Modeling' course by @privacyguides 🛡️
Threat modeling is crucial because it helps identify and prioritize the most probable security and privacy risks. It enables focused resource allocation, tailored defenses, and heightened awareness.
I recently saw a conversation between two people I respect that ended poorly. This being a social platform, shortage of mutual understanding is not surprising. Most of the time, I just back away slowly, but this time, the topic is important enough, and I think I can see a framing that can help make conversations about it less antagonistic.
I spelunked into steganography to create a new feature in https://www.deciduous.app/ that lets you reimport PNGs and SVGs of your decision trees to derive the underlying YAML.
Deciduous now also sports a CLI (so you can #npm install it), and a bunch of lil things @shortridge and I added towards the goal of fast, easy, collaborative #threatmodeling of potential failures.
Today we worked on comments (some were toughies) from 8 readers/reviewers of our LLM architectural risk analysis (ARA) draft. BIML plans to release this work 1.24.24
I can't believe that this is still a thing, but if your risk model is noticeably impacted by the adversarial capability of writing an email in the English language then I'm pretty sure your threat model is already broken.
The #MATCH webinar will begin in 5 minutes:
Machine learning #ML
Artificial intelligence #AI
Threat modeling #threatmodeling
Compliance
How the heck these link together #MLsec#swsec
I plan to "live toot" this morning's #MLsec#swsec#ML#AI#threatmodeling webinar beginning at 11am NY time (4pm London time) with my @cigitalgem identity. Feel free to follow along using the hashtag #MATCH.
With the rise of AI, ML, and increasing compliance demands, the future holds exciting challenges. While we may not have a crystal ball, we've assembled a panel of experts to share their thoughts including Dr Gary McGraw, Stephen de Vries, Siebe De Roovere & Neil Serebryany
Join our webinar to learn just how the heck all of this fits together! https://lnkd.in/eq23dZ8M
I just remembered that @thegrugq let me rant into a larger void about poor #AI#threatmodeling a while back and I should just tap the sign now and then instead of wasting cycles on repeating myself.
I had a great time with Chris Romeo on his podcast, “The Threat Modeling Podcast.” I’m honored to be featured on one of his first episodes and would highly recommend anyone with an inkling of an interest in threat modeling check out his work.
We dive deep into the Four Questions framework and explore the meaning and purpose, simplifying the threat modeling process.
Lean into these four questions, and you might just become a threat modeling Jedi! ⚔️
I run Systems Structure Ltd., a US consultancy that provides fractional CISO services for pre-A to post-C round #startups, along with #threatmodeling training and #securityarchitecture reviews.
I've been working in #security since 2003 and did a spell in NGOland from ~2011 to 2016, working with NGOs and news organizations targeted by states and on tools they use, including the #briar messaging app. The field work I did then fundamentally reshaped my approach to security, and I recommend that everyone in the field learn about the reality of being a high-risk user.
I live in #Helsinki the days, although in the before times (and hopefully soon again) I spent a fair bit of time in #NYC and #London. I run a #queer performance space out of my home, along with my partner, called The Attic (@theatticfi on insta), where we make space for #drag, #burlesque, #performanceart, and music, along other things. Before I moved here, I spent six or so years traveling full time.
I have written various essays over the years, which you can see on dymaxion.org, and I'm slowly writing a book. While security pays the bills, I spend a lot of my time thinking about #complexsystems, and in particular how the human and technical bits mesh, how they fail, and how to redesign them to fail better. In practice, this has meant everything from consulting on a constitution to thinking about what comes after the #climate apocalypse. The "recruiting barbarians" in my bio refers to being more comfortable outside of institutions, but I'm starting to think more about community and infrastructure building now that I live somewhere.
I'm also an #artist; I paint and am slowly learning my way around a #synthesizer, and I've been accused of being an #architect. I'm active in the #nordiclarp scene, where we take larp serious as a dramatic form and do everything from a reworking of Hamlet played at the actual Elsinore castle to a larp about the early days of the HIV crisis. I'm primarily a theorist and critic there, as well as player, and I've edited two books and written a number of essays. Nordic larp has the best toolkit I've seen anywhere for analyzing the human parts of complex systems and especially for building new systems; it's heavily influenced my security work, along with my #designfutures thinking.